Australian Privacy Principle 1 - Open and Transparent Management of Personal Information
1.1 Organisations are to manage personal information in an open and transparent way. This requires accountability with the public in information handling practices. Even if an organisation is accustomed to maintaining secrecy over commercial-in-confidence information, its processes for handling personal information are not secret.
Compliance with the Australian Privacy Principles etc.
1.2 An organisation must adopt procedures to permit compliance with all privacy principles or any relevant code, and the due handling of all inquiries and complaints regarding compliance. The steps taken need only be what is reasonable considering the nature of the information, the nature of the organisation and the risk of a breach of privacy and cost or practicality of measures.
How an organisation manage personal information
How an organisation collect and hold personal information
The purposes for which information is collected, held, used and disclosed
How an individual may access personal information about themselves and seek correction of such
How an individual may complain about a breach of the Australian Privacy Principles, or a relevant code and how such complaints will be dealt with
Whether an organisation are likely to disclose personal information to overseas recipients;
If yes to f) -- the countries in which such recipients are likely to be located
1.6 It must be provided upon request in the requested form. The organisation needs to take whatever steps as are reasonable. The OAIC views this law as excusing organisations from declining to provide their privacy policies in a form that is unreasonable to expect it in.