Download original attachment
(PDF file)

This is an HTML version of an attachment to the Freedom of Information request 'Privacy training in the Defence Department'.


Australian Privacy Principle 10: Quality 
of personal information 
APP 10 is a general principle that applies to the collection, use and disclosure of personal information and 
applies in addition to APPs 3, 4, 6 and 8. There is a small difference in the way APP 10 applies to the 
collection of personal information and how it applies to the use and disclosure of personal information. 
Collection 
In relation to a collection of personal information, regardless of whether it is a solicited or unsolicited 
collection, APP 10 requires an APP entity to take reasonable steps to ensure that personal information 
collected, is accurate, up-to-date and complete. 
Use and disclosure 
In relation to the use or disclosure of personal information, the APP 10 requirements are similar to those 
relating to collection, in that an APP entity is to take reasonable steps to ensure that personal information 
collected, is accurate, up-to-date and complete. For use and disclosure APP 10 adds the requirement for the 
use or disclosure of the information to be relevant. What is relevant is determined by having regard to the 
purpose of the use or disclosure. 
(See 
Important terms for a description of the terms accurate, up-to-date, complete and relevant) 
APP 10 in practice 
The Office of the Australian Information Commissioner advises that personal information should be checked 
for accuracy and currency at two specific points in the information lifecycle: 

at the time the information is collected; and  

before the information is used or disclosed. 
If personal information is found not to be up-to-date, accurate or complete, steps should be taken to correct 
the information, such as: 

when updated information is received due to a change in circumstances the information should be 
updated in appropriate places;  

when corrections are required records should be amended;  

before use of information, reasonable steps should be taken to confirm accuracy. 
Taking reasonable steps 
'Reasonable steps' should be determined by the nature of the information. Some types of personal 
information change more often that other types and therefore a greater requirement to check the accuracy of 
the information is imposed. 
For example: Birth sex doesn't change; gender may change, but this is uncommon; date of birth does not 
change, but age changes annually; address can change frequently or infrequently; marital status or partners 
can change; next-of-kin, emergency contacts etc can change. 
More frequent reasonable steps should be taken to check the accuracy and currency of the information where 
there is a greater likelihood of the information being incorrect or having changed. 
Below is a diagram representing an estimation of the reasonable steps necessary to ensure personal 
information is accurate, complete, up-to-date and relevant. 

 
Reasonable steps continuum 
 

Document Outline