Understanding the Australian Privacy Principles: The Cornerstone of Privacy Protection in Australia

Understanding the Australian Privacy Principles: The Cornerstone of Privacy Protection in Australia
Photo by Dan Freeman / Unsplash

In Australia, the protection of personal information is governed by the Privacy Act 1988 (Cth). The cornerstone of this legislation is the Australian Privacy Principles (APPs), which set out standards, rights, and obligations relating to the handling, holding, accessing, and correction of personal information.

What are the Australian Privacy Principles?

The APPs are a set of 13 principles that guide how businesses and government agencies must handle personal information. They cover the entire lifecycle of personal information, from the moment it is collected through to its use and disclosure, right through to secure disposal.

The APPs apply to Australian Government agencies, all private sector and not-for-profit organizations with an annual turnover of more than $3 million, all private health service providers, and some small businesses.

Key Provisions of the APPs

Here's a brief overview of each of the 13 Australian Privacy Principles:

  1. APP 1 — Open and transparent management of personal information: Entities must manage personal information in an open and transparent way. This includes having a clear and up-to-date privacy policy.
  2. APP 2 — Anonymity and pseudonymity: Individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with an entity in certain circumstances.
  3. APP 3 — Collection of solicited personal information: Outlines when an entity can collect personal information that is solicited. It applies higher standards to the collection of 'sensitive' information.
  4. APP 4 — Dealing with unsolicited personal information: If an entity receives personal information that it did not solicit, it must determine whether it could have lawfully collected that information as if it had been solicited. If not, it must destroy or de-identify that information.
  5. APP 5 — Notification of the collection of personal information: When an entity collects personal information about an individual, it must notify the individual or ensure the individual is aware of certain matters.
  6. APP 6 — Use or disclosure of personal information: Outlines the circumstances in which an entity may use or disclose personal information that it holds.
  7. APP 7 — Direct marketing: An organization may only use or disclose personal information for direct marketing purposes if certain conditions are met.
  8. APP 8 — Cross-border disclosure of personal information: Before an entity discloses personal information to an overseas recipient, it must take reasonable steps to ensure that the overseas recipient does not breach the APPs.
  9. APP 9 — Adoption, use or disclosure of government-related identifiers: An organization must not adopt a government-related identifier of an individual as its own identifier of an individual unless required or authorized by law or a court/tribunal order.
  10. APP 10 — Quality of personal information: An entity must take reasonable steps to ensure the personal information it collects is accurate, up-to-date and complete.
  11. APP 11 — Security of personal information: An entity must take reasonable steps to protect the personal information it holds from misuse, interference and loss, and from unauthorized access, modification or disclosure.
  12. APP 12 — Access to personal information: Outlines an entity’s obligations when an individual requests access to personal information held about them by the entity.
  13. APP 13 — Correction of personal information: An entity must take reasonable steps to correct personal information it holds about an individual if it is satisfied that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

Compliance with the APPs

Compliance with the APPs is mandatory for the entities they apply to. Non-compliance can lead to penalties, including fines. To ensure compliance, entities should regularly review and update their privacy policies and practices and ensure that all staff are trained in privacy management.


The Australian Privacy Principles are a comprehensive set of standards for handling personal information in Australia. They provide a robust framework for protecting individual privacy, while also allowing for the reasonable use of personal information in the course of business. Understanding and complying with the APPs is not just a legal obligation for many entities in Australia, but also a way of building trust with customers and the public.

Please note that this article is intended to provide a general overview of Australian Privacy Principles and does not constitute legal advice. For detailed guidance on compliance with the APPs, please consult with a legal expert in Australian privacy law.