Summary of version changes to APP guidelines
Publication date: 22 July 2019
The APP guidelines may be updated from time to time, including to take account of changes in the Privacy Act 1988 or other legislation, determinations made under s 52 of the Privacy Act and relevant tribunal and court decisions. Chapters of the APP guidelines are updated individually. This page contains archived versions of each chapter, and notes on the changes between versions for each chapter.
Chapters A to D
Chapter A: Introductory matters
Current version
1.2 |
22 July 2019 to ...
| Updated references to OAIC and external publications for new website launch |
Previous versions
1.1 |
1 April 2015 to 21 July 2019
| Inclusion of new [A.4] and [A.29]–[A.32] to explain that the APP guidelines may provide relevant guidance to Australian Capital Territory public sector agencies. |
1.0 |
21 February 2014 to 31 March 2015 | |
Chapter B: Key concepts
Current version
1.4 | 21 December 2022 to ...
| Updated for amendments to s 5B of the Privacy Act made by Privacy (Enforcement and Other Measures) Amendment Act 2022 (Cth) |
Previous versions
1.3 | 22 July 2019 to 20 December 2022 | Updated references to OAIC and external publications for new website launch |
1.2 |
1 April 2015 to 21 July 2019
| - Clarified the circumstances in which small business operators are treated as organisations and therefore APP entities ([B.7])
- Revised and expanded discussion about ‘carries on business in Australia’, a component of the test for whether an APP entity has an ‘Australian link’ ([B.13–B.21])
- Small clarifications to the discussion about ‘disclosure’, including the addition of a new footnote reference to an AAT decision ([B.64] and [B.68])
- Minor stylistic change ([B.104])
- Updated discussion about ‘sensitive information’ to explain that information may be sensitive information where it clearly implies one of the matters listed in the definition of ‘sensitive information’ in s 6(1) ([B.139])
|
1.1 |
1 March 2014 to 31 March 2015
| Amended text to reflect Privacy Act amendment to definition of sensitive information re; sexual orientation... [B.132] |
1.0 |
21 February 2014 to 28 February 2014 |
Chapter C: Permitted general situations
Current version
1.1 |
22 July 2019 to ...
| Updated references to OAIC and external publications for new website launch |
Previous version
1.0 |
21 February 2014 to 21 July 2019 | |
Chapter D: Permitted health situations
Current version
1.1 |
22 July 2019 to ...
| Updated references to OAIC and external publications for new website launch |
Previous version
1.0 |
21 February 2014 to 21 July 2019 | |
Chapters 1 to 6
Chapter 1: APP 1 Open and transparent management of personal information
Current version
1.1 |
22 July 2019 to ...
| Updated references to OAIC and external publications for new website launch |
Previous version
1.0 |
21 February 2014 to 21 July 2019 | |
Chapter 2: APP 2 Anonymity and pseudonymity
Current version
1.1 |
22 July 2019 to ...
| Updated references to OAIC and external publications for new website launch |
Previous version
1.0 |
21 February 2014 to 21 July 2019 | |
Chapter 3: APP 3 Collection of solicited personal information
Current version
1.1 |
22 July 2019 to ...
| Updated references to OAIC and external publications for new website launch |
Previous version
1.0 |
21 February 2014 to 21 July 2019 | |
Chapter 4: APP 4 Dealing with unsolicited personal information
Current version
1.1 |
22 July 2019 to ...
| Updated references to OAIC and external publications for new website launch |
Previous version
1.0 |
21 February 2014 to 21 July 2019 | |
Chapter 5: APP 5 Notification of the collection of personal information
Current version
1.2 |
22 July 2019 to ...
| Updated references to OAIC and external publications for new website launch |
Previous versions
1.1 |
2 March 2018 to 21 July 2019
| New reference to legislated family violence information sharing schemes in [5.7] |
1.0 |
21 February 2014 to 1 March 2018 | |
Chapter 6: APP 6 Use or disclosure of personal information
Current version
1.1 |
22 July 2019 to ...
|
Updated references to OAIC and external publications for new website launch
|
Previous version
1.0 |
21 February 2014 to 21 July 2019 | |
Chapters 7 to 12
Chapter 7: APP 7 Direct marking
Current version
1.1 |
22 July 2019 to ...
|
Updated references to OAIC and external publications for new website launch
|
Previous version
1.0 |
21 February 2014 to 21 July 2019 | |
Chapter 8: APP 8 Cross-border disclosure of personal information
Current version
1.1
|
22 July 2019 to ...
|
Updated references to OAIC and external publications for new website launch
|
Previous versions
1.1 |
1 April 2015 to 21 July 2019
| - Revised discussion of the circumstances where an APP entity may be taken to breach the APPs, when it provides personal information to an overseas contractor as a ‘use’, and the information is mishandled overseas ([8.15])
- Revised and expanded discussion about the circumstances in which the ‘international agreement’ exception in APP 8.2(e) applies ([8.47]–[8.51])
- Minor amendments to footnotes to correct website references ([8.1], [8.21])
|
1.0 |
21 February 2014 to 31 March 2015 | |
Chapter 9: APP 9 Adoption, use or disclosure of government related identifiers
Current version
1.1 |
22 July 2019 to ...
|
Updated references to OAIC and external publications for new website launch
|
Previous version
1.0 |
21 February 2014 to 21 July 2019 | |
Chapter 10: APP 10 Quality of personal information
Current version
1.1 |
22 July 2019 to ...
|
Updated references to OAIC and external publications for new website launch
|
Previous version
1.0 |
21 February 2014 to 21 July 2019 | |
Chapter 11: APP 11 Security of personal information
Current version
1.2 |
22 July 2019 to ...
|
Updated references to OAIC and external publications for new website launch
|
Previous versions
1.1 |
1 April 2015 to 21 July 2019
| - New reference to the OAIC Guide to Securing Personal Information (2015) [Key point 3, [11.10] and ([11.34])
- Consolidation and amendment of discussion, about relevant considerations in taking ‘reasonable steps’, for consistency with OAIC Guide to Securing Personal Information (2015) ([11.7]–[11.10])
- Minor stylistic changes ([11.11 and 11.42])
- Small clarifications to examples of ‘loss’, ‘unauthorised access’, ‘unauthorised modification’ and ‘unauthorised disclosure’ including in footnotes ([11.15]–[11.21])
- Minor amendment to footnote to correct reference to Australian Government Information Security Manual and to Australian Signals Directorate website ([11.37])
|
1.0 |
21 February 2014 to 31 March 2015 | |
Chapter 12: APP 12 Access to personal information
Current version
1.1 |
22 July 2019 to ...
|
Updated references to OAIC and external publications for new website launch
|
Previous version
1.0 |
21 February 2014 to 21 July 2019 | |
Chapter 13: APP 13 Correction of personal information
Current version
1.1 |
22 July 2019 to ...
|
Updated references to OAIC and external publications for new website launch
|
Previous version
1.0 |
21 February 2014 to 21 July 2019 | |