principle 1 - collection
• Only collect personal information that is necessary for your functions or activities.
• Use fair and lawful ways to collect personal information.
• Collect personal information directly from an individual if it is reasonable and practicable to do so
At the time you collect personal information or as soon as practicable afterwards, take reasonable steps to make an individual aware of: why you are collecting information about them; who else you might give it to; and other specified matters.
• Take reasonable steps to ensure the individual is aware of this information even if you have collected it from someone else.
principle 2 - use and disclosure:
• Only use or disclose personal information for the primary purpose of collection unless one of the exceptions in NPP 2.1 applies (for example, for a related secondary purpose within the individual's reasonable expectations, you have consent or there are specified law enforcement or public health and public safety circumstances). If the information is sensitive the uses or disclosures allowed are more limited. A secondary purpose within reasonable expectations must be directly related.
principle 3- data quality
• Take reasonable steps to ensure the personal information you collect, use or disclose is accurate, complete and up-to-date. This may require you to correct the information .
principle 4- data security
• Take reasonable steps to protect the personal information you hold from misuse and loss and from unauthorised access, modification or disclosure.
• Take reasonable steps to destroy or permanently de-identify personal information if you no longer need it for any purpose for which you may use or disclose the information.
principle 5-openness
• Have a short document that sets out clearly expressed policies on the way you manage personal information and make it available to anyone who asks for it.
principle 6- access and correction
• If an individual asks, take reasonable steps to let them know, generally, what sort of personal information you hold, what purposes you hold it for and how you collect, use and disclose that information
• If an individual asks, you must give access to the personal information you hold about them unless particular circumstances apply that allow you to limit the extent to which you give access - these include emergency situations, specified business imperatives and law enforcement or other public interests.
principle 7 - identifiers
• Only adopt, use or disclose a Commonwealth Government identifier if particular circumstances apply that would allow you to do so.
principle 8 - anonymity
• If it is lawful and practicable to do so, give people the option of interacting anonymously with you.
principle 9 - trans-border data flows
• Only transfer personal information overseas if you have checked that you meet the requirements
of NPP 9.
principle 10 - sensitive information
• Get consent to collect sensitive information unless specified exemptions apply.
Government Privacy Information web site