APP Guidelines updated

The Office of the Australian Information Commissioner (OAIC) has issued updates to the Australian Privacy Principle (APP) guidelines.

Changes have been made to four chapters, clarifying some aspects of the guidance in response to feedback since commencement of the Australian Privacy Principles.

Some of the main changes are:

  • Chapter B:
    •Clarified the circumstances in which small business operators are treated as organisations and therefore APP entities ([B.7])
    •Revised and expanded discussion about ‘carries on business in Australia’, a component of the test for whether an APP entity has an ‘Australian link’ ([B.13–B.21]). The two elements – ‘carries on business’ and ‘in Australia’ – are connected but are discussed separately.
  • Chapter 8:
    •Revised discussion of the circumstances where an APP entity may be taken to breach the APPs: Where the provision of personal information to an overseas contractor is a use, an APP entity may breach the APPs if the information is mishandled while in the overseas contractor’s physical possession. This is because the APP entity is considered to still ‘hold’ the information (as it has effective control of the information), and a number of APPs apply to an entity that ‘holds’ personal information (‘holds’ is discussed in Chapter B(Key Concepts)). ([8.15])
  • Chapter 11:
    Consolidation and amendment of discussion, about relevant considerations in taking ‘reasonable steps’, for consistency with OAIC Guide to securing personal information (2015) ([11.7]–[11.10])
 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.