You must comply with the Australian Privacy Principles (APPs) if you intend to collect and use the personal information of individuals in a business capacity. Subject to some exceptions, the APPs apply to:
- organisations and entities with an annual turnover of more than $3 million
- certain small businesses (annual turnover less that $3 million), including private sector health service providers.
The APPs are designed to give an organisation or entity flexibility to tailor their personal information handling practices to their business and the needs of individuals. The APPs provide for standards, rights and obligations around:
- the open and transparent management of personal information, including having a privacy policy
- an individual having the option of transacting anonymously or using a pseudonym where practicable
- the collection of solicited personal information and receipt of unsolicited personal information, including giving notice about collection
- how personal information can be used and disclosed, including overseas disclosure
- maintaining the quality of personal information, including accuracy, relevance and completeness
- keeping personal information secure
- the right of individuals to access and correct their personal information.
