The Australian Privacy Principles (APPs) are the thirteen principles that form the substantive core of the Privacy Act 1988. They replaced earlier separate sets of principles in 2014 and apply uniformly to APP entities — both Commonwealth agencies and private-sector organisations covered by the Act.
The principles cover the full information lifecycle: APP 1 (open and transparent management), APP 2 (anonymity and pseudonymity), APP 3-5 (collection), APP 6 (use and disclosure), APP 7 (direct marketing), APP 8 (cross-border disclosure), APP 9 (government identifiers), APP 10 (data quality), APP 11 (security of personal information), APP 12 (access), APP 13 (correction).
For IT-led compliance work, APP 11 is the most operationally significant — it requires reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. APP 8 is the next most often-overlooked: cross-border disclosure carries accountability that survives the transfer.