You will be required to comply with the Australian Privacy Principles (APP) if you intend to handle or collect personal/sensitive information. Subject to some exceptions, you will be required to comply with the Australian Privacy Principles if you are a:
- Private sector organisation with an annual turnover of $3 million or more;
- Private sector health service provider, including child care centre, private school or private tertiary educational institution;
- Employee association registered or recognised under the Fair Work (Registered Organisations) Act;
- Business that sells or purchases personal information;
- Credit reporting body;
- Business that handles personal information in the course of providing services under a government contract;
- Reporting entity under the Anti Money Laundering and Counter Terrorism Financing regime;
- Business that handles consumer credit information, tax file numbers, information on old convictions or health records; or a
- Business that has opted-in to the Privacy Act.
The Principles are not prescriptive, but you must consider how they apply to your operations. They broadly cover the collection, use, disclosure and storage of personal information and regulate the way this information is handled. More stringent obligations apply to you if you intend to handle sensitive information about somebody's health, race, ethnicity, political opinions, membership of political or trade associations, religion, sexual orientation, criminal record or biometric information.
Handling your employees' or former employees' personal information is exempt from the APP, provided that it is within the scope of the employment relationship. For example, an employer could not sell a list of their employees to another organisation for marketing purposes. Please consult the Agency Contact Officer for more information and to ascertain the level of compliance (if any) that may be required by your business.
Code of Practice
A code of practice can be either a legal requirement or non-legal requirement. Legal codes of practice are defined as a result of legislation. Non-legal codes of practice are defined by industry regulators and bodies.
Office of the Australian Information Commissioner
Regulation and Strategy Branch
Privacy Act 1988 (Australian Government)
Privacy Regulations 2006 (Australian Government)
The information contained on the Australian Business Licence and Information Service
(ABLIS) web site, or via packages or other sources is intended for general guidance
To the full extent permitted by law, the Federal, State, Territory and Local Governments
make no representations or warranties (expressed or implied) in relation to the
information, including its accuracy, currency or completeness.
The business information provided does not constitute professional or legal advice,
nor is the use of any third party resource an endorsement of the information contained,
the associated organisation, product or service. It is recommended that you obtain
appropriate professional and /or independent legal advice to ensure that the material
provided here is relevant to your particular circumstances.
To the full extent permitted by law the Federal, State, Territory and Local Governments,
their employees and agents do not accept any liability for any reason, including
without limitation, liability in negligence, to any person for the general information
which is provided herein, or in respect of anything, including the consequences
of anything done, or not done, by any such person in whole or partial reliance upon