What the Australian Privacy Principles Do
The APPs establish a baseline for how organisations collect, use, store, and disclose personal information. They cover areas like open and honest management of privacy practices, providing individuals with access to their data, and ensuring data security. Compliance is mandatory for most Australian government agencies and organisations that handle personal information. Failure to adhere to the APPs can result in significant penalties and reputational damage.
Australian Privacy Principles in Microsoft 365 Tenants
APP 11, relating to security of personal information, is particularly relevant for IT teams managing Microsoft 365 environments. Practical application involves leveraging tools like Purview Information Protection for data loss prevention, utilising Microsoft 365 Audit logs for monitoring access, and implementing Insider Risk Management policies. The 2024 Privacy Act reforms introduce a ‘fair and reasonable’ test for data security, meaning organisations must demonstrate a proactive and risk-based approach to protecting personal information, aligning with the ACSC Essential Eight and potentially informing APRA CPS 234 requirements.