5.1 An organisation that collects personal information is to take reasonable steps either to notify the individual of certain matters or to ensure the individual is aware of those matters. Reasonable steps must be taken at or before the time of collection, or as soon as practicable afterwards. This applies whether the information was acquired through solicitation or not (unless the information is destroyed or de-identified).


An organisation must take reasonable steps to give the notification. The OAIC’s policy is that what steps are reasonable must be determined on the circumstances. This includes the sensitivity of the information, the possible adverse consequences for an individual of the collection, special needs of the individual and, excessive impracticability, including the time and expense involved. Mere inconvenience is not an excuse....





Privacy Law

Australian Privacy Principle 5 - Notification of the Collection of Personal Information