In 2014 the federal government amended the Privacy Act 1988 (Cth) (Privacy Act) by introducing the 13 Australian Privacy Principles (APPs) which specify how organisations must handle personal information. The 13 APPs apply to all non-government schools that provide a health service or have an annual turnover of more than $3 million. A central requirement of the APPs is that schools must have procedures, practices and systems, integrated within their organisational governance framework, to ensure compliance with each of the 13 APPs. This requirement is referred to as “Privacy by Design” and should be documented in your school’s Privacy Program.