Privacy Collection Notice requirements
NSW Government agencies are required to comply with the Information Protection Principles including IPP 3* when collecting personal information and the Health Privacy Principles including HPP 4* when collecting health information.
A Privacy Collection Notice (PCN) needs to be provided to a person whose personal and/or health information is being requested and collected. A PCN informs about:
- the fact of collection
- the purpose of collection
- whether information will be disclosed
- whether provision of information is required by law or voluntary and consequences of not providing it
- a person’s right to access and correct their information
- an agency's contact details.
*IPP3 – Open
Inform the person you are collecting the information from why you are collecting it, what you will do with it and who else might see it. Tell the person how they can view and correct their personal information, if the information is required by law or voluntary, and any consequences that may apply if they decide not to provide their information.
*HPP 4 – Open
An organisation must inform you of why your health information is being collected, what will be done with it and who else might access it. You must also be told how you can access and correct your health information, and any consequences if you decide not to provide it.
When your agency uses a webform on nsw.gov.au to collect personal and/or health information, PCN templates enable you to fulfil these requirements.
Note: a PCN is different from a privacy policy or privacy management plan. A privacy policy or a privacy management plan outlines an overall commitment of an agency to privacy and its practices and procedures in handling personal information. A PCN is specific and given at the time of collecting new personal or health information.
Privacy Collection Notice templates
The OneCX Program has created the below Privacy Collection Notice templates that Content Authors and Editors can use for their webforms on nsw.gov.au.
Use this collection notice when your webform collects personal information only and:
- the provision of information by an individual is voluntary, and
- information is not shared with anyone else
Use this collection notice when your webform collects personal information only and:
- the provision of information by an individual is required by law, and
- information is not shared with anyone else
Use this collection notice when your webform collects personal information only and:
- the provision of information by an individual is voluntary, and
- information is shared with other agencies or third parties
Use this collection notice when your webform collects personal information only and:
- the provision of information by an individual is required by law, and
- information is shared with other agencies or third parties
Use this collection notice when your webform collects personal and health information and:
- the provision of information by an individual is voluntary, and
- information is not shared with anyone else
Use this collection notice when your webform collects personal and health information and:
- the provision of information by an individual is required by law, and
- information is not shared with anyone else
Use this collection notice when your webform collects personal and health information and:
- the provision of information by an individual is voluntary, and
- information is shared with other agencies or third parties
Use this collection notice when your webform collects personal and health information and:
- the provision of information by an individual is required by law, and
- information is shared with other agencies or third parties
All webforms must now use a Privacy Collection Notice
The Privacy and Personal Information Protection Act 1998 and the Health Records and Information Privacy Act 2002 (NSW privacy laws) require agencies to provide a privacy notice when personal or health information is collected.
To ensure webforms on nsw.gov.au comply with NSW privacy laws, all webforms collecting personal and/or health information must have a Privacy Collection Notice. Webforms without a Privacy Collection Notice cannot be created.
How PCN templates are built
PCN templates in the CMS have three components:
- Non-editable content aligned with the privacy compliance requirements
- Tokens – filled in automatically with information from the Content Management System (CMS) (in the format of [webform:agency:xx])
- PCN content fields – filled in manually by a webform creator ( in the format of [webform:xx])
How to select the right PCN template
Download the PCN selection decision tree from the list below and use it as a guide to help you select the right PCN template for your webform.
Adding a Privacy Collection Notice to your nsw.gov.au webform
- Login to the CMS, and navigate to your webform
- Click on the Build tab
- Click on the + Add element button
- On the 'Filter by element name' search box, type in Privacy to search for the Privacy notice element. Click on the Add element button to the right of 'Privacy notice'.
- The Privacy Notice element editing window will open. On the Privacy collection notice dropdown list, select the Privacy Collection Notice that is applicable to your webform.
- Ensure that the rest of the fields have these values entered in. These values are required for your webform to be compliant with IPP policies and privacy laws.
- Title: Privacy Collection Notice
- User declaration* is dependent on the Privacy collection notice chosen for the form
- Privacy collection notice error label*: Please read and agree to the Privacy Collection Notice.
- Privacy collection notice error message*: Please read and agree to the Privacy Statement/Plan.
The fields above with a (*) are not editable. If you notice anything that needs to be updated, send through the details of the updates on the Privacy enquiries form.
- Once done, scroll down to the bottom of the editing window, and click on Save
- The Privacy Collection Notice element will show up on the bottom of the webform build page. Click on Save elements.
- Click on the Settings tab
- Scroll down to Data Custodian (owner) and type in the Agency for which the form belongs to. Click on the agency from the list as the results show up.
-
Scroll further down to the Third party settings accordion and expand it.
Fill in the required PCN content in the Privacy information fields listed as applicable:
- enter text in the Purpose of collection field – this field is mandatory for all PCN templates
- if you selected A2 or A4 or B2 or B4 PCN template, enter text in the Collection required by law, and Consequences of not providing fields
- if you selected A3 or A4 or B3 or B4 PCN template, enter text in the Information disclosure field
- hover over help icons in the CMS, or
-
refer to the Adding content in the Privacy Collection Notice templates article, or
-
submit a Privacy Support ticket through Help Hub for assistance.
(Note: if there is anything on the document that needs to be updated, send the details on the
14. The form is now ready for use.
Clicking on Submit without agreeing to the Privacy Collection Notice checkboxes will not allow the form to be submitted.
Need more support on Privacy for nsw.gov.au?
Submit your request on the Privacy enquiries form and our privacy team will assist you.