Australian privacy principles 2019

Both the APPs and the APP guidelines apply to any organisation or agency the Privacy Act covers. Acknowledgement of Country. We pay our respects to the people, the cultures and the elders past, present and emerging. The APP guidelines should be read together with the full text of the APPs in the Privacy Act. The APPs are legally binding principles which are the cornerstone of the privacy protection framework in the Privacy Act.

Australian Privacy Principles (APPs) A. The APPs set out standards, rights and obligations in relation to handling, holding, accessing and correcting personal information. They apply to any organisation or agency the Privacy Act covers. APP entities must handle personal information openly and honestly. The type of personal information in question 2. This policy must entail: 1. The methods that the entity uses to obtain information 3. Reasons for the collection and use of the information 4. Correction of information 5. Complaints by an individual 6. Sharing of information to foreign bodies and which countries these are located in. See full list on lawpath.

The law differs slightly depending on whether the entity is an agency or organisation. If it’s an agency it can’t obtain personal information unless it’s necessary or related to a function of the agency. If it’s an organisation then they cannot obtain personal information unless it is necessary for a function of the organisation. Sensitive information cannot be obtained by an APP entity unless the person gives consent. In regards to information that an entity receives but did not ask for, they must demonstrate that they could have collected that information pursuant to principle if they had solicited it.

If they cannot demonstrate this, and if the information is not on any record within the Commonwealth, then the entity is obligated to destroy the information (if it is legal and reasonable). Within a reasonable time, the APP entity must notify a person about: 1. The identity and contact details of the entity 2. If they obtained the information from someone else, and how they collected the information 3. The reason why the entity has collected the information 5. What happens if only some information is collected 6. If another APP entity or similar entity collected the information 7. If the entity can share the information with an overseas body, and in which countries these overseas bodies reside in. How they may make a complaint 9. The APP entity has to make sure a person is aware of all these matters. The information can also be used if the entity is not an enforcement body and the information is biometric, the receiver is an enforcement body and the use of it complies with the guidelines of the Commissioner.

These rules to not apply to direct marketing or government related identifiers. Organisations cannot use information for direct marketing, except for where: 1. The organisation obtained the information in order to satisfy a contractual obligation. The individual may also make a request not to receive direct marketing communications free of charge.

The entity must make sure that any overseas recipient of information complies with the Privacy Principles, except for where they are bound by laws that protect information. However, this must be similar to protection provided by the Principles. Using a government related identifier is also another exemption.

Any information obtained by the APP entity must be correct, complete, and up to date. An APP entity can only disclose and use information once they ensure it’s accurate, relevant and complete. The APPs apply to government agencies and private sector organisations with an annual turnover of $3 million or more. The APPs are principles-based—protecting privacy while not burdening agencies and organisations with inflexible prescriptive rules. The materials herein are for informational purposes only and do not constitute legal advice.

Important COVID-information Coronavirus (COVID-19) and the Attorney-General’s Department: Find out how our services are being delivered and how you can access them. They will also have more control regarding the use of their data and who can access it. The GDPR is the premier data privacy regulation on the books today.