Australian Privacy Principles
The 13 legally binding principles under the Privacy Act 1988 that govern how organisations collect, use, disclose and protect personal information.
In detail
The Australian Privacy Principles (APPs) are set out in Schedule 1 of the Privacy Act 1988 and form the core obligations for APP entities (most businesses with annual turnover above $3 million, plus health service providers and others regardless of size). The 13 principles cover: open and transparent management of personal information, anonymity and pseudonymity, collection of solicited personal information, dealing with unsolicited personal information, notification of collection, use and disclosure, direct marketing, cross-border disclosure, adoption of government identifiers, data quality, data security, access to personal information, and correction. Each principle is enforceable by the OAIC. Substantial penalties apply for serious or repeated breaches.
Why it matters for Australian business
Every AI system in an Australian business that touches personal information is subject to one or more APPs. Common trigger points are collection via forms or chatbots (APP 3, 5), using personal data to train or fine-tune a model (APP 6), sending data offshore to a US API provider (APP 8), and retaining data beyond its useful life (APP 11). We map AI deployments against the APPs as part of every Privacy Advisory and AI Readiness Audit engagement.