The Privacy Act 1988 and the Australian Privacy Principles (APPs), which are contained in schedule 1 of the Privacy Act, cover the way in which personal information must be handled, used and managed. It covers:
- most Australian and Norfolk Island Government agencies,
- all private sector and not-for-profit organisations with an annual turnover of more than $3 million,
- all private health service providers and
- some small businesses (collectively called ‘APP entities’)
The APPs cover market and social research organisations of any size if they handle personal information.
The Office of the Australian Information Commissioner (OAIC) has many resources to assist in the implementation of the APPs and other relevant matters:
The Privacy Act 1988 and Australian Privacy Principles
These guides provide detailed advice and guidance on the application of the Privacy Act 1988 for agencies and organisations:
De-identification of personal information
The OAIC gives information on de-identification and the Privacy Act:
Notifiable Data Breaches Scheme
Information on the Notifiable Data Breaches Scheme (NDBR):
Privacy (Market and Social Research) Code 2014
The Association of Market & Social Research Organisations’ (AMSRO) developed a Privacy (Market and Social Research) Code following updates to the Privacy Act in 2014.
The Privacy Code is a guide to how the APPs are to be applied when conducting research. It also covers some additional requirements for researchers, reflecting The Research Society Code of Professional Behaviour. It is available on the OAIC website:
Privacy tool kit
The Research Society provides access to a privacy tool kit, including templates designed to help organisations meet their obligations under the privacy legislation. They include:
- Data collection Statement and Checklist
- Data Breach template.
The Research Society also offers an ISO20252:2019 Toolkit and HR and IT Policy bundles. You can find information about these resources here.