With the upcoming changes around providing notice when collecting personal information indirectly it is important to be able to identify where in your business indirect collection is occurring. During this session we will discuss common scenarios in which indirect collection occurs. We will also cover how previous and future Privacy Impact Assessments can be used to identify indirect collection.

The upcoming changes introduce the requirement to provide a privacy notice to individuals where their information is collected indirectly unless one of the exceptions applies. During this session we will explore how this can be practically achieved and what exceptions may apply to the requirement to provide notice.

As part of this session, we will cover common types of relationships between organisations and how this impacts indirect collection. As a result of indirect collection where you are collecting personal information from another organisation you are likely to want to introduce requirements into their contracts enabling you to be exempt from providing notice at the time of collection as they have already been provided notice by the disclosing organisation. Equally however where you are disclosing information to another organisation, they are likely to want to introduce similar requirements.