Australian Privacy Principle 8 - Cross-Border Disclosure of Personal Information
8.1 Before an organisation discloses personal information about an individual to an overseas recipient, they must ensure, as reasonable, that the overseas recipient does not breach the APPs (other than APP 1) in relation to the information. An overseas recipient is expressed to be a ‘person.’
This APP is to be read in conjunction with Section 16C. It provides, basically, that where an overseas recipient is not itself bound by the APPs then the organisation itself is liable for any act by the overseas recipient in breach of the APP’s....
ORDER FOR FULL TEXT.
8.2 The organisation need not take these steps if it is reasonably satisfied that the recipient is subject to laws that will protect the information in a similar way and the individual can access effective mechanisms of enforcement.
These steps are also not required if the individual consents to the overseas disclosure.