Privacy policies and collection notices
- promoting greater public confidence in the organisation’s handling of personal information;
- helping employees understand how they may handle the personal information they collect;
- preventing the unnecessary collection or unlawful use or disclosure of information.
- the organisation’s main functions and the types of personal information it collects to fulfil those functions;
- how the organisation uses and shares the personal information it collects, including which third parties the information may be shared with any legislation that authorises or permits the organisation to collect and handle the personal information;
- how the information is stored and kept secure;
- how individuals can contact the organisation’s Privacy Officer and make a privacy complaint.
- is concise and targeted to the general public;
- uses short, clear sentences and familiar, plain English words;
- avoids legal jargon or technical terminology; and
- avoids large slabs of text.
What is a collection notice?
Information Privacy Principle (IPP) 1.3 requires organisations to provide a collection notice to individuals. A collection notice is a way for organisations to tell individuals why their information is being collected and what it will be used for.
Collection notices should be provided at or before the time (or as soon as practicable after) personal information is collected from individuals. Some examples of when a collection notice would be necessary to include are when a local council collects personal information on a planning application form, or when an employer collects personal information as part of a recruitment process.
Giving notice promotes transparency about organisations’ collection and handling of personal information, and ensures individuals are aware of their rights and obligations in relation to providing their information to government organisations.
What should a collection notice contain?
When collecting personal information, organisations must ensure that an individual is made aware of:
- The identity of the organisation and how to contact it;
- The fact that the individual is able to gain access to the information;
- The purpose for which the information is collected;
- To whom (or the types of individuals or organisations to which) the organisation usually discloses information of that kind;
- Any law that requires the particular information to be collected; and
- The main consequences (if any) for the individual if all or part of the information is not required.
Providing a collection notice
There is no one correct way to provide a notice of collection. Some practical examples of how to give notice to individuals may include:
- a written notice on a form the individual is completing;
- notice included in an automated recorded telephone message; or
- notice included in brochures, posters and counter signage.
Privacy policies speak to an organisation’s information management practices in a broad sense, whereas collection notices outline how organisations will handle personal information collected for a specific purpose.