The Office of the Australian Information Commissioner (OAIC) has issued updates to the Australian Privacy Principle (APP) guidelines. The APP guidelines were released in February 2014 ahead of the commencement of privacy law reform, and are the primary guidance for entities in how to interpret and comply with the APPs. These updates have been made following feedback from stakeholders throughout the first year of the new privacy laws.
Changes have been made to four chapters, clarifying some aspects of the guidance and responding to issues such as the introduction of separate privacy legislation in the ACT. Some of the main changes are:
- Chapter A: to explain that the APP guidelines may provide relevant guidance to Australian Capital Territory public sector agencies covered by the ACT Information Privacy Act 2014
- Chapter B: to clarify and expand upon guidance about ‘carries on business in Australia’, a component of the test for whether an APP entity has an ‘Australian link’
- Chapter 8: to clarify guidance about the circumstances where an APP entity may be taken to breach the APPs, when it provides personal information to an overseas contractor as a ‘use’, and the information is mishandled overseas; and to expand guidance about the circumstances in which the ‘international agreement’ exception in APP 8.2(e) applies
- Chapter 11: to update guidance about ‘reasonable steps’ and examples for consistency with the OAIC’s Guide to securing personal information (2015).
The APP guidelines outline the mandatory requirements in the APPs, the Australian Information Commissioner’s interpretation of the APPs and examples of how the APPs may apply to particular circumstances, as well as good privacy practice.
A summary of the changes and a link to previous versions of these Chapters of the guidelines is available on the APP guidelines pageof our website.
SOURCE: Office of the Australian Information Commissioner’s Office