The Privacy Act:
From 12 March 2014 the Privacy Act includes 13 Australian Privacy Principles (APPs) that outline how APP entities (i.e. churches) must handle, use and manage personal information.
Personal information is information or an opinion that identifies or could reasonably identify an individual. Some examples include name, address, telephone number, date of birth, gender, medical records, bank account details, and commentary or opinion about a person.
Every church should have an up to date Privacy Policy that meets the APPs. Your Privacy Policy should be on your website (if you have one) and made available at no cost over email or hard copy on demand.
Australian Privacy Principles – A Summary:
APP 1: Open and transparent management of personal information
Ensures that the church manages personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.
APP 2: Anonymity and pseudonymity
Requires the church to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.
APP 3: Collection of solicited personal information
Outlines when the church can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.
APP 4: Dealing with unsolicited personal information
Outlines how the church must deal with unsolicited personal information.
APP 5: Notification of the collection of personal information
Outlines when and in what circumstances the church must notify an individual of certain matters relating to the collection of personal information.
APP 6: Use or disclosure of personal information
Outlines the circumstances in which the church may use or disclose personal information that it holds.
APP 7: Direct marketing
The church may only use or disclose personal information for direct marketing purposes if certain conditions are met.
APP 8: Cross-border disclosure of personal information
Outlines the steps the church must take to protect personal information before it is disclosed overseas.
APP 9: Adoption, use or disclosure of government related identifiers
Outlines the limited circumstances when a church may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.
APP 10: Quality of personal information
A church must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. A church must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
APP 11: Security of personal information
The church must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.
APP 12: Access to personal information
Outlines the church’s obligations when an individual requests to be given access to personal information held about them by the church. This includes a requirement to provide access unless a specific exception applies.
APP 13: Correction of personal information
Outlines the church’s obligations in relation to correcting the personal information it holds about individuals.
For more information on the Australian Privacy Principles:
Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
1300 363 992
Community Church of St Mark 