If you're collecting personal information about someone - for example a customer - and you're getting the information from that person, principle 3 of the Privacy Act says that you need to let them know what you're doing.
Sometimes, of course, it's obvious that you are collecting the information and what you're going to use it for. You may not intend to disclose it to anyone. But people are still understandably cautious about giving out their personal information. They need to know they can trust you. They are more likely to do so if you tell them, up front, what you're doing with their information and why. People are particularly concerned that their information may be passed on to other agencies without them knowing.
Occasionally, it may not be obvious that you are collecting information at all unless you say so. For example, you may have a CCTV system, or your website may place a cookie on visitors' computers.
A privacy notice ensures that people are aware:
Also, be prepared to answer people's questions about how you will handle their personal information. They're entitled to ask.
There are times when you don't have to provide a privacy notice - check principle 3 for a list of these exceptions.
Giving notice to website visitors about how your agency collects and uses personal information is good practice. An effective approach to this task is to use a layered privacy notice, and we have recommended '10 Steps to develop a multilayered privacy notice' as a source of detailed information.
Now, based upon continuing collaboration with a small group of NZ agencies who are piloting the layered notice approach, the Office of the Privacy Commissioner has published 'Questions & Answers About Layered Privacy Notices'. In the form of questions and answers, we state why a layered privacy notice can improve communication about how your agency handles personal information. It explains how layered notices structure information in a way that readers can recognise, gives reasons why the layered notice structure can meet the needs of agencies large and small, and introduces a simple process you can adopt to create your own.
The information shared in 'Questions and Answers' is a work in progress and may expand or change as we learn from experience.
Click the link to see 'Questions and Answers about Layered Privacy Notices'.
Center for information policy leadership
Ten steps to develop a multilayered privacy notice
OECD (Organisation for Economic Cooperation and Development)
Making Privacy Notices Simple: An OECD Report and Recommendations
OECD Privacy Statement Generator
APEC (Asia-Pacific Economic Cooperation)
Multi-Layered Notices - A Developing Standard
Multi-Layered Notices Explained