 |
Information Sheet 2: National Privacy Principles (NPPs)Summary only: not the full version of the NPPs (click here for full NPPs)This is an old information sheet which expired on 17/9/2001 and has been superseded by the release of new information sheets 18/9/2001.
NPP 1 CollectionCollection of personal information must be fair, lawful and not intrusive. A person must be told the organisations name, the purpose of collection, that the person can get access to their personal information and what happens if the person does not give the information. NPP 2 Use & DisclosureAn organisation should only use or disclose information for the purpose it was collected unless the person has consented, or the secondary purpose is related to the primary purpose and a person would reasonably expect such use or disclosure, or the use is for direct marketing in specified circumstances, or in circumstances related to public interest such as law enforcement and public or individual health and safety. NPP 3 Data QualityAn organisation must take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to date. NPP 4 Data SecurityAn organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access modification or disclosure. NPP 5 OpennessAn organisation must have a policy document outlining its information handling practices and make this available to anyone who asks. NPP 6 Access & CorrectionGenerally speaking, an organisation must give an individual access to personal information it holds about that individual on request. NPP 7 IdentifiersGenerally speaking an organisation must not adopt, use or disclose, an identifier that has been assigned by a Commonwealth government agency. NPP 8 AnonymityOrganisations must give people the option to interact anonymously whenever it is lawful and practicable to do. NPP 9 Transborder Data FlowsAn organisation can only transfer personal information to a recipient in a foreign country in circumstances where the information will have appropriate protection. NPP 10 Sensitive InformationAn organisation must not collect sensitive information unless the individual has consented, it is required by law or in other special specified circumstances, for example, relating to health services provision and individual or public health or safety). For further information please contactPrivacy Commissioner Privacy Hotline: 1300 363 992 E-mail: privacy@privacy.gov.au |