PRIVACY ACT 1988

SCHEDULE 1 - AUSTRALIAN PRIVACY PRINCIPLES  

Note: See section 14 .


Overview of the Australian Privacy Principles
Overview

This Schedule sets out the Australian Privacy Principles.

Part 1 sets out principles that require APP entities to consider the privacy of personal information, including ensuring that APP entities manage personal information in an open and transparent way.

Part 2 sets out principles that deal with the collection of personal information including unsolicited personal information.

Part 3 sets out principles about how APP entities deal with personal information and government related identifiers. The Part includes principles about the use and disclosure of personal information and those identifiers.

Part 4 sets out principles about the integrity of personal information. The Part includes principles about the quality and security of personal information.

Part 5 sets out principles that deal with requests for access to, and the correction of, personal information.

Australian Privacy Principles

The Australian Privacy Principles are:

  • · Australian Privacy Principle 1 - open and transparent management of personal information
  • · Australian Privacy Principle 2 - anonymity and pseudonymity
  • · Australian Privacy Principle 3 - collection of solicited personal information
  • · Australian Privacy Principle 4 - dealing with unsolicited personal information
  • · Australian Privacy Principle 5 - notification of the collection of personal information
  • · Australian Privacy Principle 6 - use or disclosure of personal information
  • · Australian Privacy Principle 7 - direct marketing
  • · Australian Privacy Principle 8 - cross-border disclosure of personal information
  • · Australian Privacy Principle 9 - adoption, use or disclosure of government related identifiers
  • · Australian Privacy Principle 10 - quality of personal information
  • · Australian Privacy Principle 11 - security of personal information
  • · Australian Privacy Principle 12 - access to personal information
  • · Australian Privacy Principle 13 - correction of personal information
  • PART 2 - COLLECTION OF PERSONAL INFORMATION  

    4   Australian Privacy Principle 4 - dealing with unsolicited personal information  

    4.1  
    If:


    (a) an APP entity receives personal information; and


    (b) the entity did not solicit the information;

    the entity must, within a reasonable period after receiving the information, determine whether or not the entity could have collected the information under Australian Privacy Principle 3 if the entity had solicited the information.

    4.2  
    The APP entity may use or disclose the personal information for the purposes of making the determination under subclause 4.1.

    4.3  
    If:


    (a) the APP entity determines that the entity could not have collected the personal information; and


    (b) the information is not contained in a Commonwealth record;

    the entity must, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified.

    4.4  
    If subclause 4.3 does not apply in relation to the personal information, Australian Privacy Principles 5 to 13 apply in relation to the information as if the entity had collected the information under Australian Privacy Principle 3.




    This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.