At the turn of the 21st century data emerged as the hottest new commodity in the market. Labelled ‘the new oil’, governments and private businesses are only just beginning to realise the value of data as a tool for better understanding the behaviour of their citizens and customers. It is important that businesses implement measures to ensure that the valuable personal information is adequately protected. One such measure is a privacy policy.
LawPath can assist you with setting up a privacy policy that makes your business compliant with Australian law. A privacy policy will also indicate to your customers that you are protecting their personal information.
Why do you need a privacy policy?
What does a privacy policy do?
A privacy policy explains to your users how you manage their personal information. It is a key document for ensuring compliance with Australian law. Importantly, a privacy policy will also foster a positive relationship with consumers by letting them know you take their privacy seriously.
You will need to consider the way your business collects, uses, discloses and stores personal information before drafting a policy. This will affect what needs to be included in the policy in order to be compliant. You should also consider the Australian Privacy Principles and ensure that your business practises are compliant.
LawPath can connect you with a business lawyer through our lawyer directory who can guide you through this process.
When do I need a privacy policy?
Australian law requires you to have a privacy policy if:
- You are an Australian or Norfolk Island Government agency; or
- Your business or not-for-profit generates an annual turnover of at least $3 million; or
- You are a private health service provider; or
- Your business or not-for-profit generates an annual turnover less than $3 million but falls within one of the small business exceptions.
Unsure if you fit the bill? Check whether you are required to comply with the Privacy Act with the Office of the Australian Information Commissioner.
What must be addressed in the privacy policy?
Your privacy policy must cover certain issues in order to be compliant with the Privacy Act. Your privacy policy must cover:
- The type of personal information you are collecting and holding;
- The method of collection and storage of the personal information;
- The purposes for which you collect, use, disclose and hold the personal information;
- How an individual may request access to the personal information;
- How an individual may request correction of the personal information;
- What the complaint process is for an individual about your breach of the Australian Privacy Principles and how you will deal with the complaint; and
- Whether you are likely to disclose personal information to overseas entities and if so, what countries the overseas entities are in.
Conclusion
It is easy to get lost in the legal jargon of the APP and Privacy Act. However, it is important to put in the effort to ensure your privacy policy is compliant. LawPath has an easily-customisable privacy policy document that you can use to simplify the process and give your customers peace of mind that their personal information is being handled correctly.
Disclaimer: this legal guide only covers privacy policies for business not caught by the General Data Protection Regulation (GDPR). You may need to create a GDPR compliant privacy policy if you:
- Have an establishment in the European Union; or
- Do not have an establishment in the European Union but offer goods or services or monitor the behaviour of individuals in the EU.
LawPath can help you become GDPR compliant with our easily-customisable GDPR Privacy Policy.
Need more help? Contact a LawPath consultant on 1800 529 728 to learn more about customising legal documents, obtaining a fixed-fee quote from Australia’s largest legal marketplace or to get answers to your legal questions.
