AUSTRALIAN PRIVACY PRINCIPLES IMPACT ASSESSMENT
Align with the new Australian Privacy Principles to avoid privacy breaches, massive financial consequences and reputation destruction.
What are the Australian Privacy Principles?
The Australian Privacy Principles (or APPs) are the cornerstone of the privacy protection framework in the Privacy Act 1988 (Privacy Act). The Australian Privacy Principles are principles-based law, which means that organisations and agencies have the flexibility to tailor the way they handle their personal information to their business models and customer needs.
The principles are also designed to be adaptable to changing technologies. Breaching Australian Privacy Principles is considered to be an ‘interference in the privacy of an individual’ and can lead to regulatory action and penalties.
There are 13 Australia Privacy Principles and they govern standards, rights and obligations around:
- the collection, use and disclosure of personal information
- an organisation or agency’s governance and accountability
- integrity and correction of personal information
- the rights of individuals to access their personal information
APP's Principles Explained
Principle |
Title |
Purpose |
APP 1 |
Open and transparent management of personal information |
Ensures that personal information is handled in a transparent manner. This includes having a clearly expressed privacy policy. |
APP 2 |
Anonymity and pseudonymity |
Organisations should give individuals the option to remain anonymous. |
APP 3 |
Collection of solicited personal information |
Outlines when organisations are entitled to collecting solicited personal information. |
APP 4 |
Dealing with unsolicited personal information |
Outlines how organisations should deal with unsolicited personal information |
APP 5 |
Notification of the collection of personal information |
Outlines in which kind of scenarios organisations are required to notify individuals that their personal information has been collected |
APP 6 |
Use or disclosure of personal information |
Outlines the circumstances in which an organisation may use or disclose personal information that it holds. |
APP 7 |
Direct Marketing |
An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met. |
APP 8 |
Cross-border disclosure of personal information |
Outlines the steps an organisation must take to protect personal information before it is disclosed overseas. |
APP 9 |
Adoption, use or disclosure of government related identifiers |
Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual. |
APP 10 |
Quality of personal information |
An organisation must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. It must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure. |
APP 11 |
Security of personal information |
An organisation must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. It also has obligations to destroy or de-identify personal information in certain circumstances. |
APP 12 |
Access to personal information |
Outlines an organisation’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies. |
APP 13 |
Correction of personal information |
Outlines an organisation’s obligations in relation to correcting the personal information it holds about individuals. |
How We Do It
The Australian Privacy Principles require businesses and Australian Government agencies to be more transparent about how they handle personal information, including a clearly expressed and up-to-date privacy policy (that is implemented) about the way they handle personal information.
The StickmanCyber team can help you take proactive action by way of a full assessment of the Australian Privacy Principles (APPs) and uncover what is applicable and not-applicable to your organisation. And how best you can address and align to the principles.
We follow a standard 5-step process to audit your current systems and processes, and then work towards compliance with Australian Privacy Principles.
Resources
Arm yourself with up-to-date information and insights into building a successful cybersecurity strategy, with blogs and webinars from the StickmanCyber team, and industry experts.
Cybersecurity 101 for Leaders
Cybersecurity is increasing globally and no one is immune, but the conversation can be highly technical and confusing for many. As the nature of cyber threats continues to evolve in frequency, complexity and scale, it's more important than ever that leaders have a solid understanding of the problems they might face, the common IT terminologies used, and the best ways to approach IT security conversations with colleagues and business leaders.
Ready to Improve and Enhance Your Cybersecurity Posture?
Know your exact challenge and want a solution partner? Just starting out on the cybersecurity journey? The StickmanCyber team can help.