Publish a Privacy Policy compliant with APP 1
Every APP entity needs a clearly-expressed Privacy Policy covering APP 1.4 requirements.
Who must comply
All APP entities. From 10 December 2026, small business exemption removed — ~2M additional businesses captured.
What triggers it
Being an APP entity that handles personal information.
When due
Before collecting personal information. Reviewed regularly.
Evidence required
Published Privacy Policy with version history.
Max penalty
Civil penalties up to $50M for serious or repeated interferences with privacy
Summary
APP 1.3 requires every APP entity to have a clearly-expressed and up-to-date Privacy Policy. APP 1.4 prescribes minimum content: kinds of personal information collected, how it is collected and held, purposes, disclosure (including overseas), complaint handling, and access/correction processes. Policies must be made freely available.
Enforced by
Source legislation
Topics
Source: https://oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-quick-reference. Rules Mate is not a law firm. Always verify against the live regulator source before acting.