Privacy Act 1988 (Cth)

APP 1 — Open and transparent management of personal information

Cth · Office of the Australian Information Commissioner (OAIC)Supports

The venue must have a clearly expressed and up-to-date privacy policy describing how personal information is collected, used, stored, disclosed, and how individuals can access or correct it.

Working draft, not legal advice

The plain-English summary above is drafted by Venue Axis as a navigation aid. The citation is the authoritative source — treat it as the definitive reference. For a legal interpretation of this obligation in your venue's context, talk to your counsel.

Operational metadata

How this obligation operates.

Citation
Privacy Act 1988 (Cth), Schedule 1 — APP 1 (open and transparent management)
Read on legislation.nsw.gov.au →
Frequency
Continuous
Binds
venue, ceo
Strategic tier
Supports
Venue Axis hosts the workflow, templates, and evidence ledger; an external party (counsel, auditor, RGO, vendor) performs the underlying action.
Consequence of breach

What can go wrong.

Determination by OAIC; reputational exposure.

Consequences are summarised from the underlying legislation. Specific penalties depend on the breach pattern, prior history, and the regulator's enforcement posture. Talk to a liquor and gaming lawyer for a definitive view of your venue's exposure.

Related obligations

Other items in Privacy Act 1988 (Cth).

Does (enforced)

APP 3 — Limit collection to what is reasonably necessary

Personal information must only be collected where reasonably necessary for the venue's functions and by lawful and fair means.

Supports

APP 5 — Notify individuals about collection

At or before the time of collection, the venue must take reasonable steps to notify the individual about the collection, its purposes, and t

Does (enforced)

APP 6 — Use and disclosure limited to collection purpose

Personal information collected for one purpose may only be used or disclosed for a secondary purpose in specified circumstances (consent, re

Does (enforced)

APP 11.1 — Security of personal information

The venue must take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or

Does (triggered)

APP 11.2 — Destroy or de-identify when no longer needed

When personal information is no longer needed for a permitted purpose, the venue must take reasonable steps to destroy or de-identify it — s

Does (triggered)

APP 12 — Patron right of access

An individual has a right to request access to the personal information the venue holds about them, and the venue must respond within the pr

Working references

Browse + take with you.

Free tool · Filterable explorer

Browse all 85 obligations →

Filter by jurisdiction, strategic tier, who's bound. The search-and-skim view; this page is the per-obligation deep link.

L&GNSW · the working surface

CL1002 framing →

The 75-Part Self-Audit Checklist L&GNSW inspectors walk through, and how Venue Axis is structured around it.

Library

All working references →

Free tools, comparisons, regulatory explainers — the full Venue Axis library, organised by category.

See it wired into a working venue.

The browseable tree is the inventory. The in-product working surface adds live evidence linkage, CL1002 alignment, and freshness scoring on top. First three months free, no card up front.

Get started →See the working surface