Personal information is defined as ‘information or opinion that identifies or could reasonably identify an individual, whether it is true or not, and in material form or not’. For instance, a customer’s name, address, telephone number, date of birth, medical records, bank details and opinions would be classified as personal information.
It is prohibited that an APP collects sensitive information about an individual. However, some exceptions to this is if the individual consents or if it is required under an Australian Law or by a Court or Tribunal Order.
Sensitive information is defined as information or an opinion about an individual’s:
- Racial or ethnic origin;
- Political opinions;
- Membership of a political association;
- Religious beliefs or affiliations,
- Philosophical beliefs;
- Membership of a professional or trade association or trade union; and
- Membership of a trade.
- The type of personal information collected and stored;
- Method in which information collected and stored;
- The purposes for collecting, storing and using information;
- How to access or correct personal information being held;
- Process of submitting a complaint in relation to a breach of the APPs and how it is handled; and
- Disclosure of personal information to third parties overseas detailing their location (if any).
- Identification of all procedures and functions in the business that collects, stores and uses personal information;
- Tailoring the policy to reflect operation of business and targeted audiences;
- Plain and simple language should be used so targeted audiences can clearly understand;
- Making it easily accessible to audiences, and provided in various forms; and
- Conducting regulating reviews of the policy to keep it relevant, particularly when practices of handling information changes.
 Privacy Act 1988 (Cth) sch 1, pt 1, s 1.1.
 Ibid s 6.
 Ibid sch 1, pt 1, s 3.3.
 Ibid sch 1, pt 1, s 3.3(a) and 3.4(a).
 Ibid s 6.
 Ibid s 6D(4).
 Privacy Act 1988 (Cth) sch 1, pt 1, s 1.4.
 Ibid sch 1, pt 1, s 1.3.