Document Details

Document Id	app_quick_reference_tool.pdf
Document Title	APP Quick Reference Tool
Reference	https://drive.google.com/uc?export=download&id=1SZ3dQEPRKfKXIhIgTkj8FgHUkKchQKSY
Publisher	Not specified
Categorization	Human Resource Management HR Compliance & Legal Management
Document Source	2956 characters in 0 pages. (pdf)
Tags	Australian Privacy Principles, personal information, privacy policy, data protection, APP entities

The document outlines the Australian Privacy Principles (APPs), which are designed to protect personal information managed by APP entities. It serves as a guide for organizations to ensure compliance with privacy laws, emphasizing transparency, individual rights, and data security. Key principles include the management of personal information, the option for anonymity, the collection and handling of solicited and unsolicited information, and the obligations for notifying individuals about data collection. The document also addresses the use of personal information for direct marketing, cross-border disclosures, and the importance of maintaining data quality and security. It is intended for organizations that handle personal data, providing them with a framework to uphold privacy standards. The source of the document is the Office of the Australian Information Commissioner (OAIC).

The Australian Privacy Principles (APPs) are a set of guidelines established to protect personal information handled by APP entities, ensuring that individuals' privacy rights are respected and upheld. The principles are designed to promote transparency, accountability, and security in the management of personal data. **APP 01: Open and Transparent Management of Personal Information** mandates that entities manage personal information openly, requiring a clear and current privacy policy. This principle emphasizes the importance of transparency in how personal data is handled, allowing individuals to understand their rights and the entity's practices. **APP 02: Anonymity and Pseudonymity** provides individuals the option to remain anonymous or use a pseudonym when interacting with APP entities, with certain exceptions. This principle is crucial for protecting individuals' identities in various transactions. **APP 03: Collection of Solicited Personal Information** outlines the conditions under which entities can collect personal information that is solicited, particularly emphasizing higher standards for sensitive information. This principle ensures that sensitive data is collected with care and consent. **APP 04: Dealing with Unsolicited Personal Information** specifies how entities should handle personal information that is not solicited, ensuring that such data is managed appropriately. **APP 05: Notification of the Collection of Personal Information** requires entities to inform individuals about the collection of their personal data, detailing the circumstances under which this notification is necessary. This principle reinforces the need for informed consent. **APP 06: Use or Disclosure of Personal Information** outlines the conditions under which personal information can be used or disclosed, ensuring that such actions are justified and lawful. **APP 07: Direct Marketing** restricts the use of personal information for marketing purposes, allowing it only under specific conditions to protect individuals from unsolicited communications. **APP 08: Cross-Border Disclosure of Personal Information** sets out the steps entities must take to safeguard personal information before it is disclosed internationally, ensuring that data remains protected regardless of location. **APP 09: Adoption, Use or Disclosure of Government-Related Identifiers** limits the circumstances under which organizations can use government identifiers, preventing misuse of such sensitive information. **APP 10: Quality of Personal Information** requires entities to take reasonable steps to ensure that the personal information they collect and use is accurate, up-to-date, and relevant, thereby enhancing data integrity. **APP 11: Security of Personal Information** mandates that entities implement reasonable measures to protect personal data from unauthorized access, loss, or misuse, including obligations to destroy or de-identify data when necessary. **APP 12: Access to Personal Information** outlines the obligations of entities when individuals request access to their personal information, ensuring that access is granted unless specific exceptions apply. **APP 13: Correction of Personal Information** details the responsibilities of entities in correcting personal information to maintain accuracy and relevance. Overall, the APPs provide a comprehensive framework for organizations to manage personal information responsibly, ensuring compliance with privacy laws and fostering trust with individuals. The guidelines are published by the Office of the Australian Information Commissioner (OAIC) and serve as a critical resource for entities handling personal data.

Original content extracted from the source document.

Australian Privacy Principles

A summary for APP entities.

APP 01 Open and transparent management of personal information

Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.

APP 02 Anonymity and pseudonymity

Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.

APP 03 Collection of solicited personal information

Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of 'sensitive' information.

APP 04 Dealing with unsolicited personal information

Outlines how APP entities must deal with unsolicited personal information.

APP 05 Notification of the collection of personal information

Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.

APP 06 Use or disclosure of personal information

Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.

APP 07 Direct marketing

An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.

APP 08 Cross-border disclosure of personal information

Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.

APP 09 Adoption, use or disclosure of government related identifiers

Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.

APP 10 Quality of personal information

An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.

APP 11 Security of personal information

An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.

APP 12 Access to personal information

Outlines an APP entity's obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.

APP 13 Correction of personal information

Outlines an APP entity's obligations in relation to correcting the personal information it holds about individuals.

www.oaic.gov.au

Chunk 0 from Page 1 ()

A summary for APP entities.

Chunk 1 from Page 1 (APP 01 Open and transparent management of personal information)

Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.

Chunk 2 from Page 1 (APP 02 Anonymity and pseudonymity)

Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.

Chunk 3 from Page 1 (APP 03 Collection of solicited personal information)

Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of 'sensitive' information.

Chunk 4 from Page 1 (APP 04 Dealing with unsolicited personal information)

Outlines how APP entities must deal with unsolicited personal information.

Chunk 5 from Page 1 (APP 05 Notification of the collection of personal information)

Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.

Chunk 6 from Page 1 (APP 06 Use or disclosure of personal information)

Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.

Chunk 7 from Page 1 (APP 07 Direct marketing)

An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.

Chunk 8 from Page 1 (APP 08 Cross-border disclosure of personal information)

Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.

Chunk 9 from Page 1 (APP 09 Adoption, use or disclosure of government related identifiers)

Chunk 10 from Page 1 (APP 10 Quality of personal information)