Lawpath Blog
What are the Australian Privacy Principles?

What are the Australian Privacy Principles?

Do you have a Privacy policy? Not sure what the Australian Privacy Principles are? Read on to learn about privacy in the Digital Age!

8th October 2019
Reading Time: 3 minutes

Privacy First

In the digital age, it is incredibly important for businesses to protect customers’ privacy. Scandals such as Facebook’s interactions with Cambridge Analytica and the Equifax credit disaster have highlighted the risks companies face with protecting consumers privacy. Most businesses include some form of privacy policy within their website to clarify how they use customer data. However, many people do not know what the legal basis for their privacy policy is. This article explores from an Australian context, some of the essential safeguards that ensure a customer’s privacy. 

Defining the Australian Privacy Principles

The primary legislation that governs privacy in Australia is the Privacy Act 1988 (Cth).The cornerstone of the Act is the Australian Privacy Principles (APP). These principles replaced the old National Privacy Principles in March 2014. It is important to note that the principles are mandatory for some organisations. Australian Government agencies and organisations with an annual turnover of more than $3 million have responsibilities under the Privacy Act, subject to some exceptions. However, all businesses should consider having a privacy policy as best practice.

Out of the 13 of APP’s, here are some of the most important:

Australian Privacy Principles 1 – Open and Transparent Management of Personal Information

APP 1 outlines the requirements for an APP entity to manage personal information openly and transparently. APP entities need to take specific steps to protect customers’ privacy. A critical aspect of this principle is 1.3. This principle suggests that an APP entity must have a clearly expressed and up to date policy (the APP privacy policy).

privacy policy should include the following information:

  • Collection of personal information;
  • Use of personal information;
  • Disclosure of personal information;
  • Rights and control of customers personal information;
  • Storage and security of personal information;
  • Website cookies and third party sites.

Therefore, APP entities have an affirmative obligation to enforce their privacy policy.

Australian Privacy Principles 2 – Anonymity and Pseudonymity

Furthermore, individuals must have the option of not identifying themselves or using a pseudonym when dealing with an APP entity concerning a particular matter. Anonymity ensures that an individual dealing with an APP entity has limited identification, and the entity does not collect personal information or identifiers. Companies with this obligation may provide individuals with the option of using a pseudonym. It is important to note that this provision is subject to some limitations. Exceptions can include where it is impractical for an organisation not to know the individual or where the court mandates it.

Australian Privacy Principles 5 — Notification of the collection of personal information

An APP entity that collects personal information about an individual must take reasonable steps to notify the individual of specific issues regarding their privacy. Matters can include, the fact and circumstances of collection, whether the collection is required or authorised by law and whether the entity is likely to disclose personal information to overseas recipients. An APP entity must take reasonable steps before or at the time of collection to notify the customer. For example, customer service providers follow this procedure when they inform the complainants about their privacy obligations at the start of a call. Therefore, telling customers about privacy collection is essential.

Australian Privacy Principle 7—direct marketing

Companies are often unaware of APP 7. APP 7 provides that an organisation must not use or disclose personal information it holds for the purpose of direct marketing unless an exception applies. Direct marketing is where a company discloses personal information like an email address for the purposes of marketing. Companies who use direct marketing must ensure they provide customers an opportunity to opt-out of the direct marketing services. Therefore, companies should always consider how they can protect a customer’s privacy when they are direct marketing.

Privacy Never sleeps

Privacy should always be at the forefront when you are dealing with customer’s personal information. Companies who neglect privacy not only endanger the customer but put their business reputation at risk. This article has only explored a select few of the Australian Privacy Principles. Consider visiting the OAIC website to learn about how the other principles affect your business. Therefore, in the digital age, companies need to consider how to protect their customers’ privacy best.  

!–Support banner!–>

Don’t know where to start? Contact us on 1800 529 728 to learn more about customising legal documents and obtaining a fixed-fee quote from Australia’s largest lawyer marketplace.

Joshua Cutrone

Josh is a Legal intern at Lawpath. He is a Commerce/Law student at Macquarie University. He has an interest in cyberlaw and blockchain technology.