The IT Law Wiki

This wiki's URL has been migrated to the primary domain.Read more here


The IT Law Wiki


The Australian Privacy Principles (APPs) regulate the handling of personal information by Australian government agencies and some private sector organisations.[1] The 13 APPs are contained in schedule 1 of the Privacy Act 1988, as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012.

The APPs cover the collection, use, disclosure and storage of personal information. They allow individuals to access their personal information and have it corrected if it is incorrect. There are also separate APPs that deal with the use and disclosure of personal information for the purpose of direct marketing (APP 7), cross-border disclosure of personal information (APP 8) and the adoption, use and disclosure of government related identifiers (APP 9).

The APPs generally apply to Australian and Norfolk Island government agencies and also to private sector organisations with an annual turnover of $3 million or more. These entities are known as "APP entities." In addition, the APPs apply to some private sector organisations with an annual turnover of less than $3 million, such as health service providers.

The Australian Privacy Principles . . . apply in the current context of data and information management, and they continue to apply in the context of big data. Considerations include:


  1. The APPs, which came into force on 12 March 2014, replaced the Information Privacy Principles (IPPs) that previously applied to Australian and Norfolk Island Government agencies and the National Privacy Principles (NPPs) that previously applied to private sector organisations. The IPPs continue to apply to ACT Government agencies.
  2. Australian Public Service Better Practice Guide for Big Data, at 19.

External resources