Legal and fair collection of personal information

ANU is required to collect personal information in a manner that is both lawful and fair. This dual requirement underscores the importance of complying with legal standards while also considering the ethical implications of data collection.

The Australian Privacy Principles (APPs) emphasise the importance of considering the knowledge and reasonable expectations of the individual whose personal information is being collected. This means that when ANU collects personal information, it must consider what the individual knows about the collection process and what they reasonably expect will happen with their information. This principle ensures that individuals are not caught off guard by unexpected uses of their personal information, fostering trust between the individual and ANU. 

What is legal collection of personal information?

Legal collection of personal information refers to the process of gathering data in a manner that adheres to the Privacy Act 1988 (Cth). This means that ANU must ensure our data collection practices are lawful, transparent, and respectful of individuals' privacy rights, as outlined in the APPs.

What is fair collection of personal information?

In addition to legally collecting personal information, the ANU must also fairly collect personal information. According to the Office of the Australian Information Commissioner (OAIC), fair collection means that it does not involve intimidation or deception and is not unreasonably intrusive. 

ANU must be transparent about their data collection practices and avoid using any form of coercion or misleading tactics to obtain personal information. For example, ANU should not trick individuals into providing their personal information by hiding the true purpose of the collection or by using aggressive tactics that make individuals feel pressured to comply. By adhering to these guidelines, ANU can ensure that their data collection practices are ethical and respectful of individuals' autonomy.

How ANU ensures it collect information fairly

1. Informed consent: before collecting personal information, ANU provides individuals a clear and concise explanation of why the information is being collected, how it will be used, and who it will be shared with. 
2. Opt-in mechanisms: instead of assuming consent, ANU uses opt-in mechanisms where individuals actively choose to provide their information. 
3. Minimal data collection: ANU will only collect the information that is necessary for the intended purpose. 
4. Transparency in data use: ANU clearly communicates how collected data will be used and ensures that it aligns with the individual's expectations. 
5. Secure data handling: ANU implements robust security measures to protect collected personal information from unauthorised access or breaches. The  Privacy Impact Assessment web form must be completed for new or changing processes that handle personal information.
6. Respecting withdrawal of consent: wherever possible, ANU allows individuals to withdraw their consent and stop the collection or use of their personal information. 
7. Non-intrusive methods: ANU collects information in a way that does not intrude on an individual's privacy.

Aligning with reasonable expectations

Aligning with the expectations of individuals means understanding and respecting what individuals reasonably anticipate when they provide their personal information to ANU or third parties it may collect information from. This involves being transparent about data collection practices, ensuring that the use of their information matches what they were informed about, and avoiding any surprises or misuse of their data. For example:

1. The possession of personal information by ANU does not grant the right to use it for any purpose. It is essential to consider the original reason(s) for which the information was collected and ensure it is used for that intended purpose.
2. When collecting publicly available personal information, careful consideration must be given to the context in which the information was made public. It should only be collected and used within the scope of that context.

What are some examples of non-intrusive methods?

Non-intrusive methods of collecting personal information are those that respect individuals' privacy and do not cause unnecessary discomfort or inconvenience. 

1. Voluntary surveys: conduct surveys where participation is entirely voluntary and individuals can choose which questions to answer. 
2. Anonymous data collection: collect data in a way that does not directly identify individuals. 
3. Contextual data collection: only collect information in a context where it is expected and relevant. 
4. User-controlled data sharing: allow individuals to control what information they share and with whom. 
5. Minimal data requests: asking for only the information necessary for a specific purpose. 

What are some examples of opt-in mechanisms?

Implementing opt-in mechanisms in data collection process can be a straightforward yet effective way to ensure that ANU respects individuals’ privacy and obtains explicit consent. 

1. Clear and concise privacy notices: design privacy notices that clearly explain what information is being collected, why it is being collected, and how it will be used. Avoid using legal jargon or lengthy explanations.
2. Explicit opt-in checkboxes: use checkboxes that require individuals to actively select them to give their consent. 
3. Granular consent options: allow individuals to provide consent for specific types of data collection or communication. 
4. Transparent privacy policy: include a link to the ANU Privacy Policy in privacy notices so individuals can review it before giving their consent.
5. User-friendly interface: design interfaces in a way that makes it easy for individuals to understand and complete the opt-in process. 
6. Easy opt-out options: provide individuals with a simple and straightforward way to withdraw their consent at any time. 

How often should privacy notices be reviewed?

It's a good practice to review and update privacy notices regularly to ensure they remain compliant with current regulations and reflect any changes in data collection practices. Visit the ANU privacy site for current guidance on privacy notices. 

1. Annually: conduct a review of privacy notices at least once a year to ensure they are up to date with any changes in privacy laws and ANU data practices.
2. Regulatory Changes: whenever there are significant changes in privacy regulations, review privacy notices to ensure compliance.
3. Changes in data practices: if ANU introduces new data collection methods, uses personal information in new ways, or partners with new third parties, update privacy notices to reflect these changes and inform individuals.
4. Technological advancements: regularly review privacy notices to ensure they address any new technologies or practices that ANU adopts.
5. User feedback: if individuals find the privacy notice confusing or unclear, revise the notice to improve clarity and transparency.