Basic guide to IPPs 1-3 - Collection of personal information

Collection

An agency 1 may request personal information from an individual or from a third party provided the following criteria are met:

  • the agency must only ask for the specific personal information required to fulfil the lawful purpose that is directly related to the function of the agency 2
  • if the information is collected directly from an individual, the agency must tell the individual what the information is going to be used for before, or at the point of collection where possible; if not possible – as soon as practicable after the information is collected 3 ; and
  • the agency must not collect information by unlawful or unfair means, including by trickery, deception or misleading conduct. 4

There are a number of obligations that an agency has to meet when lawfully collecting personal information. The agency must:

  • be aware of the limitations of collecting and using certain types of personal information (such as tax file numbers); and
  • continue to apply the Information Privacy Principles ( IPPs ) to subsequent personal information provided to them, even it if was not specifically requested by the agency.

Collection notices

Before collection or as soon as practicable afterwards, agencies are required to inform the individual from whom personal information is collected of:

  • the purposes for collecting the information
  • any law that authorises the collection; and
  • to whom the agency normally discloses the information and, if known, anyone they in turn will disclose it to.

This 'collection notice' sets out what the agency will do with the information and to whom the personal information will be given. For example, an agency may want to publish personal information in a publicly available document or disclose it to a third party.

The collection notice can be provided verbally as well as in writing. If you are unsure of the intended meaning of the collection notice, you should contact the agency for further information.

Although an agency has to take all reasonable steps to provide a collection notice prior to collecting an individual's personal information, in certain circumstances this will not be possible. An agency is not required to provide a collection notice when collecting personal information in the context of the delivery of an emergency service, and:

  • the agency reasonably believes that in the circumstances, there would be little practical benefit to the individual in making them generally aware about the collection; and
  • the individual would not reasonably expect to be made aware about the collection.

Relevance of personal information 5

It is up to the agency to satisfy itself that the specific purpose for which the personal information is collected relates to the functions of the agency. The agency must ensure that they collect relevant personal information relating to the agency’s stated function and not more information than is necessary.

For example, in a survey about your domestic water use, it would be unlawful for an agency to collect personal information about your sexual orientation. Collection methods must not unreasonably intrude on the personal affairs of individuals.

  • 1 In this Guideline references to an 'agency' also include Ministers and bound contracted service providers, unless otherwise specified. [up]
  • 2 As outlined in Information Privacy Principle ( IPP ) 1. [up]
  • 3 As outlined in IPP 2. [up]
  • 4 As required by IPP 1(2). [up]
  • 5 As outlined in IPP 3. [up]

Current as at: January 10, 2012