The Office of the Australian Information Commissioner (OAIC) was established on 1 November 2010 by the Australian Information Commissioner Act 2010.
All OAIC publications can be made available in a range of accessible formats for people with disabilities. If you require assistance, please contact the OAIC.
Date of initial publication: February 2014
With the exception of the Commonwealth Coat of Arms, and to the extent that copyright subsists in a third party, this report, its logo and front page design are licensed under a Creative Commons Attribution 3.0 Australia licence.
To the extent that copyright subsists in third party quotes and diagrams it remains with the original owner and permission may be required to reuse the material.
Content from these guidelines should be attributed as: Office of the Australian Information Commissioner, Australian Privacy Principles guidelines.
Enquiries regarding the licence and use of the guidelines are welcome at:
The Privacy Act 1988 (Privacy Act) s 28(1)(a) provides that the Australian Information Commissioner may make guidelines for the ‘avoidance of acts or practices that may or might be interferences with the privacy of individuals, or which may otherwise have any adverse effects on the privacy of individuals’. Additionally, s 28(1)(c)(i) provides that one of the functions of the Commissioner is to promote an understanding and acceptance of the Australian Privacy Principles (APPs) and the objects of those principles.
The Australian Privacy Principles guidelines (APP guidelines) outline:
- the mandatory requirements in the APPs, which are set out in Schedule 1 of the Privacy Act
- the Information Commissioner’s interpretation of the APPs, including the matters that the Office of the Australian Information Commissioner may take into account when exercising functions and powers relating to the APPs
- examples that explain how the APPs may apply to particular circumstances
- good privacy practice to supplement minimum compliance with the mandatory requirements in the APPs
The APP guidelines are not legally binding and do not constitute legal advice about how an entity should comply with the APPs in particular circumstances. An entity may wish to seek independent legal advice where appropriate.
The APP guidelines may be updated from time to time, including to take account of changes in the Privacy Act or other legislation, determinations made under s 52 of the Privacy Act and relevant tribunal and court decisions.
Prof. John McMillan
Australian Information Commissioner
- Chapter A: Introductory matters
- Chapter B: Key concepts
- Chapter C: Permitted general situations
- Chapter D: Permitted health situations
Part 1 — Consideration of personal information privacy
- Chapter 1: APP 1 Open and transparent management of personal information
- Chapter 2: APP 2 Anonymity and pseudonymity
Part 2 — Collection of personal information
- Chapter 3: APP 3 Collection of solicited personal information
- Chapter 4: APP 4 Dealing with unsolicited personal information
- Chapter 5: APP 5 Notification of the collection of personal information
Part 3 — Dealing with personal information
- Chapter 6: APP 6 Use or disclosure of personal information
- Chapter 7: APP 7 Direct marketing
- Chapter 8: APP 8 Cross-border disclosure of personal information
- Chapter 9: APP 9 Adoption, use or disclosure of government related identifiers
Part 4 — Integrity of personal information
- Chapter 10: APP 10 Quality of personal information
- Chapter 11: APP 11 Security of personal information
Part 5 — Access to, and correction of, personal information
- Chapter 12: APP 12 Access to personal information
- Chapter 13: APP 13 Correction of personal information
A comprehensive contents page appears at the beginning of each chapter of the APP guidelines.