Collection notices
A collection notice is a way of telling individuals why you are collecting their personal information and how you will handle it. It promotes transparency about your organisation’s handling of personal information and can contribute to increased trust in your organisation.
When might you provide a collection notice?
As a privacy officer, your role will involve advising on the content of collection notices as well as identifying when a collection notice is required. This will be easier when a business unit of your organisation approaches you having decided a collection notice is required.
But it also may involve you identifying the need for a collection notice where the business unit has overlooked this for a new form of collection, or where you realise your organisation has been collecting personal information without a proper collection notice for existing processes.
A collection notice will usually be required for those points or interactions where your organisation gets information from the individuals that it deals with – your customers, service-users, ratepayers, employees or contractors. So, think about how those interactions take place – it might be in an application form; a webform for providing feedback to your organisation; or a telephone line for raising service issues.
What should be in a collection notice?
IPP 1.3 requires organisations to take reasonable steps to provide individuals with certain information when collecting their personal information. The information provided should include:
- contact details for your organisation;
- why you are collecting the information;
- who you might usually share the information with;
- whether any law requires the collection;
- if there are any consequences for not providing the information; and
- the fact individuals can later gain access to the information.
When considering what to include in your collection notices, you should keep in mind that that your collection notice will set individuals expectations around use and disclosure of their personal information. The more up front your organisation is in its collection notices, the more likely individuals are to accept the use or disclosure. Plus, if individuals have concerns about how you propose to handle their information, they can raise specific queries and make an informed choice about whether they will proceed with the interaction.
For more guidance on what information you should include in a collection notice, you can refer to our resources on collection notices and the section of the IPP Guidelines on IPP 1.3 – Collection notices.
Drafting a collection notice
When drafting your collection notices, you may like to consider our template collection notice.
We have also included some example collection notices at the end of this page which will be useful for you to consult.
Tips for a good collection notice
Here are some quick tips to help you put collection notices into practice:
- Use plain language and include appropriate detail – it shouldn’t be unnecessarily long or complicated.
- Be specific about the purposes for collection and who the information may be disclosed to.
- Keep in mind that notice is not the same as consent – if you want to rely on consent then must ensure that individuals have actively expressed that they agree to provide the information, and are free to exercise genuine control and choice to provide or withhold consent.
- Notice can be provided in different formats – this may be on the form that is used to collect the information (paper or online); on your organisation’s website; in a telephone script; or in an acknowledgement letter or email responding to the individual.
- Consider a layered approach, where notice runs the risk of being too long or complicated.
Example 1
Scenario:
Sunny Side Council is implementing a new online portal which will allow customers to submit requests and complaints about service issues. As part of this initiative, Sunny Side Council will collect personal information from customers using the portal.
Collection notice:
Sunny Side Council collects this information to:
- assist you with your request or complaint about a service
- investigate and respond to your complaint, and
- contact you for more information about your request or complaint.
We may share this information with organisations that work for Council if your complaint relates to one of the organisations, or if the organisation delivers a service you have requested on Council’s behalf.
If you choose not to provide your name and contact details, we will be unable to contact you. This may limit our ability to address any issues you have raised.
If you have any questions about how your personal information will be handled or would like to gain access to your personal information, you can contact Sunny Side Council’s Privacy Officer on 03 1111 1111 or privacy@sunnysidecouncil.vic.gov.au.
Example 2
Scenario:
The Department of Music administers the Loud Wind Instrument Act 1999 (LWI Act) and is required to keep a register of all trombone players under section 22 of that Act.
Collection notice:
The Department of Music collects this information in order to:
- administer the register of all trombone players under the LWI Act, and
- ensure compliance with the LWI Act.
We share this information with:
- members of the public who access the register.
- the Music Police, if there is a suspected breach of the LWI.
You are required to provide this information as a result of section 22 of the LWI Act.
If you choose not to provide your name and postal address, you will be unable to register as a trombone player and this may result in a sanction for non-compliance with the LWI Act.
If you have any questions about how your personal information will be handled or would like to gain access to your personal information, you can contact the Department of Music’s Privacy Unit on 03 2222 2222 or privacyunit@DM.vic.gov.au.