What Are The 13 Australian Privacy Principles (APPs)?
The 13 Australian Privacy Principles (APPs) are a set of privacy standards that regulate and outline the way personal information should be collected, used, disclosed, and managed by organisations in Australia. These principles are designed to protect the privacy of individuals and ensure that their personal information is handled in a responsible and ethical manner. The APPs apply to all organisations that produce an annual turnover of more than AUD 3 million, as well as Commonwealth Government Agencies. Additionally, the APPs were introduced in 2014 and form part of the Privacy Act 1988.
In this Business Kitz blog, we will walk you through the 13 Privacy Principles. The APP are as follows:
1. Open and Transparent Management of Personal Information
APP 1 requires organisations to have clear and accessible privacy policies and procedures that outline how personal information will be collected, used, disclosed, and managed. The policy should be readily available to the public and individuals should be able to easily understand it.
2. Anonymity and Pseudonymity
APP 2 provides individuals with the option to deal with organisations anonymously or pseudonymously unless it is impracticable for the organisation to do so. This means that individuals have the right to keep their personal information private and only reveal if they choose to do so.
3. Collection of Solicited Personal Information
APP 3 requires organisations to only collect personal information that is necessary for their functions or activities, and to collect it by lawful and fair means. Organisations must inform individuals of the purpose for which their personal information is being collected and also obtain the individuals consent prior to collecting any personal information.
4. Dealing with Unsolicited Personal Information
APP 4 requires organisations to destroy or de-identify all unsolicited personal information that they receive unless it is required for any legal or business purpose.
5. Notification of Collection of Personal Information
APP 5 requires organisations to take reasonable steps to notify and inform individuals of the collection of their personal information, including the purpose for which it is being collected, and to whom it may be disclosed. Organisations must also provide individuals with access to their personal information if they request it.
6. Use or Disclosure of Personal Information
APP 6 requires organisations to only use or disclose personal information for the purpose for which it was collected, unless the individual has consented to its use or disclosure for another purpose, or unless the use of disclosure is otherwise required or authorised by law.
7. Direct Marketing
APP 7 restricts organisations from using personal information for direct marketing purposes unless the individual has consented to receive such communications, or unless the organisation collected the information from a third party and the individual would reasonably expect the information to be used for direct marketing.
8. Cross-Border Disclosure of Personal Information
APP 8 restricts organisations from disclosing personal information to overseas recipients unless the recipient is subject to laws or regulations that are similar to the APPs, or the individual has consented to the disclosure.
9. Adoption, Use or Disclosure of Government-Related Identifiers
APP 9 restricts organisations from adapting, using or disclosing government-related identifiers (such as tax file numbers or drivers license numbers) as their own identifier of an individual, unless it is required or authorised by law.
10. Quality of Personal Information
APP 10 requires organisations to take reasonable steps to ensure that the personal information, they collect, use, and disclose is accurate, up-to-date, and complete.
11. Security of Personal Information
APP 11 requires organisations to take reasonable steps to protect personal information from unauthorised access, misuse, interference, and loss, as well as from unauthorised access, alteration, and destruction.
12. Access to Personal Information
APP 12 requires organisations to provide individuals with access to their personal information upon request unless it is contrary to the public interest or otherwise restricted by law.
13. Correction of Personal Information
APP 13 requires organisations to take reasonable steps to allow individuals to correct their personal information, if it is inaccurate, out-of-date, incomplete, irrelevant, or misleading.
It is important to note that these principles are intended to be flexible, allowing organisations to develop their own policies and procedures that take into account their specific circumstances. Since privacy is a very serious matter, the Office of the Australian Information Commissioner (OAIC) has the responsibility of overseeing compliance with the APPs, and they have the power to investigate and enforce breaches of the principles.
We know starting a business can be tricky and tedious, but we are here to help! To ensure you have all the correct policies in place, check out our full library of templates available via our Business Kitz Subscription. If you have any questions around the legalities of policy making, please do not hesitate to contact our sister company Legal Kitz. You can contact us by phone on 1300 988 954 or email us at email@example.com. We also provide a FREE 30 minute Consultation to set you in the right legal direction.