Are you aware of your obligations under the Privacy
Act and the Australian Privacy Principles (APPs)?
Does your business have appropriate processes to manage the
handling of personal information?
This week is Privacy Awareness Week. As an official partner of
the Office of the Australian Information Commissioner's privacy
awareness campaign, Cooper Grace Ward will be publishing a series
of articles that relate to:
how your business can collect personal information;
how your business can engage in direct marketing;
how your business should handle requests to access and correct
the importance of a social media policy; and
how your business can organise internal privacy awareness and
Collecting personal information
Under APP 3, your business can only collect personal information
if it is reasonably necessary for one or more of your business'
functions or activities. However, if that personal information is
sensitive information, your business generally cannot collect it
unless the individual has consented to the collection.
The term 'collection' is broad and encompasses
gathering, acquiring or obtaining information from any number of
the individual themselves;
surveillance cameras; and
online web browsing tools such as cookies, embedded scripts,
and device identifiers.
What is reasonably necessary for your business functions
There are many reasons why your business may seek to collect
personal information. For example, collection of personal
information may allow your business to:
inform customers about new products or services;
advertise and promote surveys and competitions;
complete customer transactions; and
respond to customer complaints and other inquiries.
As a general rule, the collection of personal information will
be 'reasonably necessary' if your business cannot perform
effectively or pursue business functions and activities without
collecting that personal information.
Before collecting personal information for use in a function or
activity, it is always worth considering whether a reasonable
What is sensitive information?
Sensitive information includes information about an
racial or ethnic origin;
political opinions or membership of a political
religious beliefs or affiliations;
membership of a professional or trade association or trade
sexual orientation or practices; or
If your business seeks to collect any sensitive information
about an individual then, in most cases, the individual's
consent must be obtained before the collection.
Notification of collection
Under APP 5, your business is also required to notify the
individual about the collection as soon as practicable after the
personal information is collected.
Matters that should be notified to the individual can
the identity and contact details of your business;
the purposes for which the personal information has been
whether the business will disclose personal information to a
third party or to overseas recipients;
the consequences for the individual if the personal information
is not collected; and
individual may access personal information and complain about a
breach of the APPs.
Your business can notify individuals of the collection of their
information by incorporating a privacy notification statement that
outlines all of the mandatory matters into application forms,
client agreements, terms of trade or at the point of sale.
Why does it matter?
Failure to comply with the APPs may lead to penalties of up to
$1.7 million (for corporations) and up to $340,000 (for
individuals) if they seriously or repeatedly interfere with a
We can work with you to navigate through a wide range of privacy
matters. If you would like further information about any privacy
issues, please contact a member of our privacy team.
Winner – EOWA Employer of Choice for Women Citation 2009,
2010, 2011 and 2012
Winner – ALB Gold Employer of Choice 2011 and 2012
Finalist – ALB Australasian Law Awards 2008, 2010, 2011 and
2012 (Best Brisbane Firm)
Winner – BRW Client Choice Awards 2009 and 2010 - Best
Australian Law Firm (revenue less than $50m)
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Privacy issues require a considered strategy where sets of big data come with ever-increasing regulatory obligations.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).