Australian Privacy Principle 10: Quality
of personal information
APP 10 is a general principle that applies to the collection, use and disclosure of personal information and
applies in addition to APPs 3, 4, 6 and 8. There is a small difference in the way APP 10 applies to the
collection of personal information and how it applies to the use and disclosure of personal information.
In relation to a collection of personal information, regardless of whether it is a solicited or unsolicited
collection, APP 10 requires an APP entity to take reasonable steps to ensure that personal information
collected, is accurate, up-to-date and complete.
Use and disclosure
In relation to the use or disclosure of personal information, the APP 10 requirements are similar to those
relating to collection, in that an APP entity is to take reasonable steps to ensure that personal information
collected, is accurate, up-to-date and complete. For use and disclosure APP 10 adds the requirement for the
use or disclosure of the information to be relevant. What is relevant is determined by having regard to the
purpose of the use or disclosure.
for a description of the terms accurate, up-to-date, complete and relevant)
APP 10 in practice
The Office of the Australian Information Commissioner advises that personal information should be checked
for accuracy and currency at two specific points in the information lifecycle:
at the time the information is collected; and
before the information is used or disclosed.
If personal information is found not to be up-to-date, accurate or complete, steps should be taken to correct
the information, such as:
when updated information is received due to a change in circumstances the information should be
updated in appropriate places;
when corrections are required records should be amended;
before use of information, reasonable steps should be taken to confirm accuracy.
Taking reasonable steps
'Reasonable steps' should be determined by the nature of the information. Some types of personal
information change more often that other types and therefore a greater requirement to check the accuracy of
the information is imposed.
Birth sex doesn't change; gender may change, but this is uncommon; date of birth does not
change, but age changes annually; address can change frequently or infrequently; marital status or partners
can change; next-of-kin, emergency contacts etc can change.
More frequent reasonable steps should be taken to check the accuracy and currency of the information where
there is a greater likelihood of the information being incorrect or having changed.
Below is a diagram representing an estimation of the reasonable steps necessary to ensure personal
information is accurate, complete, up-to-date and relevant.
Reasonable steps continuum