APF's Meta-Principles for Privacy Protection

APF has worked on a wide variety of issues over more than a quarter-century. Its Policy Statements and its Submissions reflect the following set of ground rules, or meta-principles, which APF submits must be generally applied.


1. Evaluation

All proposals that have the potential to harm privacy must be subjected to prior evaluation against appropriate privacy principles.

2. Consultation

All evaluation processes must feature consultation processes with the affected public and their representative and advocacy organisations.

3. Transparency

Sufficient information must be disclosed in advance to enable meaningful and consultative evaluation processes to take place.

4. Justification

All privacy-intrusive aspects must be demonstrated to be necessary pre-conditions for the achievement of specific positive outcomes.

5. Proportionality

The benefits arising from all privacy-intrusive aspects must be demonstrated to be commensurate with their financial and other costs, and the risks that they give rise to.


6. Mitigation

Where privacy-intrusiveness cannot be avoided, mitigating measures must be conceived, implemented and sustained, in order to minimise the harm caused.

7. Controls

All privacy-intrusive aspects must be subject to controls, to ensure that practices reflect policies and procedures. Breaches must be subject to sanctions, and the sanctions must be applied.


8. Audit

All privacy-intrusive aspects and their associated justification, proportionality, transparency, mitigation measures and controls must be subject to review, periodically and when warranted.