NPP 1: Collection

Describes what an organisation should do when collecting personal information, including what they can collect, collecting from third parties and, generally, what they should tell individuals about the collection.

 NPP 2: Use and Disclosure

Outlines how organisations may use and disclose individuals’ personal information.  If certain conditions are met, an organisation does not always need an individual’s consent to use and disclose personal information.  However, there are rules about direct marketing.

 NPP 3 & 4: Information quality and security

An organisation must take steps to ensure the personal information it holds is accurate and up-to-date, and is kept secure from unauthorized use or access.

 NPP 5: Openness

An organisation must have a policy on how it manages personal information, and make it available to anyone who  requests it.

 NPP 6: Access and Correction

Gives individuals a general right of access to their personal information, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date.

 NPP 7: Identifiers

Generally prevents an organisation from adopting an Australian Government identifier for an individual as its own.

 NPP 8: Anonymity

Where possible, organisations must give individuals the opportunity to do business with them without the individual having to identify themselves.

 NPP 9: Transborder data flows

Outlines how organisations should protect personal information that they transfer outside of Australia.

 NPP 10: Sensitive information

Sensitive information includes information such as health, racial or ethnic background, or criminal record. Higher standards apply to the handling of sensitive information.