Privacy Act 2020 – What you need to know

16 November 2021

All not-for-profits deal with data about people, including donors. The Privacy Act 2020 came into force on 1 December 2020 and provides rules that NFP’s must comply with when collecting and using this data, so it’s important you understand your legal obligations.

*The Privacy Act 2020 has 13 Information Privacy Principles which you are expected to comply with. There are also rules about what you must do if someone asks what information you hold about them or asks you to correct it. The 2020 Act also requires agencies to report to the Privacy Commissioner if they have a “notifiable privacy breach”.

When you are collecting data or information about people, they have legal rights that you must respect. This means that, among other things, when you are collecting and using people’s information you must ensure the following:
The people you are collecting information about know that you are collecting it, why you are collecting it, how you will use it, and where it goes.

The data flows appropriately from them to you (securely), inside your organisation (access to it is controlled), and outside your organisation (any disclosures are carefully considered).

If you haven’t already, we highly recommend you take the time to ensure your organisation is meeting these legal requirements.

*Information sourced from

Scroll to Top