Download original attachment
(PDF file)

This is an HTML version of an attachment to the Freedom of Information request 'Privacy training in the Defence Department'.


Australian Privacy Principle 8: cross-
border disclosure of personal 
information 
Sometimes when an APP entity discloses personal information the information will be received by a 
recipient who is not in Australia or an external territory. These disclosures are know as 'cross-border 
disclosures'. In addition to the limitations on disclosing personal information under APP 6, APP 8 establishes 
additional requirements for cross-border disclosures. 
 
Examples: 
Defence cross-border disclosures include when Defence provides personal information to: 

Australia's allies in course of a joint operation.  

To other military forces for the purpose of an exchange posting.  

For official visits to foreign countries. 
Note: APP8 does not apply to a use of personal information, such as when Defence sends personal 
information to other parts of Defence that are overseas. For example, when Defence sends personal 
information to: 

Defence members in an area of operation or posted to RMAF Butterworth; or  

to a Defence Attaché. 
See 'Use and disclosure' on the 
Important terms page. 
References to Australia and its external territories include the territorial seas of Australia and the territorial 
sea adjacent the territory. 
Before an APP entity discloses personal information about an individual to an overseas recipient, it must 
take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach 
the APPs (other than APP 1) in relation to the information. This is often done by contract. However 
Defence's relationship with other countries and military forces is not usually based on contract, rather we 
operate on agreement between the two countries. 
In these cases where Defence does not or cannot take steps as are reasonable in the circumstances to ensure 
that the overseas recipient does not breach the APPs, we need to look at the alternative options that may be 
available. These include the following: 
a. 
if the individual has given express consent and been informed that the APP entity cannot ensure 
that the overseas recipient does not breach the APPs;  
b.  if the disclosure is required or authorised by or under an Australian law or a court/tribunal order;  
c. 
if a permitted general situation other than permitted general situation 4 and 5 applies;  
d.  if the entity is an agency and the disclosure of the information is required or authorised by or under 
an international agreement relating to information sharing by the agency; or  
e. 
if the APP entity reasonably believes that the overseas recipient of the information is subject to a 
law or binding scheme that has the effect of protecting the information in a substantially similar 
way in which the APPs protect the information, and there are mechanisms that the individuals can 
access to take action to enforce the law or binding scheme. 
Specific advice should be requested in relation to the use of these alternative options. 
 

Document Outline