the australian privacy principles protecting information rights – advancing information policy
TRANSCRIPT
The Australian Privacy PrinciplesProtecting information rights – advancing information policy
Australian Privacy Principles• Changes commenced on 12 March 2014
• 13 new Australian Privacy Principles (APPs)
• Government agencies and private sector organisations referred to as ‘APP entities’
• APPs replace the IPPs and NPPs
Australian Privacy Principlesguidelines
APP 1 — Open and transparent management of personal informationEnsures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed andup-to-date APP privacy policy
APP 2 — Anonymity and pseudonymity
Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym unless identification is required
APP 3 – Collection of solicited personal information
An APP entity can solicit personal information under certain circumstances.
Higher standards apply to thecollection of ‘sensitive’information
APP 4 — Dealing with unsolicited personal information
If an APP entity receives unsolicited personal information, it must assess whether it could have collected the information underAPP 3
APP 5 — Notification of the collection of personal information
If an APP entity that collects personal information they must notify an individual of certain matters, including their contact details, the purpose of the collection and information about theirAPP privacy policy
APP 6 — Use or disclosure An APP entity can only use or disclose personal information for a purpose for which it was collected or for a secondary purpose if an exception applies
APP 6 — Use or disclosure An APP entity can only use or disclose personal information for a purpose for which it was collected or for a secondary purpose if an exception applies
APP 7 – Direct marketingAn organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met
APP 8 – Cross border disclosure of personal information
Before an APP entity discloses personal information to an overseas recipient, the entity must take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the information
APP 9 — Adoption, use or disclosure of government related identifiers
An organisation may only adopt a government related identifier of an individualas its own identifier, or use or disclose a government relatedidentifier of an individual, in very limited circumstances
APP 10 — Quality of personal information
An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up-to-date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up-to-date, complete and relevant, having regard to thepurpose of the use or disclosure
APP 11 — Security of personal information
An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal informationin certain circumstances
APP 12 — Access to personal information
An APP entity must provide an individual with access to the person information they hold about them, unless a specific exceptionapplies
APP 13 — Correction of personal information
An APP entity must take reasonable steps to correct an individual’s personal information on request, or ifthe entity is satisfied that theinformation is inaccurate, out-of-date, incomplete,irrelevant or misleading
An APP entity must take reasonable steps to correct an individual’s personal information on request, or ifthe entity is satisfied that theinformation is inaccurate, out-of-date, incomplete,irrelevant or misleading
APP 13 — Correction of personal information
OAIC’s powers• Privacy performance assessments
• Privacy impact assessment directions (for agencies only)
• Enforceable codes
• Complaint investigations
• Commissioner initiated investigations
• Enforceable undertakings
• Determinations
• Injunctions and civil penalty orders
OAIC’s powers• Privacy performance assessments
• Privacy impact assessment directions (for agencies only)
• Enforceable codes
• Complaint investigations
• Commissioner initiated investigations
• Enforceable undertakings
• Determinations
• Injunctions and civil penalty orders
Need further information?• Visit the OAIC website — www.oaic.gov.au
• General guidance
• Guidance on APPs
• Guidance on credit reporting, external dispute resolution schemes, codes, health research and missing persons