Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
Whenever you get personal information deliberately, you are 'collecting' it. The Privacy Act sets out what personal information you can collect, where you may collect it from, and how you may collect it.
If you’re thinking about collecting personal information, the first thing you should consider is why you’re collecting it. The Privacy Act requires that you only collect personal information that’s necessary for a lawful purpose. For example, it could be to deliver a product or service, or find the right person to employ. Having a clear purpose will help you make good decisions about collecting and using personal information.
Before you collect personal information, think about what information you need to achieve your purpose. You may find you don’t need to collect as much as you originally thought, or you may not need to collect any at all. The more unnecessary information you have, the more you have to keep up to date, and the more likely mistakes are to happen.
If your lawful purpose changes or you want to use the personal information you have collected for an unrelated purpose, you are likely to need the agreement of the people you collected it from.
Privacy principle 1 governs purposes for collecting information.
Generally, you should collect information directly from the person it’s about. Then the person will know what information you've got and what you're doing with it - they're far less likely to be surprised or upset.
Sometimes you do need to get information from other sources – for instance if you're checking job references or doing a credit check. You can do this when:
Privacy principle 2 governs sources of personal information.
If you're collecting personal information from someone, you need to let them know what you're doing. The best way to do this is usually with a clear privacy statement.
Our Privacy Statement Generator makes it easy.
You need to take reasonable steps to tell people:
Sometimes it’s obvious to people that you’re collecting their information. Other times, it may not be as obvious, e.g. if you’re using CCTV, or cookies on a website. Whatever the case, being open with people about what you’re doing with their information means you won't take them by surprise, and they're less likely to object. Think about how and when it would be best to tell them.
You may not need to tell the person if it would undermine the purpose of the collection, or it’s just not possible to tell them.
Privacy principle 3 governs what you need to tell an individual.
Make sure you collect personal information in a way that is lawful, fair, and not unreasonably intrusive. For instance, covert surveillance is usually not allowed.
Privacy principle 4 governs how you should collect personal information.
