Privacy Guidelines | Community Clubs Victoria
Categories

Privacy Guidelines

You are here:
< All Topics

The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act) made changes to the Privacy Act 1988 (Privacy Act) which commenced on 12 March 2014. The Privacy Regulation 2013, made under the Privacy Act, also commenced on 12 March 2014.

The Australian Privacy Principles (APPs) regulate the handling of personal information by Australian government agencies and some private sector organisations.

The APPs cover the collection, use, disclosure and storage of personal information. They allow individuals to access their personal information and have it corrected if it is incorrect. There are also separate APPs that deal with the use and disclosure of personal information for the purpose of direct marketing (APP 7), cross-border disclosure of personal information (APP 8) and the adoption, use and disclosure of government related identifiers (APP 9).

The APPs generally apply to Australian government agencies and also to private sector organisations with an annual turnover of $3 million or more. These entities are known as ‘APP entities’. In addition, the APPs will apply to some private sector organisations with an annual turnover of less than $3 million, such as health service providers.

For a summary of the APPs, see the APP quick reference tool. For more detail, see the full text of the APPs . Additional information on complying with the APPs can be found in the APP guidelines.

Who has responsibilities under the Privacy Act?

Most Australian Government agencies and some private sector organisations have responsibilities under the Privacy Act. The types of private sector organisations that are covered by the Privacy Act include:

Your club may need to comply with the Privacy Act. If you are not sure if you need to comply, CCV suggests you seek legal advice.

Not-For-Profit Law have developed a Privacy Guide that may assist clubs better understand how privacy issues should be handled.

Australian Privacy Principles — a summary for APP entities

The 13 Australian Privacy Principles are:

APP 1 — Open and transparent management of personal information

Ensures that APP entities manage personal information in an open andtransparent way. This includes having a clearly expressed and up to date APP privacy policy.

APP 2 — Anonymity and pseudonymity

Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.

APP 3 — Collection of solicited personal information

Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.

APP 4 — Dealing with unsolicited personal information

Outlines how APP entities must deal with unsolicited personal information.

APP 5 — Notification of the collection of personal information

Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.

APP 6 — Use or disclosure of personal information

Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.

APP 7 — Direct marketing

An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.

APP 8 — Cross-border disclosure of personal information

Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.

APP 9 — Adoption, use or disclosure of government related identifiers

Outlines the limited circumstances when an organisation may adopt agovernment related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.

APP 10 — Quality of personal information

An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose ofthe use or disclosure.

APP 11 — Security of personal information

An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access,modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.

APP 12 — Access to personal information

Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.

APP 13 — Correction of personal information

Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.

Table of Contents