APP Flashcards
(13 cards)
APP 1 - OPEN AND TRANSPARENT MANAGEMENT
OF PERSONAL INFORMATION
Personal information must be managed in an open and
transparent way.
This includes having a clearly expressed and up to date
privacy policy.
APP 2 - ANONYMITY AND PSEUDONYMITY
Individuals should have the option of not identifying
themselves or should have the ability to use a pseudonym
(not their actual name) instead.
APP 3 – COLLECTION OF SOLICITED PERSONAL
INFORMATION
Agencies and organisations can only solicit and collect
personal information that is reasonably necessary for one
or more functions/activities
APP 4 – DEALING WITH UNSOLICITED PERSONAL
INFORMATION
Unsolicited personal information – an agency/organisation
has not taken steps to collect personal information.
Most unsolicited personal information must be destroyed or
de-identified as soon as possible.
APP 5 – NOTIFICATION OF THE COLLECTION OF
PERSONAL INFORMATION
An organisation/agency that collects personal information
about an individual must take reasonable steps to notify
the individual that certain information has been collected.
APP 6 – USE OR DISCLOSURE OF PERSONAL
INFORMATION
Organisations/agencies can only use or disclose personal
information for the reason it was collected.
APP 7 – DIRECT MARKETING
An organisation must not use or disclose personal
information it holds for the purpose of direct marketing
unless an exception applies.
APP 8 – CROSS-BORDER DISCLOSURE OF
PERSONAL INFORMATION
Before an organisation discloses personal information to
an overseas recipient, they must take reasonable steps to
ensure that the overseas recipient does not breach the
APPs in relation to the information
APP 9 – ADOPTION, USE OR DISCLOSURE OF
GOVERNMENT IDENTIFIERS
The use of government-related identifiers is restricted.
An organisation should not use a government related
identifier as its own identifier of an individual unless an
exception applies.
APP 10 – QUALITY OF PERSONAL INFORMATION
Reasonable steps should be taken to ensure personal
information is accurate, up-to-date, and complete
APP 11 – SECURITY OF PERSONAL INFORMATION
An organisation must take reasonable steps to protect
personal information from misuse, interference, and loss.
They should also protect against unauthorised access,
modification, or disclosure.
APP 12 – ACCESS TO PERSONAL INFORMATION
If an organisation stores personal information, they must
give the individual access to their personal information if
requested.
APP 13 – CORRECTION OF PERSONAL
INFORMATION
Organisations should take reasonable steps to correct
personal information to ensure that it is accurate, up to
date, complete, relevant, and not misleading.
