The Framework - Privacy Registration

Find out more about the Data Privacy Register framework

Understanding our privacy principles

An overview of the six Data Privacy Register principles

The Data Privacy Register self assessment is based on six privacy principles. These principles are separate to the Australian Privacy Principles and are designed to offer your customers greater transparency, disclosure and control when it comes to their personal data.

From July 2018 to September 2018, 94% of data breaches reported to the Office of the Australian Information Commissioner (OAIC) were attributed to human factors including human error, social engineering, rogue employees or theft. Only 6% of data breaches related to system fault.

The six Data Privacy Register principles focus on an organisation's management of people, process and policy.

Fairness and transparency

Be honest, open and transparent about how you collect personal information (both directly and indirectly), how you use it, who you may disclose it to and how you dispose of it.

Retention of data

Store personal information for the shortest time possible.

Purpose of data use or disclosure

Collect, use and disclose personal information for a defined purpose only. Obtain consent from your customers and clients for that defined purpose. If you wish to use personal information for another purpose, seek permission to do so first.

Security of data

Process personal information securely. Where appropriate, use pseudonymisation and encryption. Ensure the systems, services and the personal information you process within them are confidential, available and maintain integrity.

Data minimisation and anonymisation

Limit personal information usage and disclose to customers the possible instances where their personal information will be shared. Where possible, use anonymous data. As yourself this question: "Is this collected data necessary, adequate and relevant for your intended purpose?"

Accuracy of data and the right to correct

Take all reasonable steps to ensure the personal information you hold is not incorrect or misleading. Allow users to update their data and make it simple for them to do so.

Registration Requirements