Versions Compared

Version Old Version 17 New Version 18
Changes made by

Sasanka Gayan

Sasanka Gayan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Status key :

FC = Fully compliant IP = In progress NC = Not compliant NA = Not applicable

APP 1 - Open and transparent management of personal information

Comments

Status

General compliance with the APP 1

APP 1.1

Does organization entity manage personal information in an open and transparent way?

Implementing practices, procedures and systems to ensure APP compliance

APP 1.2

Does organization entity take reasonable steps to implement practices, procedures and systems relating to the entity’s functions or activities that will:

  • ensure the entity complies with the APPs and any binding registered APP code

  • enable the entity to deal with inquiries or complaints from individuals about the entity’s compliance with the APPs or such a code

Developing an APP Privacy Policy

APP 1.3

Does organization entity have a clearly expressed and up-to-date APP Privacy Policy about how it manages personal information and At a minimum, a clearly expressed policy should be easy to understand, easy to navigate, and only include information that is relevant to the management of personal information by the entity?

And the policy will usually be available on the entity’s website?

Is it written in a style and length that makes it suitable for web publication

Does organization entity regularly review and update its APP Privacy Policy to ensure that it reflects the entity’s information handling practices?

  • This review could, at a minimum, be undertaken as part of an entity’s annual planning processes

  • Does entity include a notation on the policy indicating when it was last updated?

  • Does entity comment on the policy to evaluate its effectiveness, and explain how any comments will be dealt with?

APP 1.4

Does APP organization entity include following non-exhaustive list of information on the APP Privacy Policy?

  • the kinds of personal information collected and held by the entity (APP 1.4(a)

  • how personal information is collected and held (APP 1.4(b))

  • the purposes for which personal information is collected, held, used and disclosed (APP 1.4(c))

  • how an individual may access their personal information and seek its correction (APP 1.4(d))

  • how an individual may complain if the entity breaches the APPs or any registered binding APP code, and how the complaint will be handled (APP 1.4(e))

  • whether the entity is likely to disclose personal information to overseas recipients (APP 1.4(f)), and if so, the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy (APP 1.4(g))

Making an APP Privacy Policy publicly available

APP 1.5

Does APP organization entity take reasonable steps to make its APP Privacy Policy available free of charge, and in an appropriate form with the objective of APP 1 of ensuring that personal information is managed in an open and transparent way?

Does APP organization entity, upon request, to take reasonable steps to provide a person or body with a copy of its APP Privacy Policy in the form requested?

If a request for access in a particular form is declined for a valid reason, Does APP organization entity explain this decision to the person or body making the request and APP organization entity prepared to undertake reasonable consultation with the requester about the request?

...