Provide an APP 5 collection notice at or before collection
APP 5 requires notice of identity, purposes, recipients, consequences of not providing info, and where Privacy Policy lives.
Who must comply
All APP entities collecting personal information.
What triggers it
Collecting personal information.
When due
At or before collection (or as soon as practicable thereafter).
Evidence required
Collection notices, signup flows, consent dashboards.
Max penalty
Same penalty regime as broader Privacy Act breaches (up to $50M / 30% turnover)
Summary
APP 5 requires APP entities to take reasonable steps to notify individuals (or otherwise make information available) when collecting personal information. Mandatory matters: entity identity, purpose of collection, kinds of recipients, that the Privacy Policy contains information about access/correction, and consequences of not providing the info.
Enforced by
Source legislation
Topics
Source: https://oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelines/chapter-5-app-5-notification-of-the-collection-of-personal-information. Rules Mate is not a law firm. Always verify against the live regulator source before acting.