This is an HTML version of an attachment to the Freedom of Information request 'Privacy training in the Defence Department'.

Australian Privacy Principle 3: 
Collection of solicited personal 

An APP entity collects personal information only if the information is to be put in a record or in a generally 
available publication, like a magazine or newspaper (See 
Important terms for more information on 
'collection' and 'record'). 
There are two APPs that concern the collection of personal information,: APP 3 and APP 4. APP 3 
specifically deals with the collection of solicited information; whereas APP 4 is limited to the collection of 
unsolicited information. However, when collecting unsolicited personal information, APP 3 will also apply. 
APP 4 for unsolicited information. 
The Office of the Australian Information Commissioner's APP guidelines state: 
'An APP entity solicits personal information if it explicitly requests another entity to provide personal 
information, or it takes active steps to collect personal information.' 
Limitations on collection 
An APP entity that is an agency must not collect personal information (other than sensitive information) 
unless the information is reasonably necessary for or directly related to, one or more of the entity's functions 
or activities. 
Defence functions can be determined having regard to the Administrative Arrangement Orders, which 

international Defence relations and defence co-operation;  

Defence scientific research and development;  

Defence procurement and purchasing;  

Defence industry development and co-operation; and  

our legislation and recent initiatives announced by government. This also includes the management 
of Defence personnel. 
Collection of sensitive information 
The collection of sensitive information is further limited. An APP entity must not collect sensitive 
information about an individual unless: 
1.  the individual consents to the collection and if the entity is an agency, like Defence, the 
information is reasonably necessary for or directly related to, one or more of the entity's functions 
or activities; or  
2.  one of the following exceptions applies. 
There are a number of exceptions that may apply. Below are the ones that agencies can rely on: 
the collection of the information is required or authorised by or under an Australian law or a 
court/tribunal order; or  
b.  a permitted general situation exists in relation to the collection of the information by the APP 
entity; or  
the APP entity is an enforcement body and the entity reasonably believes the collection of the 
information is reasonably necessary for, or directly related to, one or more of the entity's functions 
or activities. 

Important terms for more information on 'enforcement body') 
Note: The permitted general situations ( 
view in pdf format or 
view Word format ) list the 
circumstances in which personal information may be collected without consent. 
How can personal information be collected? 
Collection of solicited information must be by lawful or fair means (i.e. not through spying or trickery). 
An agency must also only collect personal information from the individual concerned unless: 

the person has consented;  

the collection from another person is required or authorised by law or a court/tribunal order, such 
as in the course of an investigation; or  

where it is unreasonable or impracticable to do so. 
APP10 also requires entities to take steps to ensure that personal information collected is accurate, up-to-date 
and complete (see 
APP 10 for more information). 
Need help? 
If in doubt about what constitutes personal information or what exceptions apply to the collection of 
sensitive information, Defence personnel should contact the Defence Privacy inbox for assistance. 

Document Outline