Privacy Act 1988

SCHEDULE 1 - AUSTRALIAN PRIVACY PRINCIPLES  

Note: See section 14 .


Overview of the Australian Privacy Principles

Overview

This Schedule sets out the Australian Privacy Principles.

Part 1 sets out principles that require APP entities to consider the privacy of personal information, including ensuring that APP entities manage personal information in an open and transparent way.

Part 2 sets out principles that deal with the collection of personal information including unsolicited personal information.

Part 3 sets out principles about how APP entities deal with personal information and government related identifiers. The Part includes principles about the use and disclosure of personal information and those identifiers.

Part 4 sets out principles about the integrity of personal information. The Part includes principles about the quality and security of personal information.

Part 5 sets out principles that deal with requests for access to, and the correction of, personal information.

Australian Privacy Principles

The Australian Privacy Principles are:

  • • Australian Privacy Principle 1 - open and transparent management of personal information
  • • Australian Privacy Principle 2 - anonymity and pseudonymity
  • • Australian Privacy Principle 3 - collection of solicited personal information
  • • Australian Privacy Principle 4 - dealing with unsolicited personal information
  • • Australian Privacy Principle 5 - notification of the collection of personal information
  • • Australian Privacy Principle 6 - use or disclosure of personal information
  • • Australian Privacy Principle 7 - direct marketing
  • • Australian Privacy Principle 8 - cross-border disclosure of personal information
  • • Australian Privacy Principle 9 - adoption, use or disclosure of government related identifiers
  • • Australian Privacy Principle 10 - quality of personal information
  • • Australian Privacy Principle 11 - security of personal information
  • • Australian Privacy Principle 12 - access to personal information
  • • Australian Privacy Principle 13 - correction of personal information
  • PART 3 - DEALING WITH PERSONAL INFORMATION  

    6   Australian Privacy Principle 6 - use or disclosure of personal information  


    Use or disclosure

    6.1    
    If an APP entity holds personal information about an individual that was collected for a particular purpose (the primary purpose ), the entity must not use or disclose the information for another purpose (the secondary purpose ) unless:


    (a) the individual has consented to the use or disclosure of the information; or


    (b) subclause 6.2 or 6.3 applies in relation to the use or disclosure of the information.

    Note:

    Australian Privacy Principle 8 sets out requirements for the disclosure of personal information to a person who is not in Australia or an external Territory.


    6.2    
    This subclause applies in relation to the use or disclosure of personal information about an individual if:


    (a) the individual would reasonably expect the APP entity to use or disclose the information for the secondary purpose and the secondary purpose is:


    (i) if the information is sensitive information - directly related to the primary purpose; or

    (ii) if the information is not sensitive information - related to the primary purpose; or


    (b) the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or


    (c) a permitted general situation exists in relation to the use or disclosure of the information by the APP entity; or


    (d) the APP entity is an organisation and a permitted health situation exists in relation to the use or disclosure of the information by the entity; or


    (e) the APP entity reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

    Note:

    For permitted general situation , see section 16A . For permitted health situation , see section 16B .


    6.3    
    This subclause applies in relation to the disclosure of personal information about an individual by an APP entity that is an agency if:


    (a) the agency is not an enforcement body; and


    (b) the information is biometric information or biometric templates; and


    (c) the recipient of the information is an enforcement body; and


    (d) the disclosure is conducted in accordance with the guidelines made by the Commissioner for the purposes of this paragraph.

    6.4    
    If:


    (a) the APP entity is an organisation; and


    (b) subsection 16B(2) applied in relation to the collection of the personal information by the entity;

    the entity must take such steps as are reasonable in the circumstances to ensure that the information is de-identified before the entity discloses it in accordance with subclause 6.1 or 6.2.



    Written note of use or disclosure

    6.5    
    If an APP entity uses or discloses personal information in accordance with paragraph 6.2(e), the entity must make a written note of the use or disclosure.

    Related bodies corporate

    6.6    
    If:


    (a) an APP entity is a body corporate; and


    (b) the entity collects personal information from a related body corporate;

    this principle applies as if the entity ' s primary purpose for the collection of the information were the primary purpose for which the related body corporate collected the information.



    Exceptions

    6.7    
    This principle does not apply to the use or disclosure by an organisation of:


    (a) personal information for the purpose of direct marketing; or


    (b) government related identifiers.




    This information is provided by CCH Australia Limited Link opens in new window. View the disclaimer and notice of copyright.