What are the Australian Privacy Principles?


The Australian Privacy Principles (or APPs) are the cornerstone of the privacy protection framework in the Privacy Act 1988 (Privacy Act). The Australian Privacy Principles are principles-based law, which means that organisations and agencies have the flexibility to tailor the way they handle their personal information to their business models and customer needs.

The principles are also designed to be adaptable to changing technologies. Breaching Australian Privacy Principles is considered to be an ‘interference in the privacy of an individual’ and can lead to regulatory action and penalties. 

There are 13 Australia Privacy Principles and they govern standards, rights and obligations around:

  • the collection, use and disclosure of personal information
  • an organisation or agency’s governance and accountability
  • integrity and correction of personal information
  • the rights of individuals to access their personal information
Australian-Privacy-Principles-Impact-Assessment-3

APP's Principles Explained


Principle

Title

Purpose

APP 1

Open and transparent management of personal information

Ensures that personal information is handled in a transparent manner. This includes having a clearly expressed privacy policy. 

APP 2

Anonymity and pseudonymity

Organisations should give individuals the option to remain anonymous. 

APP 3

Collection of solicited personal information

Outlines when organisations are entitled to collecting solicited personal information. 

APP 4

Dealing with unsolicited personal information

Outlines how organisations should deal with unsolicited personal information 

APP 5

Notification of the collection of personal information

Outlines in which kind of scenarios organisations are required to notify individuals that their personal information has been collected

APP 6

Use or disclosure of personal information

Outlines the circumstances in which an organisation may use or disclose personal information that it holds.

APP 7

Direct Marketing 

An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.

APP 8

Cross-border disclosure of personal information

Outlines the steps an organisation must take to protect personal information before it is disclosed overseas.

APP 9

Adoption, use or disclosure of government related identifiers

Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.

APP 10

Quality of personal information

An organisation must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. It must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.

APP 11

Security of personal information

An organisation must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. It also has obligations to destroy or de-identify personal information in certain circumstances.

APP 12

Access to personal information

Outlines an organisation’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.

APP 13

Correction of personal information

Outlines an organisation’s obligations in relation to correcting the personal information it holds about individuals.

 

How We Do It


The Australian Privacy Principles require businesses and Australian Government agencies to be more transparent about how they handle personal information, including a clearly expressed and up-to-date privacy policy (that is implemented) about the way they handle personal information.

The StickmanCyber team can help you take proactive action by way of a full assessment of the Australian Privacy Principles (APPs) and uncover what is applicable and not-applicable to your organisation. And how best you can address and align to the principles.

We follow a standard 5-step process to audit your current systems and processes, and then work towards compliance with Australian Privacy Principles.

Australian Privacy Principles

Resources

Arm yourself with up-to-date information and insights into building a successful cybersecurity strategy, with blogs and webinars from the StickmanCyber team, and industry experts.


Ready to Improve and Enhance Your Cybersecurity Posture?

Know your exact challenge and want a solution partner? Just starting out on the cybersecurity journey? The StickmanCyber team can help.