Summary of version changes to APP guidelines

Updated references to OAIC and external publications for new website launch

Inclusion of new [A.4] and [A.29]–[A.32] to explain that the APP guidelines may provide relevant guidance to Australian Capital Territory public sector agencies.

Updated references to OAIC and external publications for new website launch

• Clarified the circumstances in which small business operators are treated as organisations and therefore APP entities ([B.7])
• Revised and expanded discussion about ‘carries on business in Australia’, a component of the test for whether an APP entity has an ‘Australian link’ ([B.13–B.21])
• Small clarifications to the discussion about ‘disclosure’, including the addition of a new footnote reference to an AAT decision ([B.64] and [B.68])
• Minor stylistic change ([B.104])
• Updated discussion about ‘sensitive information’ to explain that information may be sensitive information where it clearly implies one of the matters listed in the definition of ‘sensitive information’ in s 6(1) ([B.139])

Amended text to reflect Privacy Act amendment to definition of sensitive information re; sexual orientation... [B.132]

Updated references to OAIC and external publications for new website launch

Updated references to OAIC and external publications for new website launch

Updated references to OAIC and external publications for new website launch

Updated references to OAIC and external publications for new website launch

Updated references to OAIC and external publications for new website launch

Updated references to OAIC and external publications for new website launch

Updated references to OAIC and external publications for new website launch

New reference to legislated family violence information sharing schemes in [5.7]

• Revised discussion of the circumstances where an APP entity may be taken to breach the APPs, when it provides personal information to an overseas contractor as a ‘use’, and the information is mishandled overseas ([8.15])
• Revised and expanded discussion about the circumstances in which the ‘international agreement’ exception in APP 8.2(e) applies ([8.47]–[8.51])
• Minor amendments to footnotes to correct website references ([8.1], [8.21])

• New reference to the OAIC Guide to Securing Personal Information (2015) [Key point 3, [11.10] and ([11.34])
• Consolidation and amendment of discussion, about relevant considerations in taking ‘reasonable steps’, for consistency with OAIC Guide to Securing Personal Information (2015) ([11.7]–[11.10])
• Minor stylistic changes ([11.11 and 11.42])
• Small clarifications to examples of ‘loss’, ‘unauthorised access’, ‘unauthorised modification’ and ‘unauthorised disclosure’ including in footnotes ([11.15]–[11.21])
• Minor amendment to footnote to correct reference to Australian Government Information Security Manual and to Australian Signals Directorate website ([11.37])