Lawpath Blog
Can I Request Online Information Without A Privacy Policy?

Can I Request Online Information Without A Privacy Policy?

Read this article to find out whether your business needs to have a privacy policy in place.

19th February 2019
Reading Time: 2 minutes

What is a Privacy Policy?

A privacy policy is a legal document that clearly sets out how your business collects, manages and stores personal information. You can create your own privacy policy for your business using LawPath. 

Personal Information

Personal information is used to identify, or “reasonably identify”, an individual. For example addresses, email addresses, telephone numbers or credit card numbers are types of information that can be collected directly to verify a person’s identity. 

On the other hand, many websites also indirectly collect personal information using “cookies”. Cookies are small text files that collect information about a user’s web browsing behaviour. The use of cookies allows businesses to tailor sales and marketing content to your preferences.

Does my business need a Privacy Policy?

All Australian Privacy Principle (APP) entities must have a privacy policy.

Moreover, the Privacy Act 1988 defines an APP entity is an agency (government body) or an organisation. An organisation can be any of the following which have an annual turnover of $3 million or more:

  • Individual/sole trader; or a
  • Body corporate; or a
  • Partnership; or a
  • Unincorporated association; or a
  • Trust.

“Small Business” exemptions

However, if you are a small businesses that earns less than $3 million each year you do not need to have a privacy policy. 

Unless, you…

  • Own another business that has >$3 million annual turnover; or you
  • Collect or disclose personal information to others; you are a
  • Health service provider; or a
  • Commonwealth contracted service provider; or a 
  • Credit reporting body.

Connect with a LawPath Privacy Lawyer to find out whether these exemptions apply to your business.


In conclusion, you are required to have a privacy policy if your business has an annual turnover over $3 million and collect personal information from your customers. Personal information can be collected directly or indirectly and it is important to tell your customers exactly (i) what you are collecting and (ii) what you plan to do with it. Even if your business is not required by law to have a privacy policy, it is best practice to have one in place. This will help build a level of trust with your customers and give them peace of mind.

Unsure where to start? Contact a LawPath consultant on 1800 529 728 to learn more about customising legal documents and obtaining a fixed-fee quote from Australia’s largest legal marketplace.

Madeleine Findlay

Madeleine is a legal intern at Lawpath as part of their content team. She is currently in her second year of LLB at Macquarie University majoring in Media, Technology and the Law.