Privacy Act 1988

SCHEDULE 1 - AUSTRALIAN PRIVACY PRINCIPLES  

Note: See section 14 .


Overview of the Australian Privacy Principles

Overview

This Schedule sets out the Australian Privacy Principles.

Part 1 sets out principles that require APP entities to consider the privacy of personal information, including ensuring that APP entities manage personal information in an open and transparent way.

Part 2 sets out principles that deal with the collection of personal information including unsolicited personal information.

Part 3 sets out principles about how APP entities deal with personal information and government related identifiers. The Part includes principles about the use and disclosure of personal information and those identifiers.

Part 4 sets out principles about the integrity of personal information. The Part includes principles about the quality and security of personal information.

Part 5 sets out principles that deal with requests for access to, and the correction of, personal information.

Australian Privacy Principles

The Australian Privacy Principles are:

  • • Australian Privacy Principle 1 - open and transparent management of personal information
  • • Australian Privacy Principle 2 - anonymity and pseudonymity
  • • Australian Privacy Principle 3 - collection of solicited personal information
  • • Australian Privacy Principle 4 - dealing with unsolicited personal information
  • • Australian Privacy Principle 5 - notification of the collection of personal information
  • • Australian Privacy Principle 6 - use or disclosure of personal information
  • • Australian Privacy Principle 7 - direct marketing
  • • Australian Privacy Principle 8 - cross-border disclosure of personal information
  • • Australian Privacy Principle 9 - adoption, use or disclosure of government related identifiers
  • • Australian Privacy Principle 10 - quality of personal information
  • • Australian Privacy Principle 11 - security of personal information
  • • Australian Privacy Principle 12 - access to personal information
  • • Australian Privacy Principle 13 - correction of personal information
  • PART 2 - COLLECTION OF PERSONAL INFORMATION  

    3   Australian Privacy Principle 3 - collection of solicited personal information  


    Personal information other than sensitive information

    3.1    
    If an APP entity is an agency, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for, or directly related to, one or more of the entity ' s functions or activities.

    3.2    
    If an APP entity is an organisation, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of the entity ' s functions or activities.

    Sensitive information

    3.3    
    An APP entity must not collect sensitive information about an individual unless:


    (a) the individual consents to the collection of the information and:


    (i) if the entity is an agency - the information is reasonably necessary for, or directly related to, one or more of the entity ' s functions or activities; or

    (ii) if the entity is an organisation - the information is reasonably necessary for one or more of the entity ' s functions or activities; or


    (b) subclause 3.4 applies in relation to the information.

    3.4    
    This subclause applies in relation to sensitive information about an individual if:


    (a) the collection of the information is required or authorised by or under an Australian law or a court/tribunal order; or


    (b) a permitted general situation exists in relation to the collection of the information by the APP entity; or


    (c) the APP entity is an organisation and a permitted health situation exists in relation to the collection of the information by the entity; or


    (d) the APP entity is an enforcement body and the entity reasonably believes that:


    (i) if the entity is the Immigration Department - the collection of the information is reasonably necessary for, or directly related to, one or more enforcement related activities conducted by, or on behalf of, the entity; or

    (ii) otherwise - the collection of the information is reasonably necessary for, or directly related to, one or more of the entity ' s functions or activities; or


    (e) the APP entity is a non-profit organisation and both of the following apply:


    (i) the information relates to the activities of the organisation;

    (ii) the information relates solely to the members of the organisation, or to individuals who have regular contact with the organisation in connection with its activities.
    Note:

    For permitted general situation , see section 16A . For permitted health situation , see section 16B .



    Means of collection

    3.5    
    An APP entity must collect personal information only by lawful and fair means.

    3.6    
    An APP entity must collect personal information about an individual only from the individual unless:


    (a) if the entity is an agency:


    (i) the individual consents to the collection of the information from someone other than the individual; or

    (ii) the entity is required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than the individual; or


    (b) it is unreasonable or impracticable to do so.

    Solicited personal information

    3.7    
    This principle applies to the collection of personal information that is solicited by an APP entity.




    This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.