Australian Privacy Principle 6 (APP 6) is a part of the Australian Privacy Principles (APPs), which are a set of privacy principles outlined in the Privacy Act 1988. APP 6 specifically addresses the use and disclosure of personal information by organizations subject to the Privacy Act.
APP 6 sets out rules regarding the use and disclosure of personal information. It aims to ensure that individuals have control over how their personal information is used and disclosed, and that organizations handle personal information in a responsible and transparent manner. Here are the key elements of APP 6:
- Permitted Purpose: Personal information should only be used or disclosed for the primary purpose for which it was collected unless an exception applies. The primary purpose is the reason for which the information was originally collected, or a directly related secondary purpose that the individual would reasonably expect.
- Reasonable Expectation: If an organisation wants to use or disclose personal information for a secondary purpose, it must be reasonably related to the primary purpose and within the individual’s reasonable expectations.
- Direct Marketing: If an organisation wants to use personal information for direct marketing purposes, it must obtain the individual’s consent, or provide a simple way to opt-out of such communications. Opt-out requests should be promptly honoured.
- Sensitive Information: Special rules apply to the use and disclosure of sensitive information, which includes details such as an individual’s racial or ethnic origin, political opinions, religious beliefs, health information, and more. Sensitive information can only be used or disclosed with the individual’s explicit consent, or if allowed by law.
- Exceptions: There are certain exceptions to APP 6. For example, personal information can be used or disclosed without consent if it is required by law, necessary to prevent a threat to life, health or safety, or necessary for law enforcement purposes.
- Accountability: Organisations are responsible for the personal information they hold and must take reasonable steps to protect it from misuse, interference, loss, and unauthorized access. They should also have a privacy policy that outlines how they handle personal information.
Compliance with APP 6 is essential for organisations to ensure they meet their privacy obligations under Australian law. Failing to comply with APP 6 can result in legal consequences, including fines and damage to an organisation’s reputation.
Australian Privacy Principle 6 (APP 6) is a fundamental component of the Australian Privacy Principles (APPs) enshrined in the Privacy Act 1988. APP 6 addresses the crucial aspect of the use and disclosure of personal information by organisations subject to the Privacy Act, particularly concerning the collection of information from patients. Understanding the primary purpose and related secondary purpose for the use of this information is of utmost importance. Let’s delve into these concepts in greater detail:
- Primary Purpose: The primary purpose refers to the initial reason for which an organisation collects personal information from an individual. It entails the specific objective or activity for which the information is initially sought. For instance, in the context of healthcare, the primary purpose may be the provision of medical treatment, diagnosis, or ongoing healthcare management of the patient.
When an organisation collects personal information from patients, it is crucial that the collection is directly related to the primary purpose. This means that the information collected should be necessary and reasonably required for the organisation to fulfil its intended purpose. Patients have a reasonable expectation that their information will be used for the primary purpose for which it was collected.
- Related Secondary Purpose: In addition to the primary purpose, APP 6 recognises related secondary purposes for which personal information may be used or disclosed. These are purposes that are closely connected to the primary purpose and are reasonably expected by the individual. While the primary purpose is often evident and directly linked to the nature of the service being provided, related secondary purposes may extend beyond the immediate provision of healthcare.
For example, a related secondary purpose in the healthcare context could be the use of patient information for research or quality improvement purposes, such as clinical studies or data analysis to enhance healthcare outcomes. However, it is important to note that related secondary purposes must be reasonably expected by the patient based on the nature of the primary purpose. If the use or disclosure of personal information for a secondary purpose is not reasonably expected, separate consent may be required.
It is essential for organisations to exercise transparency and communicate clearly with patients regarding the primary purpose and any related secondary purposes for which their information may be used or disclosed. Patients should have a reasonable understanding of how their personal information will be handled, ensuring that they have control over the use and disclosure of their information.
Organisations must always prioritise the protection and security of patients’ personal information, ensuring that it is not misused, interfered with, lost, or accessed without authorisation. Furthermore, organisations should establish and maintain robust privacy policies that outline their practices regarding the collection, use, and disclosure of personal information.
Compliance with APP 6 is critical for organisations to fulfil their privacy obligations, promote patient trust, and maintain a positive reputation. Failure to adhere to APP 6 can lead to legal ramifications, including fines and reputational damage. Therefore, organisations handling patient information must familiarise themselves with APP 6 and implement appropriate measures to ensure compliance and protect patient privacy.