APP guidelines update

Following the first year of operation of  new privacy laws, the Office of the Australian Information Commissioner (OAIC) has issued updates to the Australian Privacy Principle (APP) guidelines.

The APP guidelines are the primary guidance for entities in how to interpret and comply with the APPs.

The Australian Privacy Principles came into force on 12 March last year and significantly raised the bar on how businesses and federal government agencies collect, store and handle individuals’ personal information. The privacy regulator is able to levy penalties of up to $1.7 million or impose enforceable undertakings on organisations that breach the principles.

Changes have been made to four chapters, clarifying some aspects of the guidance and responding to issues such as the introduction of separate privacy legislation in the ACT. Some of the main changes are:

  • Chapter A: to explain that the APP guidelines may provide relevant guidance to Australian Capital Territory public sector agencies covered by the ACT Information Privacy Act 2014.
  • Chapter B: to clarify and expand upon guidance about “carries on business in Australia”, a component of the test for whether an APP entity has an “Australian link”.
  • Chapter 8: to clarify guidance about the circumstances where an APP entity may be taken to breach the APPs, when it provides personal information to an overseas contractor as a “use”, and the information is mishandled overseas; and to expand guidance about the circumstances in which the “international agreement” exception in APP 8.2(e) applies.
  • Chapter 11: to update guidance about “reasonable steps” and examples for consistency with the OAIC’s Guide to Securing Personal Information

The APP guidelines outline the mandatory requirements in the APPs, the Australian information commissioner’s interpretation of the APPs and examples of how the APPs may apply to particular circumstances, as well as good privacy practice. 

The updated guidelines can be found here.

The Australian Institute of Company Directors has published a book, Privacy Governance: A Guide to Privacy Risk and Governance for Directors and Boards, to help directors comply with the Australian Privacy Principles. Go to our online bookstore to purchase the print or electronic version.