Privacy Law

Definitions 1


There is no limit to the sources from which information may be obtained to qualify as collection. However, an organisation is said to collect personal information only if it gathers, acquires or obtains the information for inclusion in a record or generally available publication. If the information is not recorded then collection has not occurred. Therefore merely coming by personal information in a media article is not collection, unless it is saved or filed for later, and being told something verbally is not collection unless notes are taken at some stage, or a recording is made.



An organisation is said to hold personal information about a person if it has possession or control of a record of it. It includes instances where there is no physical possession, but only a legal right to control it.



To de-identify information is to take any record of personal information and remove or alter details so that the individual it is about can no longer be identified. This includes not only names, but information from which the individual can be identified.



An organisation is a private entity. The act also covers government bodies, which it calls agencies and applies slightly different rules, but we are not concerned with those. An organisation can be any of the following:

  • an individual (including a sole trader)

  • a body corporate

  • a partnership

  • any other unincorporated association, or

  • a trust

The reference to ‘an individual (including a sole trader)’ is about people doing business in their individual capacity. There is no law against gossip and casual chatter!...