PRIVACY ACT 1988

SCHEDULE 1 - AUSTRALIAN PRIVACY PRINCIPLES  

Note: See section 14 .


Overview of the Australian Privacy Principles
Overview

This Schedule sets out the Australian Privacy Principles.

Part 1 sets out principles that require APP entities to consider the privacy of personal information, including ensuring that APP entities manage personal information in an open and transparent way.

Part 2 sets out principles that deal with the collection of personal information including unsolicited personal information.

Part 3 sets out principles about how APP entities deal with personal information and government related identifiers. The Part includes principles about the use and disclosure of personal information and those identifiers.

Part 4 sets out principles about the integrity of personal information. The Part includes principles about the quality and security of personal information.

Part 5 sets out principles that deal with requests for access to, and the correction of, personal information.

Australian Privacy Principles

The Australian Privacy Principles are:

  • · Australian Privacy Principle 1 - open and transparent management of personal information
  • · Australian Privacy Principle 2 - anonymity and pseudonymity
  • · Australian Privacy Principle 3 - collection of solicited personal information
  • · Australian Privacy Principle 4 - dealing with unsolicited personal information
  • · Australian Privacy Principle 5 - notification of the collection of personal information
  • · Australian Privacy Principle 6 - use or disclosure of personal information
  • · Australian Privacy Principle 7 - direct marketing
  • · Australian Privacy Principle 8 - cross-border disclosure of personal information
  • · Australian Privacy Principle 9 - adoption, use or disclosure of government related identifiers
  • · Australian Privacy Principle 10 - quality of personal information
  • · Australian Privacy Principle 11 - security of personal information
  • · Australian Privacy Principle 12 - access to personal information
  • · Australian Privacy Principle 13 - correction of personal information
  • PART 5 - ACCESS TO, AND CORRECTION OF, PERSONAL INFORMATION  

    13   Australian Privacy Principle 13 - correction of personal information  

    Correction

    13.1  
    If:


    (a) an APP entity holds personal information about an individual; and


    (b) either:


    (i) the entity is satisfied that, having regard to a purpose for which the information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading; or

    (ii) the individual requests the entity to correct the information;

    the entity must take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.

    Notification of correction to third parties

    13.2  
    If:


    (a) the APP entity corrects personal information about an individual that the entity previously disclosed to another APP entity; and


    (b) the individual requests the entity to notify the other APP entity of the correction;

    the entity must take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.

    Refusal to correct information

    13.3  
    If the APP entity refuses to correct the personal information as requested by the individual, the entity must give the individual a written notice that sets out:


    (a) the reasons for the refusal except to the extent that it would be unreasonable to do so; and


    (b) the mechanisms available to complain about the refusal; and


    (c) any other matter prescribed by the regulations. Request to associate a statement

    13.4  
    If:


    (a) the APP entity refuses to correct the personal information as requested by the individual; and


    (b) the individual requests the entity to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading;

    the entity must take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.

    Dealing with requests

    13.5  
    If a request is made under subclause 13.1 or 13.4, the APP entity:


    (a) must respond to the request:


    (i) if the entity is an agency - within 30 days after the request is made; or

    (ii) if the entity is an organisation - within a reasonable period after the request is made; and


    (b) must not charge the individual for the making of the request, for correcting the personal information or for associating the statement with the personal information (as the case may be).




    This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.