Australia Privacy Principles

What are the Australian Privacy Principles (APPs)?

The Australian Privacy Principles (APPs), outlined in the Privacy Act 1988, are the cornerstone of privacy protection in Australia. They govern how organizations collect, use, disclose, and store personal information.

The Australian Privacy Principles (APPs) apply to most Australian government agencies and all private sector organizations with an annual turnover of $3 million or more. In some specific cases, they can also apply to other organizations.

Here’s a brief overview of all the APPs:

  • Open and transparent management, meaning that organizations must be transparent about their data practices and have readily available privacy policies.
  • Anonymity and pseudonymity, which means that Individuals should have the option to not identify themselves when dealing with an organization, where practicable.
  • Collection of solicited personal information, which means organizations can only collect information necessary for specified purposes and with consent.
  • Dealing with unsolicited personal information, which means respecting the guidelines for handling personal information received without direct solicitation.
  • Notification of the collection of personal information, which requires organizations to inform individuals about the collection of their information.
  • Use or disclosure of personal information, which means that information can only be used or disclosed for the purpose it was collected, with some exceptions.
  • Direct marketing principle, which allows individuals to opt out of direct marketing communications.
  • Cross-border disclosure of personal information, which means that overseas transfers of personal data are subject to specific requirements.
  • Adoption, use or disclosure of government identifiers, which restricts the use of government identifiers like tax file numbers.
  • Quality of personal information, which requires organizations to take reasonable steps to ensure their data is accurate, complete, and up-to-date.
  • Security of personal information, which requires appropriate security measures to be implemented to protect data from unauthorized access, use, or disclosure.
  • Access to personal information, which means that individuals have the right to access and correct their personal information held by organizations.
  • Correction of personal information, which means that organizations must take reasonable steps to correct inaccurate or incomplete information.

MergeBase and the Australia Privacy Principles


APPs do not apply to MergeBase for various reasons, most notably because it applies primarily to Australian government bodies and large companies.


How Can MergeBase Help You Comply with the Australia Privacy Principles


If the Australian Privacy Principles apply to you, we can help you comply with some of them. Most notably, you can use MergeBase to adhere to the data security principle, which requires organizations to implement appropriate measures to secure and protect data.

We can help with that by:

  • Continuous vulnerability monitoring — MergeBase proactively identifies vulnerabilities in open-source components used within applications, which often contain personal data. This helps organizations address security weaknesses promptly and mitigate potential data breaches.

  • Vulnerability prioritization — By categorizing vulnerabilities based on severity and exploitability, MergeBase enables organizations to prioritize remediation efforts, focusing on those posing the highest risk of personal data exposure.

  • Patch management integration — MergeBase reports can be integrated with patch management tools, facilitating faster patching of identified vulnerabilities and reducing the window of vulnerability for personal data.