Privacy is a growing area of concern for many customers and policymakers. As a result, businesses must follow privacy regulation by taking the relevant and necessary steps. In particular, one requirement of privacy law is that businesses are often required to have a privacy policy and also a privacy notice.
In this post we’ll discuss the difference between a privacy policy and a privacy notice, and also how each of them operate.
Privacy policy
A privacy policy is a document that states how your business will deal with personal information it collects. It covers how personal information will be handled. This includes how data will be collected, used, stored and managed.
Get a free Privacy Policy when you sign up to Lawpath today.
A privacy policy is required by law if the business falls within one of the criteria set out in the Privacy Act 1988 (Cth):
- You are a private or not-for-profit organisation with an annual turnover of more than $3 million
- You are a private health service provider
- Some small businesses called APP entities
Privacy notice
A privacy notice tells a customer about privacy practices of the business. This is usually located on a website’s footer. Similarly, it describes how the business collects, uses, retains and discloses personal information.
It is simply a notice for customers about the collection of personal information. The notice does not usually need to follow strict Australian Privacy Principles (APP) guidelines. As such, privacy notices are usually shorter than privacy policies.
Comparison
A privacy policy focuses within the business. It tells customers how they will handle personal information. However, a privacy notice focuses externally. It tells customers, regulators and other stakeholders what the organisation does with personal information. It will generally notify customers when, why and also how personal data will be collected and processed.
Additionally, a privacy policy must also follow a strict multi-layered format covered under APP principles. Consequently, a privacy policy will be more structured and cohesive than a privacy notice. Further, a privacy policy typically contains:
- A scope
- Collection of personal information
- Disclosure (sharing)
- Rights and choices
- How to make a complaint
- Contact details
Generally, privacy notices are more flexible because it simply notifies customers that their personal information is being collected. The notice must be in clear language that customers will also understand. Rules regarding privacy notices are outlined in APP 5.
If you have further concerns about complying with privacy regulations, it may be worth also speaking to a privacy lawyer.
