APP Principles

Question 1

Q: What is the focus of APP 1?

Answer 1

A: Open and transparent management of personal information (requires entities to have a clear privacy policy and practices to comply with the APPs).

Question 2

Q: What does APP 2 provide for individuals?

Answer 2

A: The option of anonymity or pseudonymity when dealing with APP entities, unless impracticable or required by law.

Question 3

Q: What does APP 3 regulate?

Answer 3

A: The collection of solicited personal information — it must be reasonably necessary for functions/activities, and sensitive information requires consent.

Question 4

Q: What does APP 4 deal with?

Answer 4

A: Unsolicited personal information — entities must assess whether they could have collected it under APP 3, and if not, must destroy or de-identify it (if lawful and reasonable).

Question 5

Q: What is required under APP 5?

Answer 5

A: Notification of collection — entities must inform individuals about collection details such as purpose, consequences, and possible overseas disclosure.

Question 6

Q: What is the main rule in APP 6?

Answer 6

A: Use or disclosure of personal information must be only for the primary purpose unless consent is given or an exception applies.

Question 7

Q: What does APP 7 cover?

Question 8

Q: What does APP 8 regulate?

Answer 8

A: Cross-border disclosure — entities must ensure overseas recipients handle personal information in line with the APPs before disclosure.

Question 9

Q: What does APP 9 restrict?

Answer 9

A: Adoption, use or disclosure of government-related identifiers — only allowed in limited circumstances.

Question 10

Q: What is the requirement of APP 10?

Answer 10

A: Quality of personal information — entities must take reasonable steps to ensure collected, used, or disclosed information is accurate, up to date, complete, and relevant.

Question 11

Q: What is required under APP 11?

Answer 11

A: Security of personal information — entities must protect it from misuse, interference, loss, and unauthorised access, and destroy/de-identify it when no longer needed.

Question 12

Q: What rights are given under APP 12?

Answer 12

A: Access to personal information — individuals can request access to their personal information, which must generally be granted unless an exception applies.

Question 13

Q: What does APP 13 require?

Answer 13

A: Correction of personal information — entities must correct inaccurate, out-of-date, incomplete, irrelevant, or misleading information, or attach a statement if correction is refused.