The Australian Privacy Principles (APPs) are the cornerstone of the privacy protection framework in the Privacy Act 1988, regulated by the OAIC. There are 13, covering how personal information is handled across its whole lifecycle.
The 13 APPs, grouped
- Governance (APP 1-2) - open and transparent management of personal information, and the option of anonymity or pseudonymity.
- Collection (APP 3-5) - collecting solicited personal information, dealing with unsolicited information, and notifying individuals when you collect.
- Use and disclosure (APP 6-9) - using and disclosing personal information, direct marketing, cross-border disclosure, and government-related identifiers.
- Integrity (APP 10-11) - keeping information accurate and up to date, and securing it against misuse, loss and unauthorised access.
- Access and correction (APP 12-13) - giving individuals access to their information and correcting it on request.
Notifiable Data Breaches readiness
Alongside the APPs, the Notifiable Data Breaches (NDB) scheme requires organisations covered by the Act to notify the OAIC and affected individuals about an eligible data breach that is likely to result in serious harm. Being ready means having a way to assess a breach quickly and a plan to notify - the checklist helps you confirm you have both.
Turn the checklist into a review
Cyber Compliance turns this into a working self-review: step through each APP, record your position and evidence, flag the gaps, and export a report for your privacy officer or board. It sits alongside your Essential Eight and ISO 27001 work so your whole compliance picture is in one place.
Frequently asked questions
How many Australian Privacy Principles are there?
There are 13 Australian Privacy Principles under the Privacy Act 1988, covering governance, collection, use and disclosure, integrity, and access and correction of personal information.
Is this legal advice?
No. The checklist is a structured self-review aid to help you prepare. It does not replace legal advice on your specific Privacy Act obligations.