5 Mistakes to Avoid in Your Privacy Policy

The recent Facebook scandal saw people all over the world debate and raise concerns about online privacy and data collection. Your customers and website users have the right to know how their personal information is collected and used. Legally, you are required to have a privacy policy that is compliant with the Privacy Act 1988 (Cth) and the 2014 amendment called the Australian Privacy Principles (APPs). In this guide, we’ll discuss the 5 Mistakes to Avoid in Your Privacy Policy.

What is a Privacy Policy?

A Privacy Policy outlines what personal data will be collected and how this data is retained. In addition, this policy also addresses how this data is used by your business and any third-parties. Informing customers about how you manage their personal information through a Privacy Policy would foster a positive relationship with them.

Do I need a Privacy Policy?

Australian laws require you to have a Privacy Policy if:

  • You are an Australian or Norfolk Island Government agency
  • Your business or not-for-profit generates an annual turnover of at least $3 million.
  • You are a health service provider in the private sector.

A few specific business structures and not-for-profit with less than $3 million are required to have a Privacy Policy if they fall under the following exemptions:

  • Employee associations registered under Fair Work (Registered Organisations) Act 2009 (Cth).
  • Contracted service providers for a Commonwealth contract
  • All business that sells or purchase personal information
  • Credit reporting bodies
  • All subsidiaries of a company covered by the Privacy Act 1988 (Cth)

If you are unsure whether your small business needs to comply with the Privacy Act 1988 (Cth), please visit the Privacy Business Resource.

What mistakes should you avoid while setting up your Privacy Policy?

1. Failing to disclose how you collect data

It is vital that you consider how your business collects, retains, uses and discloses personal information before drafting your privacy policy. You have a legal obligation to provide accurate and updated details about data collection and retention through your website. Any updates to the existing Privacy Policy requires a notice of the changes issued to all users. Failure in doing so can result in serious consequences.

If you are unsure about your business’s policies regarding data collection and usage, visit our website to connect with a business lawyer who can guide you through this process.

2. Collecting data without permission

Ensure that you have taken the necessary precautions to avoid collecting any unintended or undisclosed data. Only collect the required data as outlined in your Privacy Policy. For instance, if you have specified that you will be collecting email addresses, then you are only permitted to collect this data. You cannot collect their date of birth at the same time without disclosing it.

3. Failing to disclose third-party access

Your website or mobile app may permit third parties to collect data from users. However, your Privacy Policy should explicitly mention this in its provisions. You are responsible to provide an outline as to how this data will be retained and used by third parties.

Furthermore, if you intend on sharing aggregated or de-identified information to third parties, you have to mention this in your Privacy Policy.

4. Failing to treat data security seriously

Protecting the privacy of customers or users that access your website and app is a serious business. Further, it is pivotal that the data collected is not misused, modified, disclosed or accessed without authorisation. Incorporating reasonable steps like algorithms, filters, secured servers and anonymisation tools will help protect the data collected. This can be done by analysing the harm that would occur if the data collected is compromised before incorporating a suitable security measure. For example, your website can incorporate SSL, if you intend on collecting sensitive information like credit card details. This will establish an encrypted link between your web server and browser to ensure all data that passes between them remains private.

5. Your procedure for dealing with complaints

Your Private Policy should outline the procedure for receiving any complaints related to privacy breaches. This will ensure users that your business has an effective complaint handling procedures in place to specifically deal with privacy breaches. It is also essential that you provide contact details for users to make a complaint in case of a privacy breach.

Finally

It is crucial to have an accurate and updated version of a Privacy Policy for your website. Even if the Privacy Act 1988 (Cth) does not apply to your business, it is prudent to have a Privacy Policy for your website or app as this would help build a rapport with your customers and visitors. Finally, the reassurance provided by your Privacy Policy will help you build customer confidence in your products and services.

Don’t know where to start? Contact us on 1800 529 728 to learn more about customising legal documents and obtaining a fixed-fee quote from Australia’s largest lawyer marketplace.

You may also like
Recent Articles

Get the latest news

By clicking on 'Sign up to our newsletter' you are agreeing to the Lawpath Terms & Conditions

Share:

Register for our free live webinar today!

Navigating the End-of-Year Shutdown: Essential Tips for Your Business

12:00pm AEDT
Tuesday 10th December 2024

By clicking on 'Register for webinar' you are agreeing to the Lawpath Terms & Conditions

You may also like

As end of year approaches, now is the perfect time to review your business and get it ready for a successful year ahead.
Specific performance and injunctions are two remedies available within equity law. This article will dissect both of these remedies which are available at equity.
Learn how joint venture agreements protect your small business when partnering up. Get our template to secure your interests and start your collaboration right.

Thank you!

Your registration is confirmed. Keep an eye on your inbox for an email with details on how to watch the webinar.