Do the Australian Privacy Principles apply to your
As of 12 March 2014 changes were made to the Privacy Act
1988 (Cth) to include a new set of Australian Privacy
Principles (APPs) which replaces the National Privacy Principles
and Information Privacy Principles. The APPs will regulate the
handling of personal information by Australian Government agencies
and businesses with a turnover of more than $3,000,000.00 and those
with a turnover of less than $3,000,000.00 trading in personal
information and all private health service providers.
Notwithstanding a turnover of less than $3,000,000.00, the
legislation allows small businesses/not-for-profits, to opt in to
the regime and therefore to become subject to the APP's.
This would allow small businesses/not for profits the
benefit from any increase in confidence and trust by the public
that may be derived from operating under the Privacy Act
1988 (Cth); and
make a public statement about being committed to good privacy
The APPs consist of 13 principles which can be found in Schedule
1 of the Privacy Act 1988 (Cth) that seek to address the
collection, use, disclosure and security of personal
In summary the 13 APP's are as follows:
Open and transparent management of personal
Anonymity and pseudonymity
Collection of solicited personal information
Dealing with unsolicited personal information
Notification of the collection of personal
Use or disclosure of personal information
Direct marketing (please note that the SPAM Act
2003 (Cth) should also be considered in conjunction with this
Cross-border disclosure of personal information
Adoption, use or disclosure of government related
Quality of personal information
Security of personal information
Access to personal information
Correction of personal information
You should now consider the practical implications of the APPs
for your organisation and in doing so review as a minimum the
requirements and is readily available and easy to access, such as
on your website;
your complaints processes and how to deal with any
your practice in disclosing how information disclosed to
overseas recipients is handled and whether the overseas recipient
must comply with similar legislation;
the method by which you obtain consent for direct marketing and
implementing unsubscribe or "opt-out" facilities;
your policy and procedure for collecting, storing, securing and
updating any personal information; and
your procedures for dealing with enquiries to update, remove or
release personal information.
We would be happy to provide your not-for-profit entity with a
"health check" to confirm it complies with the APPs.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).