The Australia Privacy Act of 1988 mandates compliance for businesses meeting certain criteria, including income threshold and personal information handling. It establishes 11 Information Privacy Principles (IPPs) governing the collection, use, and security of personal data, alongside a 13-principle compliance checklist for best practices. Key requirements include transparency, user consent, data protection measures, and processes for correcting personal information.

1. Australia
Privacy Act of 1988

2. If you do business in Australia you must follow this act
if you meet any one of the following requirements:
Have a gross income of AUD $3M or more,
Collect or disclose personal information in order to
provide a benefit, service or advantage,
Have a mobile app that requires email addresses for
account activations, or
Are a special organization that handles sensitive data

3. The Act includes 11 guidelines called the
Information Privacy Principles (IPPs) that
address how personal information is to
be handled by businesses.

4. 1. How and why personal information is collected
2. Solicitation of personal information from individuals
3. Solicitation of personal information in general
4. How personal information is stored and kept secure
5. Record handling
6. Accessing records
7. Altering and updating records
8. Duties of a record keeper to keep personal information accurate
9. Relevant reasons and purposes for needing personal information
10. Limitations on using collected personal information
11. Limitations on disclosing collected personal information
The 11 guidelines cover the following topics:

5. Here is a compliance checklist of 13
principles that should be followed in
order to stay compliant while doing
business in Australia.

6. 13 Principles
Compliance Checklist

7. 1 Be open and transparent
(1) Link to https://termsfeed.com/privacy-policy/generator/
You are required to include a Privacy Policy (1) that lets
your users know:
What information you collect,
How you collect it,
How you use it,
How users can correct it, and
Any possible overseas disclosures of it

8. 1

9. If you run an online service (website or mobile app),
you are required to provide this option unless it is
impractical for you.
You cannot require users to give you their real names
or email addresses in order to use your online service,
except under certain circumstances.
2 Provide an anonymous or pseudo-anonymous option

10. This principle addresses the collection and sharing of
information. Pay attention to collect only information
that’s necessary for the transaction.
However, there are circumstances where you can collect
information automatically. Then you need to get consent
from users before collecting any sensitive information.
3 Know how to handle personal information

11. 3

12. For situations in which security breach happens you
need an in-house process that deals with unsolicited
personal information.
You may be able to keep the data if it’s part of a public
record, but you may be required to destroy it or unlink
the individual’s identity from it in certain circumstances.
4 Design an unsolicited personal information policy

13. Let your users know about:
Privacy Policy updates
Changes to your disclosures and information
collection methods
Changes to how you use personal information
5 Notify and update your users

14. 5

15. You can only use and disclose personal information to
satisfy the primary purpose you have for collecting it.
Anything not connected to your business goals isn’t allowed.
6 Use and disclose personal information appropriately

16. 6

17. If you plan to use personal information for direct
marketing purposes, let users know this and have
them opt in to this.
You must also provide a way for users to opt out.
7 Get consent for direct marketing

18. 7

19. Let your users know that you take privacy seriously
and hold overseas entities you transfer information
to the same standards.
8 Disclose overseas information transfers

20. 8

21. The Australian Privacy Principles restrict the use of
government identifiers. While this rarely comes up, if
this is something that will affect your business you will
need to consider it.
9 Limit government related identifiers

22. Allow users to correct and update their personal information
as needed, or do so for them through a process where they
can contact you with update requests.
10 Keep personal information up to date and accurate

23. The Privacy by Design (2) trend plays an important role
with this Australian Privacy Principle.
Not only do you need to have clear policies regarding
personal information but you must take precautions
with it. Authentication of accounts is a common and
sufficient method of doing this.
11 Maintain security precautions
(2) Link to https://termsfeed.com/blog/privacy-design/

24. 11

25. You must honor requests by users to view what
personal information you have collected from
them. Some exceptions are made for government
secrets and protected documents.
12 Allow users access their own information

26. Have an in-house process for addressing mistakes and
inaccuracies in personal information you have collected.
If you share collected information with third parties, you
need to let them know of the data updates and corrections
you make so they can update their records as well.
13 Have a process in place for fixing errors

27. 13

28. Australia Privacy Act of 1988 Compliance Best Practices
Assess what information you actually need
Use simple language
When in doubt, secure consent
Set up in-house information assessment systems
Carefully choose business partners you disclose
information to
Prominently display contact information
Conduct data security audits