What Is A Privacy Collection Notice?
If your business collects information from clients or customers for a specific purpose, you may need a Privacy Collection Notice.
A Privacy Collection Notice is a notice given to individuals that provides a short summary of the data being collected and the purposes for which it is being collected.
When Do You Need A Privacy Collection Notice?
The exceptions include if you provide a health service and hold health information (other than in employee records), or if you ‘trade in personal information’ and run an organisation that discloses personal information about another individual for a benefit, service or advantage.
If you fall into one of exceptions, you are considered an APP Entity and the Australian Privacy Principles (APPs) apply to you. There are also some circumstances where businesses opt-in to the government’s privacy guidelines, so that they can call themselves a ‘privacy compliant’ organisation, and are therefore also required to comply with the APPs as an APP Entity.
Even if you are not strictly covered by the Privacy Act, it’s good practice for small businesses to have strong privacy practices to build trust and confidence with customers, and to ready themselves for future compliance if they grow beyond the $3 million revenue mark.
What’s In A Privacy Collection Notice?
If you’re wondering what sorts of information can be in a Privacy Collection Notice, here’s a breakdown of what’s usually included:
- The entity’s identity and contact details: This could include the details of a contact who handles enquiries and requests relating to the Privacy Act. In this case, you could also have a generic company email for handling privacy matters.
- Facts and circumstances of collection: This includes how, when and from where the personal information was collected. This is particularly important (and a requirement) when the information has been collected from a third party, like a marketing agency, for example.
- If collection is required or authorised by law: There are certain circumstances in which specific laws and regulations mandate the collection of information. If this is the case, then the relevant law should be stated.
- Purposes of collection: It is important to be transparent about your purpose for collecting information. Your Privacy Collection Notice should include the specific function or reason for which the personal information is being collected
- Consequences for individuals if personal information is not collected: This should disclose any significant consequences (that aren’t reasonably obvious) that could occur if you do not collect the information. An example of this would be an application for a licence or benefit, which you may not be able to fully grant if the customer doesn’t provide their personal information.
- Other APP entities, bodies or persons to which the personal information is usually disclosed: If you’re disclosing the information on a regular basis to another APP entity, the entity should be named.
- Likely cross-border disclosures of the personal information: This should disclose whether the information will be given to overseas recipients, and if so, in which countries they’d likely be located.
Once you have a Privacy Collection Notice, there is no specific place where it has to be displayed or delivered. You simply have to show that reasonable steps were taken to notify the individual or ensure their awareness of the Privacy Collection Notice.
Get In Touch
Navigating the APPs and your company’s compliance can be a difficult process. At Sprintlaw, we have a team of experienced lawyers that can assist you with drafting or reviewing Privacy Collection Notices.
Get in contact with one of our consultants for a free, no-obligations chat about how we can help with a Privacy Collection Notice and any other legal issues your business may have.
Get your FREE quote now.
We'll get back to you within 1 business day.