Scribd Logo
Upload

Welcome to Scribd!

  • Farr Study Guide Seventh Edition

    Uploaded by

    Yudi Suyanto
    19 views2 pages
    Farr Study Guide Seventh EditionFarr Study Guide Seventh Edition

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Farr Study Guide Seventh EditionFarr Study Guide Seventh Edition

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views2 pages

    Farr Study Guide Seventh Edition

    Uploaded by

    Yudi Suyanto
    Farr Study Guide Seventh EditionFarr Study Guide Seventh Edition

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    13 AUSTRALIAN PRIVACY PRINCIPLES (APPS)

    APP 1 — Open and transparent management of personal information


    An organisation must have ongoing practices and policies in place to ensure that they
    manage personal information in an open and transparent way.
    One way organisations can demonstrate their openness and transparency is by providing
    current and potential clients with a privacy statement in soft- or hard-copy format.

    APP 2 — Anonymity and pseudonymity


    An organisation must provide individuals with the option of dealing with it anonymously or
    using a pseudonym, except where:
    • it would be impracticable for the organisation to deal with an individual who has not
    identified themselves
    • the law or a court/tribunal order requires or authorises the organisation to deal with
    individuals who have identified themselves.

    APP 3 — Collection of solicited personal information


    An organisation must not collect personal information about an individual unless the
    information is reasonably necessary for one or more of the organisation’s functions or
    activities. Higher standards apply to sensitive information that an organisation collects about
    an individual.

    APP 4 — Dealing with unsolicited personal information


    Where an organisation receives unsolicited personal information, and the information could
    not have been collected under APP 3, and the information is not contained in a
    Commonwealth record, the organisation must destroy or de identify that information as
    soon as practicable, but only if it is lawful and reasonable to do so.

    APP 5 — Notification of the collection of personal information


    An organisation must notify individuals about the access, correction and complaints
    processes in the organisation’s privacy policies. The organisation must also inform the
    individual about the location of any likely overseas recipients of the individual’s information,
    at the time, or as soon as practicable after, the organisation collects their personal
    information.

    APP 6 — Use and disclosure of personal information


    There are a limited number of situations in which organisations may use or disclose personal
    information collected about an individual. These situations include where the use or
    disclosure is reasonably necessary:
    • to assist in locating a missing person
    • to establish, exercise or defend a legal or equitable claim
    • for the purposes of a confidential alternative dispute resolution.

    Page 1 of 2
    APP 7 — Direct marketing
    Organisations may only use or disclose personal information for direct marketing purposes
    where the individual has either consented to their personal information being used for direct
    marketing, or has a reasonable expectation that their personal information will be used for
    this purpose, and conditions relating to opt-out mechanisms are met.

    APP 8 — Cross-border disclosure of personal information


    Before an organisation discloses personal information to an overseas recipient, the
    organisation must take reasonable steps to ensure that the overseas recipient does not
    breach the Australian Privacy Principles in relation to that information.

    APP 9 — Adoption, use or disclosure of government-related identifiers


    An organisation must not adopt, use or disclose a government-related identifier unless an
    exception applies.
    The APP guidelines define an identifier as a ’number, letter or symbol, or a combination of
    any or all of those things, that is used to identify the individual or to verify the identity of the
    individual’.
    Such identifiers include Medicare numbers, tax file numbers and driver licence numbers,
    among others.

    APP 10 — Quality of personal information


    An organisation must take reasonable steps to ensure the personal information it collects is
    accurate, up to date, complete and relevant.

    APP 11 — Security of personal information


    An organisation must take reasonable steps to protect the personal information it holds
    from interference, misuse, loss, unauthorised access, modification and disclosure. In certain
    circumstances the organisation may be required to destroy or de-identify the personal
    information it holds.

    APP 12 — Access to personal information


    If an organisation holds personal information about an individual, the organisation must
    provide the individual with access to that information when requested (in most situations).

    APP 13 — Correction of personal information


    Organisations must take reasonable steps to correct personal information it holds to ensure
    it is accurate, up to date, complete, relevant and not misleading. This can be either at the
    request of the individual or instigated by the entity.

    Page 2 of 2

    You might also like