The Australian Privacy Principles (the APPs) contained in the Privacy Act 1988 (Cth) (the Act) set out the way Commonwealth government agencies and many private sector organisations are to handle personal information.   The APPs apply to all private sector organisations with an annual turnover greater than $3 million and all health service providers irrespective of turnover.

Organisations with an annual turnover of $3 million or less are generally considered to be ‘small business operators’ (SBO) as defined in section 6D of the Privacy Act 1988 (Cth) (the Act).

SBOs are exempt under section 6C of the Act and therefore do not have to comply with the Australian Privacy Principles (the APPs) in the Act.

This means that the Cobra Car Club of WA (Inc.) is exempt from complying with the Act.   However, as an act of good governance the CCCWA will, as far as is practicable, comply with the following guidelines:

Collection of personal information

The Act permits an organisation to collect personal information if it is reasonably necessary for one or more of its functions or activities.

Further, an organisation is required to notify individuals of certain matters at the time of collection, and only use or disclose that information for the primary purpose of collection.

An organisation can collect the personal information of individuals provided that they have a relevant business function to do so and provided that they have notified the individual concerned why the information is being collected and how it may be used or disclosed.

How the Act applies

 APP 3 regulates the collection of personal information, and states that an organisation must:

  • only collect personal information that is reasonably necessary for, or directly related to, one or more of their functions or activities,
  • only collect personal information by lawful and fair means, and
  • only collect personal information directly from the individual, when it is reasonable and practicable to do so.

Further information on APP 3 can be found at APP Guidelines Chapter 3 – Collection of solicited personal information.

APP 5 states that at the time an organisation collects personal information about an individual, the organisation must take reasonable steps to notify the individual, or otherwise ensure the individual is aware, of certain matters.   These matters include:

  • the organisation’s identity and contact details,
  • the fact and circumstances of collection,
  • whether the collection is required or authorised by law,
  • the purposes of collection,
  • the consequences if personal information is not collected,
  • the organisation’s usual disclosures of personal information of the kind collected by the entity,
  • information about the organisation’s APP Privacy Policy, and
  • whether the organisation is likely to disclose personal information to overseas recipients, and if practicable, the countries where they are located.

An organisation must provide notification before, or at the time it collects personal information.   If this is not practicable, notification should be provided as soon as practicable.

Further information on APP 5 can be found at APP Guidelines Chapter 5 – Notification of the collection of personal information.





Powered by Wild Apricot Membership Software