Australian Privacy Principles

Question 1

APP 1
Open and transparent management of personal information

Answer 1

Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.

Question 2

APP 2
Anonymity and pseudonymity

Answer 2

Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.

Question 3

APP 3
Collection of solicited personal information

Answer 3

Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of sensitive information.

Question 4

APP 4
Dealing with unsolicited personal information

Answer 4

Outlines how APP entities must deal with unsolicited personal information.

Question 5

APP 5
Notification of the collection of personal information

Answer 5

Outlines when and in what circumstances an APP entity that collects personal information must tell an individual about certain matters.

Question 6

APP 5
Notification of the collection of personal information

Answer 6

Outlines when and in what circumstances an APP entity that collects personal information must tell an individual about certain matters.

Question 7

APP 6
Use or disclosure of personal information

Answer 7

Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.

Question 8

APP 7
Direct marketing

Answer 8

An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.

Question 9

APP 8
Cross-border disclosure of personal information

Answer 9

Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.

Question 10

APP 9
Adoption, use or disclosure of government related identifiers

Answer 10

Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.

Question 11

APP 10
Quality of personal information

Answer 11

An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.

Question 12

APP 11
Security of personal information

Answer 12

An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.

Question 13

APP 12
Access to personal information

Answer 13

Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.

Question 14

APP 13
Correction of personal information

Answer 14

Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.