APF has worked on a wide variety of issues over more than a quarter-century. Its Policy Statements and its Submissions reflect the following set of ground rules, or meta-principles, which APF submits must be generally applied.
All proposals that have the potential to harm privacy must be subjected to prior evaluation against appropriate privacy principles.
All evaluation processes must feature consultation processes with the affected public and their representative and advocacy organisations.
Sufficient information must be disclosed in advance to enable meaningful and consultative evaluation processes to take place.
All privacy-intrusive aspects must be demonstrated to be necessary pre-conditions for the achievement of specific positive outcomes.
The benefits arising from all privacy-intrusive aspects must be demonstrated to be commensurate with their financial and other costs, and the risks that they give rise to.
Where privacy-intrusiveness cannot be avoided, mitigating measures must be conceived, implemented and sustained, in order to minimise the harm caused.
All privacy-intrusive aspects must be subject to controls, to ensure that practices reflect policies and procedures. Breaches must be subject to sanctions, and the sanctions must be applied.
All privacy-intrusive aspects and their associated justification, proportionality, transparency, mitigation measures and controls must be subject to review, periodically and when warranted.