Table 3 Sample developer guidance: Australian security laws and global best practices [33]

If your app is subject to the Privacy Act 1988, then you must take reasonable steps to protect the personal information you collect, store or share. Even if your app is exempt from the Privacy Act 1988, you should ensure the app is secure.

There is no specific security law that app developers must follow. Instead, developers should use a risk-based approach to decide on the most appropriate level of security. The more sensitive the personal information collected, the stronger your security should be. Health information is highly sensitive, so apps that collect, store or share health information should adopt the strongest security measures.