Australian Privacy Principles - Australian Government

Description

You will be required to comply with the Australian Privacy Principles (APP) if you intend to handle or collect personal/sensitive information. Subject to some exceptions, you will be required to comply with the Australian Privacy Principles if you are a:

  • Private sector organisation with an annual turnover of $3 million or more;
  • Private sector health service provider, including child care centre, private school or private tertiary educational institution;
  • Employee association registered or recognised under the Fair Work (Registered Organisations) Act;
  • Business that sells or purchases personal information;
  • Credit reporting body;
  • Business that handles personal information in the course of providing services under a government contract;
  • Reporting entity under the Anti Money Laundering and Counter Terrorism Financing regime;
  • Business that handles consumer credit information, tax file numbers, information on old convictions or health records; or a
  • Business that has opted-in to the Privacy Act.

The Principles are not prescriptive, but you must consider how they apply to your operations. They broadly cover the collection, use, disclosure and storage of personal information and regulate the way this information is handled. More stringent obligations apply to you if you intend to handle sensitive information about somebody's health, race, ethnicity, political opinions, membership of political or trade associations, religion, sexual orientation, criminal record or biometric information.

Handling your employees' or former employees' personal information is exempt from the APP, provided that it is within the scope of the employment relationship. For example, an employer could not sell a list of their employees to another organisation for marketing purposes. Please consult the Agency Contact Officer for more information and to ascertain the level of compliance (if any) that may be required by your business.

Service type

Code of Practice

A code of practice is a set of rules which details how people in a certain industry should behave. A code of practice can be defined as a result of legislation or by industry regulators and bodies.

Other resources

Task Business Structure Resources
Comply All Australian Privacy Principles (Opens in new window)

Act(s) name

Privacy Act 1988 AG

Regulation(s) name

Privacy Regulations 2013 AG

Administering agency

Attorney-General's Department

Office of the Australian Information Commissioner

Contact details

Contact Email, Phone and Address Details for this service in simple two column table format, header then data.

Enquiries

Office of the Australian Information Commissioner

Attorney-General's Department

Phone: 02 9284 9749
Phone: 1300 363 992
Fax: 02 9284 9666
Email: enquiries@oaic.gov.au

Contact Email, Phone and Address Details for this service in simple two column table format, header then data.

Enquiries, Head Office

Operating address: 3-5 National Circuit
Barton
Australian Capital Territory 2600
Phone: 02 6141 6666
Fax: 02 6141 2553