In continuation to the series on the Australian Privacy Principles, we shall be reviewing Australian Privacy Principles 6-9.
Australian Privacy Principle 6- Use or disclosure of personal information
APP 6 provides for the rules that are to be followed in case of disclosure of personal information by an entity.
Firstly, the APP entity must only disclose the personal information collected from an individual if it is related to the original purpose for collecting the information or if the individual has consented to the disclosure of the personal information.
Secondly, personal information can be disclosed in the following situations:
- The personal information that is to be revealed is sensitive but related to the original purpose.
- The information is required by an Australian enforcement body
- There is a national or emergency health situation prevalent in the country for which the information is needed
Thirdly, personal information collected by an agency can be revealed when-
- The information is of a biometric nature and
- The agency is not an enforcement body and
- The recipient of the information is not an enforcement body and
- The disclosure is in accordance with the guidelines prescribed by the Commissioner
Fourthly, if the entity is an organisation then personal information can be disclosed only after de-identifying it.
Lastly, if personal information is collected from a body corporate then the primary purpose for the collecting and the receiving corporations must match.
It must be noted that when information is revealed for any enforcement related activity, a written note about the disclosure must be made by the disclosing entity.
Exception:
An exception to this principle would be disclosure of information to direct marketers and government related identifiers.
Australian Privacy Principle 7- Direct Marketing
APP 7 gives a detailed overview about disclosure and non-disclosure of personal information for direct marketing purposes. The main point to be emphasised is that personal information collected by an organisation cannot be disclosed unless the individual consents to it. APP 7 also gives powers to the individual whose information has been disclosed to revoke the permission or simply, to unsubscribe from the direct marketers system.
Australian Privacy Principle 8- Cross-border disclosure of personal information
In order to ensure that there is no threat to the personal information of an individual when it is disclosed overseas, APP 8 lists various provisions to safeguard the transfer. It is very essential that the overseas recipient does not breach the Australian Privacy Principles and the transfer is effectuated keeping in mind that it is solely due to the requirements of the law or a binding agreement.
Australian Privacy Principle 9- Adoption, use or disclosure of government related identifiers
In Australia, a government related identifier is a combination of numbers, letters, symbols or an amalgamation of all assigned by the government in order to identify the individual. APP 9 prescribes that no entity shall make use of a government related identifier as its own identifier to identify an individual unless authorised by law or as mandated by an enforcement body or a State or Territory authority.
However, an organisation can use, adopt or disclose a government related identifier if the identifier or the organisation are prescribed by the regulations and the adoption, use or disclosure is as per the regulations.
Reference: