Privacy Law

Australian Privacy Principle 3 - Collection of Solicited Personal Information

Collecting information, for purposes of the Act, is when information is gathered, acquired or obtained for inclusion in a record or publication. The information can come from any source, by any means.


Soliciting of information is, for purposes of the Act, when an organisation requests information from an individual or a third party about the individual. The individual may or may not be involved at all. It can then be collected – that is, acquired and placed on record.


Personal information other than sensitive information

3.1-3.2   An organisation must not collect personal information (other than sensitive information) unless it is reasonably necessary for, or directly related to, one or more organisation functions or activities. Therefore collecting information  that will not be used is disallowed.


Sensitive Information

3.3 If the information sought is sensitive information, an organisation must not solicit it fro many source unless the individual consents to the collection of the information and the information is reasonably necessary for one or more organisation functions or activities; or if any of a few special situations apply, such as:...




Means of collection

3.4 An organisation can only collect personal information by lawful and fair means. A fair means is defined as ‘one that does not involve intimidation or deception, and is not unreasonably intrusive.’[1] The OAIC stated, by way of example, that obtaining information covertly is unfair, unless it is done for purposes of fraud detection.[2]...







[1] Explanatory Memorandum, Privacy Amendment (Enhancing Privacy Protection) Bill 2012, p 77 , as stated in Australian Privacy Principles Guidelines, Privacy Act 1988, Office of the Australian Information Commissioner, Canberra, 2015, p14.


[2] Australian Privacy Principles Guidelines, op cit 2.