23 August 2013

APPs Consultation

The Office of the Australian Information Commissioner (OAIC) is seeking comment on first tranche of draft guidelines regarding the Australian Privacy Principles (APP), ie the unified privacy principles in the amended Privacy Act 1988 (Cth).

The guidelines are not a legislative instrument. They instead outline how the Information Commissioner interprets and applies the APPs when exercising functions and powers under the Privacy Act relating to the APPs.

The draft Introduction to the guidelines states that
The APPs are the cornerstone of the privacy protection framework in the Privacy Act.
The APPs set out standards, rights and obligations in relation to handling, holding, accessing and correcting personal information. They apply to most Australian and Norfolk Island Government agencies and some private sector organisations – collectively referred to as APP entities (see paragraphs A.7 – A.9).
The APPs are principles-based law. This provides APP entities with the flexibility to tailor their personal information handling practices to their diverse needs and business models, and to the diverse needs of individuals. They are also technology neutral, applying equally to paper based and digital environments. This is intended to preserve their relevance and applicability, in a context of continually changing and emerging technology.
The APPs are structured to reflect the personal information lifecycle. They are grouped into five parts:
Part 1 – Consideration of personal information privacy (APPs 1 and 2).
Part 2 – Collection of personal information (APPs 3, 4 and 5).
Part 3 – Dealing with personal information (APPs 6, 7, 8 and 9).
Part 4 – Integrity of personal information (APP 10, APP 11).
Part 5 – Access to, and correction of, personal information (APP 12, APP 13)
In developing the APP guidelines, the Information Commissioner has had regard to the objects in s 2A of the Privacy Act, which are:
  • promoting the protection of the privacy of individuals  
  • recognising that the protection of the privacy of individuals is balanced with the interests of entities in carrying out their functions or activities 
  • providing the basis for nationally consistent regulation of privacy and the handling of personal information
  • promoting responsible and transparent handling of personal information by entities 
  • facilitating an efficient credit reporting system while ensuring that the privacy of individuals is respected 
  • facilitating the free flow of information across national borders while ensuring that the privacy of individuals is respected 
  • providing a means for individuals to complain about an alleged interference with their privacy, and 
  • implementing Australia’s international obligation in relation to privacy.