Contents
What Is A Privacy Collection Notice?
If your business collects information from clients or customers for a specific purpose, you may require a Privacy Collection Notice to ensure you meet the latest privacy standards in 2025.
A Privacy Collection Notice is a short notice provided to individuals that summarises the data being collected and the specific purposes for which it is collected, in line with the current Australian Privacy Principles (APPs).
It can sometimes be confusing to know when you need a Privacy Collection Notice, a Privacy Policy or both. Our guide has been updated for 2025 to reflect recent amendments to privacy regulations, so we’ll break it down for you.
When Do You Need A Privacy Collection Notice?
Similar to a Privacy Policy, a Privacy Collection Notice is not strictly necessary for businesses with less than $3 million annual turnover or for those that fall under specific exceptions. For instance, exceptions apply if you provide a health service and hold sensitive health information (excluding employee records), or if you ‘trade in personal information’ and operate an organisation that discloses personal data for a benefit or service. For more detailed insights on these exceptions, please refer to the latest guidance on the OAIC website.
If you fall into one of these exceptions, you are considered an APP Entity and the Australian Privacy Principles (APPs) will apply to you. Some businesses also choose to opt into the government’s privacy guidelines to be recognised as a ‘privacy compliant’ organisation, which similarly subjects them to the APPs.
Even if your business isn’t strictly covered by the Privacy Act, it’s still good practice in 2025 to implement robust privacy measures. This not only builds trust with your customers but also prepares your business for any future regulatory changes as you grow.
Why Do You Need A Privacy Collection Notice If You Have A Privacy Policy?
In order to comply with the APPs as an APP Entity, you’ll need a Privacy Policy. We’ve written more about Privacy Policies here and Health Service Provider Privacy Policies here. For further guidance, you can also check out our online business privacy guide.
A Privacy Policy is effectively an ongoing announcement that your business is collecting and using data, and it details exactly how this data is managed.
The main difference between a Privacy Policy and a Privacy Collection Notice is that a Privacy Collection Notice specifically outlines how an organisation handles personal information collected for a specific purpose and must be provided at the time of collection, whereas a Privacy Policy details all of your organisation’s privacy practices.
As a result, you will typically need both a Privacy Policy and a Privacy Collection Notice to remain compliant with the Privacy Act.
For example, if you are a medical clinic collecting patients’ health information via an online form to facilitate a test, you should include a Privacy Collection Notice on the form at the time of collection. Additionally, you may reference your full Privacy Policy on the form to inform individuals about your comprehensive privacy practices.
What’s In A Privacy Collection Notice?
If you’re wondering what sorts of information should be included in a Privacy Collection Notice, here’s a breakdown of what is typically covered:
- The entity’s identity and contact details: This includes your company’s name and contact information, such as a dedicated email address (e.g. privacy@yourcompany.com) for handling privacy enquiries.
- Facts and circumstances of collection: Detail how, when, and from where the personal information was obtained, which is crucial, especially if the data were collected from a third party.
- If collection is required or authorised by law: If specific laws mandate the collection of information, the relevant legal basis should be clearly stated.
- Purposes of collection: Clearly outline the specific purpose for which the personal information is being collected.
- Consequences for individuals if personal information is not collected: Explain any significant repercussions that could occur if the information is not provided, such as limitations on processing an application for a licence or benefit.
- Other APP entities, bodies or persons to which the personal information is usually disclosed: Identify any regular or expected disclosures of the information to third parties or other APP entities.
- Information about access and correction in the APP entity’s APP Privacy Policy: Outline the process by which individuals can access and request correction of their personal information.
- Likely cross-border disclosures of the personal information: Disclose whether the information will be transferred to overseas recipients and, if so, specify the likely countries.
Once you have a Privacy Collection Notice, there is no specific format or location where it must be displayed. The essential requirement is that you demonstrate reasonable steps have been taken to ensure individuals are informed about the collection and use of their personal information.
In the fast-evolving digital landscape of 2025, it is essential to review and update your Privacy Collection Notice regularly. Ensuring that your notice accurately reflects your current data practices and complies with recent amendments to the Privacy Act will help maintain transparency and safeguard your business against potential non-compliance. For additional insights on managing privacy in your organisation, our online business privacy guide is a valuable resource.
Get In Touch
Navigating the APPs and ensuring your company’s compliance can be challenging. At Sprintlaw, our team of experienced lawyers is here to assist you with drafting or reviewing your Privacy Collection Notice, along with other legal matters your business may face in 2025.
Get in contact with one of our consultants for a free, no-obligations chat about how we can help with your Privacy Collection Notice. Visit our contact page to start the conversation.
Get in touch now!
We'll get back to you within 1 business day.
Top 3 Legal Mistakes
Book in a free consultation with us to discuss your legal needs.