Privacy Act countdown is on


Privacy Act countdown is on

Privacy law will soon extend to corporate business in Australia.


Get unlimited access to all of our content.

Australian Business Lawyers


Privacy law will soon extend to corporate business in Australia. From next Friday, prescribed businesses will have to have privacy procedures and policies in place. For the remaining days leading up to 21 December, WorkplaceInfo will be publishing a series of articles including outlines of the National Privacy Principles, the cornerstone of the new privacy legislation. Today's article outlines the first principle, collection.

Privacy always a concern
Privacy has been a substantial issue facing businesses well before the introduction of legislative requirements dealing with privacy.

In a survey conducted by the Office of the Federal Privacy Commission in July, the majority of businesses, irrespective of their areas of operation, noted privacy concerns as a key area of their business dependencies. For example, the response rate level of concern was 80% in retail, manufacturing, business and personal services industries as well as the education and health industries.

The introduction of a legislative regime which now extends to operations in the private sector is a legislative response to community concerns about privacy.

The 10 National Privacy Principles (the 'NPPs') represent high-level principles which prescribe minimum standards of privacy practices.

Principle 1 - Collection

NPP1 deals with the collection of personal information.

The principle provides that an organisation must only collect personal information for its own activities. Information must be collected by lawful and fair means and not in an unreasonably intrusive way.

In order to comply with NPP1, organisations will need to have a detailed look at and analyse how the business as a whole collects personal information. In doing so, it will be important to identify what personal information is necessary for one or more of the functions or activities of the business. Compliance with NPP1, in many respects, set the parameters for compliance with the balance of the NPPs.

Further obligations

NPP1 also imposes an obligation on organisations to notify individuals, or at least take reasonable steps, to ensure that individuals are aware of:

  1. the identity of the organisation and how to contact it; and
  2. the fact that he or she is able to get access to the information; and
  3. the purpose for which the information is collected; and
  4. the organisations (or types of organisations) to which the organisation usually discloses information of that kind; and
  5. any law that requires particular information to be collected;
  6. the main consequences (if any) to the individual if all or part of the information is not provided.

Often the above requirements are referred to as the 'Collection Statement', which forms part of the organisation's privacy policy. This means to comply with the Privacy Amendment (Private Sector) Act 2000, particularly with NPP1, businesses must have a collection statement that addresses the above requirements.

Tomorrow, WorkplaceInfo will look at NPP2, dealing with use and disclosure of information.

Further enquiries on this article may be addressed to:




Post details