PRIVACY ACT 1988

SCHEDULE 1 - AUSTRALIAN PRIVACY PRINCIPLES  

Note: See section 14 .


Overview of the Australian Privacy Principles
Overview

This Schedule sets out the Australian Privacy Principles.

Part 1 sets out principles that require APP entities to consider the privacy of personal information, including ensuring that APP entities manage personal information in an open and transparent way.

Part 2 sets out principles that deal with the collection of personal information including unsolicited personal information.

Part 3 sets out principles about how APP entities deal with personal information and government related identifiers. The Part includes principles about the use and disclosure of personal information and those identifiers.

Part 4 sets out principles about the integrity of personal information. The Part includes principles about the quality and security of personal information.

Part 5 sets out principles that deal with requests for access to, and the correction of, personal information.

Australian Privacy Principles

The Australian Privacy Principles are:

  • · Australian Privacy Principle 1 - open and transparent management of personal information
  • · Australian Privacy Principle 2 - anonymity and pseudonymity
  • · Australian Privacy Principle 3 - collection of solicited personal information
  • · Australian Privacy Principle 4 - dealing with unsolicited personal information
  • · Australian Privacy Principle 5 - notification of the collection of personal information
  • · Australian Privacy Principle 6 - use or disclosure of personal information
  • · Australian Privacy Principle 7 - direct marketing
  • · Australian Privacy Principle 8 - cross-border disclosure of personal information
  • · Australian Privacy Principle 9 - adoption, use or disclosure of government related identifiers
  • · Australian Privacy Principle 10 - quality of personal information
  • · Australian Privacy Principle 11 - security of personal information
  • · Australian Privacy Principle 12 - access to personal information
  • · Australian Privacy Principle 13 - correction of personal information
  • PART 3 - DEALING WITH PERSONAL INFORMATION  

    7   Australian Privacy Principle 7 - direct marketing  

    Direct marketing

    7.1  
    If an organisation holds personal information about an individual, the organisation must not use or disclose the information for the purpose of direct marketing.

    Note:

    An act or practice of an agency may be treated as an act or practice of an organisation, see section 7A .

    Exceptions - personal information other than sensitive information

    7.2  
    Despite subclause 7.1, an organisation may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:


    (a) the organisation collected the information from the individual; and


    (b) the individual would reasonably expect the organisation to use or disclose the information for that purpose; and


    (c) the organisation provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and


    (d) the individual has not made such a request to the organisation.

    7.3  
    Despite subclause 7.1, an organisation may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:


    (a) the organisation collected the information from:


    (i) the individual and the individual would not reasonably expect the organisation to use or disclose the information for that purpose; or

    (ii) someone other than the individual; and


    (b) either:


    (i) the individual has consented to the use or disclosure of the information for that purpose; or

    (ii) it is impracticable to obtain that consent; and


    (c) the organisation provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and


    (d) in each direct marketing communication with the individual:


    (i) the organisation includes a prominent statement that the individual may make such a request; or

    (ii) the organisation otherwise draws the individual ' s attention to the fact that the individual may make such a request; and


    (e) the individual has not made such a request to the organisation. Exception - sensitive information

    7.4  
    Despite subclause 7.1, an organisation may use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose. Exception - contracted service providers

    7.5  
    Despite subclause 7.1, an organisation may use or disclose personal information for the purpose of direct marketing if:


    (a) the organisation is a contracted service provider for a Commonwealth contract; and


    (b) the organisation collected the information for the purpose of meeting (directly or indirectly) an obligation under the contract; and


    (c) the use or disclosure is necessary to meet (directly or indirectly) such an obligation. Individual may request not to receive direct marketing communications etc.

    7.6  
    If an organisation (the first organisation ) uses or discloses personal information about an individual:


    (a) for the purpose of direct marketing by the first organisation; or


    (b) for the purpose of facilitating direct marketing by other organisations;

    the individual may:


    (c) if paragraph (a) applies - request not to receive direct marketing communications from the first organisation; and


    (d) if paragraph (b) applies - request the organisation not to use or disclose the information for the purpose referred to in that paragraph; and


    (e) request the first organisation to provide its source of the information.

    7.7  
    If an individual makes a request under subclause 7.6, the first organisation must not charge the individual for the making of, or to give effect to, the request and:


    (a) if the request is of a kind referred to in paragraph 7.6(c) or (d) - the first organisation must give effect to the request within a reasonable period after the request is made; and


    (b) if the request is of a kind referred to in paragraph 7.6(e) - the organisation must, within a reasonable period after the request is made, notify the individual of its source unless it is impracticable or unreasonable to do so. Interaction with other legislation

    7.8  
    This principle does not apply to the extent that any of the following apply:


    (a) the Do Not Call Register Act 2006 ;


    (b) the Spam Act 2003 ;


    (c) any other Act of the Commonwealth, or a Norfolk Island enactment, prescribed by the regulations.




    This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.