What does this mean? How do you collect, store and access information about someone while ensuring privacy?

The Privacy Act 1983 aims to promote and protect individual privacy. There are 12 Principles (IPPs) of the Privacy Act that state ‘Best Practice’. 

To ensure you comply, ensure the information collected, stored and accessed meets the following:

1. Information collected has a lawful purpose for the function or activity of that purpose
2. Information must be collected directly from that person, or with their authorisation unless it is publically available, or non-compliance would not prejudice the rights of that person, or compliance would prejudice the purpose for which it is collected
3. The person needs to know what is being collected and why
4. Information must be fairly obtained
5. Information held must be protected from disclosure, unauthorised access or modification
6. The person is entitled to information held (unless evaluative material)
7. The person is entitled to request information be updated accurately or a statement added by the person disputing the information
8. Information used must be accurate, up to date, relevant and not misleading
9. Information must not be held for longer than required for the purpose it was collected
10. Information must not be used for any other purpose than for which is was gathered unless it is public information, or a serious threat to health or safety
11. Information gathered must not be shared unless authorised
12. Unique identifiers are not to be assigned unless required to carry out function (ie payroll)