Introduction

21.1 The collection of personal information, including the receipt and retention of unsolicited personal information, marks the initial stage in the information cycle. Without collection, issues concerning use; disclosure; access; correction; and cross-border data flows do not arise. It is therefore important for the collection of personal information to be regulated appropriately.

21.2 The privacy principles in the Privacy Act 1988 (Cth) impose restrictions on the collection of personal information by agencies and organisations. Similar but different requirements are imposed on the public and private sectors. This chapter considers how the principles currently regulate the collection of personal information. It also considers the limitations that should be placed by the model Unified Privacy Principles (UPPs) on the collection of personal information and, in particular, how agencies and organisations should deal with unsolicited personal information.