What Is A Privacy Collection Notice? 

If your business collects information from clients or customers for a specific purpose, you may need a Privacy Collection Notice

A Privacy Collection Notice is a notice given to individuals that provides a short summary of the data being collected and the purposes for which it is being collected. 

It can sometimes be confusing to know when you need a Privacy Collection Notice, a Privacy Policy or both. So, we’ll break it down for you. 

When Do You Need A Privacy Collection Notice? 


Like a Privacy Policy, a Privacy Collection Notice is not strictly necessary for businesses with less than $3 million annual turnover or businesses that do not fall into one of the exceptions

We’ve written about Privacy Policies here and Health Service Provider Privacy Policies here

However, it is simply good practice for small businesses to have strong privacy practices just to cover their bases.

There are also some circumstances where businesses opt-in to the government’s privacy guidelines, so that they can call themselves a ‘privacy compliant’ organisation.

If you fall into one of these categories, you are considered an APP Entity and the Australian Privacy Principles (APPs) apply to you. 

Why Do You Need A Privacy Collection Notice If You Have A Privacy Policy?

In order to comply with the APPs as an APP Entity,  you’ll need a Privacy Policy

A Privacy Policy is effectively an ongoing announcement stating that the business is collecting and using data, and details exactly how it is doing so. 

The main difference between a Privacy Policy and a Privacy Collection Notice is that a Privacy Collection Notice outlines how an organisation handles personal information collected for a specific purpose. For instance, a Privacy Collection Notice could specify how you’re using personal information to handle a complaint or to send out newsletters.

What’s In A Privacy Collection Notice? 

If you’re wondering what sorts of information can be in a Privacy Collection Notice, here’s a breakdown of what’s usually included: 

  • The entity’s identity and contact details: This could include the details of a contact who handles enquiries and requests relating to the Privacy Act. In this case, you could also have a generic company email for handling privacy matters. 
  • Facts and circumstances of collection: This includes how, when and from where the personal information was collected. This is particularly important (and a requirement) when the information has been collected from a third party, like a marketing agency, for example. 
  • If collection is required or authorised by law: There are certain circumstances in which specific laws and regulations mandate the collection of information. If this is the case, then the relevant law should be stated.  
  • Purposes of collection: It is important to be transparent about your purpose for collecting information. Your Privacy Collection Notice should include the specific function or reason for which the personal information is being collected
  • Consequences for individuals if personal information is not collected: This should disclose any significant consequences (that aren’t reasonably obvious) that could occur if you do not collect the information. An example of this would be an application for a licence or benefit, which you may not be able to fully grant if the customer doesn’t provide their personal information. 
  • Other APP entities, bodies or persons to which the personal information is usually disclosed: If you’re disclosing the information on a regular basis to another APP entity, the entity should be named. 
  • Information about access and correction in the APP entity’s APP Privacy Policy: This will disclose how individuals can access and seek correction of the personal information that’s being held. 
  • Likely cross-border disclosures of the personal information: This should disclose whether the information will be given to overseas recipients, and if so, in which countries they’d likely be located.

Get In Touch 

Once you have a Privacy Collection Notice, there is no specific place where it has to be displayed or delivered. You simply have to show that reasonable steps were taken to notify the individual or ensure their awareness of the Privacy Collection Notice. 

Navigating the APPs and your company’s compliance can be a difficult process. At Sprintlaw, we have a team of experienced lawyers that can assist you with drafting or reviewing Privacy Collection Notices. 

Get in contact with one of our consultants for a free, no-obligations chat about how we can help with a Privacy Collection Notice and any other legal issues your business may have.

About Sprintlaw

Sprintlaw is a new type of law firm that operates completely online and on a fixed-fee basis. We’re on a mission to make quality legal services faster, simpler and more affordable for small business owners and entrepreneurs.

5.0
(based on Google Reviews)

Have a question?
Get your FREE quote now.

We'll get back to you within 1 business day.

  • This field is for validation purposes and should be left unchanged.

Related Articles