How must companies deal with unsolicited personal information under the APP?

Companies are required to manage unsolicited personal information in accordance with the Australian Privacy Principles (APP). This means they must handle such information with the same care and diligence as they would with solicited information. The APP outlines specific guidelines regarding the collection, use, and protection of personal information.

When companies receive unsolicited personal information, they need to assess whether it is necessary for their functions or activities. If the information is deemed relevant, they must take appropriate measures to protect it and ensure it's used in compliance with the APP. This includes considering individual privacy, data security, and the proper handling of personal data.

The other options suggest responses that do not align with the comprehensive framework required by the APP. Simply returning unsolicited information to the sender does not address the company's responsibility for data management. Notifying individuals about the existence of unsolicited information may not be relevant if the information is not retained, while deleting it immediately without assessing its relevance does not fulfill the obligations outlined in the APP. Thus, the correct approach is to manage unsolicited personal information according to APP principles.