Australian Privacy Principle 3:
Collection of solicited personal
information
An APP entity collects personal information only if the information is to be put in a record or in a generally
available publication, like a magazine or news
paper (See
Important terms for more information on
'collection' and 'record').
There are two APPs that concern the collection of personal information,: APP 3 and APP 4. APP 3
specifically deals with the collection of solicited information; whereas APP 4 is limited to the collection of
unsolicited information. However, when collecting unsolicited personal information, APP 3 will also apply.
See:
APP 4 for unsolicited information.
The Office of the Australian Information Commissioner's APP guidelines state:
'An APP entity solicits personal information if it explicitly requests another entity to provide personal
information, or it takes active steps to collect personal information.'
Limitations on collection
An APP entity that is an agency must not collect personal information (other than sensitive information)
unless the information is reasonably necessary for or directly related to, one or more of the entity's functions
or activities.
Defence functions can be determined having regard to the Administrative Arrangement Orders, which
includes:
o
international Defence relations and defence co-operation;
o
Defence scientific research and development;
o
Defence procurement and purchasing;
o
Defence industry development and co-operation; and
o
our legislation and recent initiatives announced by government. This also includes the management
of Defence personnel.
Collection of sensitive information
The collection of sensitive information is further limited. An APP entity must not collect sensitive
information about an individual unless:
1. the individual consents to the collection and if the entity is an agency, like Defence, the
information is reasonably necessary for or directly related to, one or more of the entity's functions
or activities; or
2. one of the following exceptions applies.
There are a number of exceptions that may apply. Below are the ones that agencies can rely on:
a.
the collection of the information is required or authorised by or under an Australian law or a
court/tribunal order; or
b. a permitted general situation exists in relation to the collection of the information by the APP
entity; or
c.
the APP entity is an enforcement body and the entity reasonably believes the collection of the
information is reasonably necessary for, or directly related to, one or more of the entity's functions
or activities.
(See
Important terms for more information on 'enforcement body')
Note: The
permitted general situations (
view in pdf format or
view Word format ) list the
circumstances in which personal inform
ation may be collecte
d without consent.
How can personal information be collected?
Collection of solicited information must be by lawful or fair means (i.e. not through spying or trickery).
An agency must also only collect personal information from the individual concerned unless:
o
the person has consented;
o
the collection from another person is required or authorised by law or a court/tribunal order, such
as in the course of an investigation; or
o
where it is unreasonable or impracticable to do so.
APP10 also requires entities to take steps to ensure that personal information collected is accurate, up-to-date
and co
mplete (see
APP 10 for more information).
Need help?
If in doubt about what constitutes personal information or what exceptions apply to the collection of
sensitive information, Defence personnel sho
uld contact the Defence Privacy inbox for assistance.
Document Outline