Download - The Australian Privacy Principles Protecting information rights – advancing information policy
![Page 1: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/1.jpg)
The Australian Privacy PrinciplesProtecting information rights – advancing information policy
![Page 2: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/2.jpg)
Australian Privacy Principles• Changes commenced on 12 March 2014
• 13 new Australian Privacy Principles (APPs)
• Government agencies and private sector organisations referred to as ‘APP entities’
• APPs replace the IPPs and NPPs
![Page 3: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/3.jpg)
Australian Privacy Principlesguidelines
![Page 4: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/4.jpg)
APP 1 — Open and transparent management of personal informationEnsures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed andup-to-date APP privacy policy
![Page 5: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/5.jpg)
APP 2 — Anonymity and pseudonymity
Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym unless identification is required
![Page 6: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/6.jpg)
APP 3 – Collection of solicited personal information
An APP entity can solicit personal information under certain circumstances.
Higher standards apply to thecollection of ‘sensitive’information
![Page 7: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/7.jpg)
APP 4 — Dealing with unsolicited personal information
If an APP entity receives unsolicited personal information, it must assess whether it could have collected the information underAPP 3
![Page 8: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/8.jpg)
APP 5 — Notification of the collection of personal information
If an APP entity that collects personal information they must notify an individual of certain matters, including their contact details, the purpose of the collection and information about theirAPP privacy policy
![Page 9: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/9.jpg)
APP 6 — Use or disclosure An APP entity can only use or disclose personal information for a purpose for which it was collected or for a secondary purpose if an exception applies
![Page 10: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/10.jpg)
APP 6 — Use or disclosure An APP entity can only use or disclose personal information for a purpose for which it was collected or for a secondary purpose if an exception applies
![Page 11: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/11.jpg)
APP 7 – Direct marketingAn organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met
![Page 12: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/12.jpg)
APP 8 – Cross border disclosure of personal information
Before an APP entity discloses personal information to an overseas recipient, the entity must take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the information
![Page 13: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/13.jpg)
APP 9 — Adoption, use or disclosure of government related identifiers
An organisation may only adopt a government related identifier of an individualas its own identifier, or use or disclose a government relatedidentifier of an individual, in very limited circumstances
![Page 14: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/14.jpg)
APP 10 — Quality of personal information
An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up-to-date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up-to-date, complete and relevant, having regard to thepurpose of the use or disclosure
![Page 15: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/15.jpg)
APP 11 — Security of personal information
An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal informationin certain circumstances
![Page 16: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/16.jpg)
APP 12 — Access to personal information
An APP entity must provide an individual with access to the person information they hold about them, unless a specific exceptionapplies
![Page 17: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/17.jpg)
APP 13 — Correction of personal information
An APP entity must take reasonable steps to correct an individual’s personal information on request, or ifthe entity is satisfied that theinformation is inaccurate, out-of-date, incomplete,irrelevant or misleading
![Page 18: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/18.jpg)
An APP entity must take reasonable steps to correct an individual’s personal information on request, or ifthe entity is satisfied that theinformation is inaccurate, out-of-date, incomplete,irrelevant or misleading
APP 13 — Correction of personal information
![Page 19: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/19.jpg)
OAIC’s powers• Privacy performance assessments
• Privacy impact assessment directions (for agencies only)
• Enforceable codes
• Complaint investigations
• Commissioner initiated investigations
• Enforceable undertakings
• Determinations
• Injunctions and civil penalty orders
![Page 20: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/20.jpg)
OAIC’s powers• Privacy performance assessments
• Privacy impact assessment directions (for agencies only)
• Enforceable codes
• Complaint investigations
• Commissioner initiated investigations
• Enforceable undertakings
• Determinations
• Injunctions and civil penalty orders
![Page 21: The Australian Privacy Principles Protecting information rights – advancing information policy](https://reader037.vdocuments.us/reader037/viewer/2022103022/56649cf95503460f949cab63/html5/thumbnails/21.jpg)
Need further information?• Visit the OAIC website — www.oaic.gov.au
• General guidance
• Guidance on APPs
• Guidance on credit reporting, external dispute resolution schemes, codes, health research and missing persons