Australian Privacy Principles - Australian Government


You will be required to comply with the Australian Privacy Principles (APP) if you intend to handle or collect personal/sensitive information. Subject to some exceptions, you will be required to comply with the Australian Privacy Principles if you are a:

  • Private sector organisation with an annual turnover of $3 million or more;
  • Private sector health service provider, including child care centre, private school or private tertiary educational institution;
  • Employee association registered or recognised under the Fair Work (Registered Organisations) Act;
  • Business that sells or purchases personal information;
  • Credit reporting body;
  • Business that handles personal information in the course of providing services under a government contract;
  • Reporting entity under the Anti Money Laundering and Counter Terrorism Financing regime;
  • Business that handles consumer credit information, tax file numbers, information on old convictions or health records; or a
  • Business that has opted-in to the Privacy Act.

The Principles are not prescriptive, but you must consider how they apply to your operations. They broadly cover the collection, use, disclosure and storage of personal information and regulate the way this information is handled. More stringent obligations apply to you if you intend to handle sensitive information about somebody's health, race, ethnicity, political opinions, membership of political or trade associations, religion, sexual orientation, criminal record or biometric information.

Handling your employees' or former employees' personal information is exempt from the APP, provided that it is within the scope of the employment relationship. For example, an employer could not sell a list of their employees to another organisation for marketing purposes. Please consult the Agency Contact Officer for more information and to ascertain the level of compliance (if any) that may be required by your business.

Service type

Code of Practice

A code of practice is a set of rules which details how people in a certain industry should behave. A code of practice can be defined as a result of legislation or by industry regulators and bodies.

Other resources

Task Business Structure Resources
Comply All Australian Privacy Principles (Opens in new window)

Act(s) name

Privacy Act 1988 AG

Regulation(s) name

Privacy Regulations 2013 AG

Administering agency

Attorney-General's Department

Office of the Australian Information Commissioner

Regulation and Strategy Branch

Contact details

Contact Email, Phone and Address Details for this service in simple two column table format, header then data.


Regulation and Strategy Branch

Office of the Australian Information Commissioner

Attorney-General's Department

Operating address: Level 3
175 Pitt Street
New South Wales 2000
Mailing address: GPO BOX 5218
Sydney, New South Wales 2001
Phone: 1300 363 992
Phone: 02 9284 9749
Fax: 02 9284 9666