sent overseas. It stipulates that, prior to disclosing personal information to an overseas recipient, the organisation must take reasonable steps to ensure the recipient does not breach APPs 2 to 13 in respect of that information. the recipient is subject to a law or binding scheme that has the effect of protecting the information in a substantially similar way to that of the APPs; and where the individual provides his or her consent for the disclosure, after the organisation expressly states the principle will not apply if that consent is given. offshore data storage or processing entities, or otherwise disclose personal information to overseas recipients as, under the new regime, unless an offshore entity is bound by Australian privacy laws, the Australian organisation will be liable for any breaches by the offshore entity. between the Australian organisation and offshore entity is terminated, however that termination is caused. of government-related identifiers APP 9 prohibits an organisation from adopting, using or disclosing a government- related identifier of an individual, unless an exception applies. Under APP 10, an organisation must take reasonable steps to ensure the personal information it collects is accurate, current and complete. personal information must be relevant, as well as accurate, current and complete, having regard to the purpose of the use or disclosure. APP 11 requires an organisation to take reasonable steps to protect the personal information which it holds from interference, as well as from misuse, loss, unauthorised access, modification and disclosure as required by the current principles. destroy or de-identify personal information if the organisation no longer needs it for any authorised purpose. is contained in a Commonwealth record, or where the organisation is required to retain the information by or under an Australian law or order by an Australian court or tribunal. APP 12 requires an organisation to give an individual access to personal information the organisation holds about that individual, unless an exception applies. The exceptions are substantially similar to the exceptions in NPP 6. and must also give access in the manner as requested by the individual if it is reasonable to do so. If an organisation decides not to give to an individual access to the information, generally it must provide to the individual written reasons for the refusal and the available avenues open for any complaint about the refusal. to the individual's personal information, the charge must not be excessive or apply to the making of the request. |