Well, one that complies with the Australian Privacy Act 1988 would be the obvious answer, but what does that mean for you?
According to the Privacy Act 1988, five main criteria set out what types of businesses are required by law to have a privacy statement Australia. The list is as follows:
- a business with a turnover of more than $3m per annum
- a business that acts as a health service provider
- a business that trades in personal information
- a business that uses residential tenancy databases
- a business that is registered as a credit reporting body
- It must explain how your business collects personal data
- It must explain how personal data will be securely stored
- It must outline how your business will use that personal data
- It must explain if your business will share personal data with a third party
- It must explain a customer’s rights to access their own personal data
Again, this is where a privacy statement template can save you a lot of time and effort.
Good question. The short answer is: No!
Well, you are so lucky to have found this website. That’s because we have a lot of different legal document templates. To find the templates for privacy policies, all you have to do is click HERE.
FAQs – Frequently Asked Questions
Welcome to the Bonus Round! If you skipped the important parts above, don’t worry. We’ll cover some of those details in our random list of FAQs below.
Are All Australian Businesses Required To Comply With The Privacy Act?
It doesn’t matter what structure your business is, whether it is a company, partnership, trust, unincorporated association or just you, Australian businesses with an annual gross income of $3,000,000 or more must comply, regardless of industry.
A business that has less than that in gross annual revenue must comply with the Privacy Act regulations if it:
- acts as a health service provider
- trades in personal information
- uses residential tenancy databases
- is registered as a credit reporting body
- is contracted to provide services for a Commonwealth contract, as the contractor or a subcontractor
What Are The 13 Australian Privacy Principles?
The devil is in the detail, but each of the 13 Privacy Principles broadly covers a separate aspect of privacy protection. They are as follows:
Privacy Principle 1 – ensures that businesses that manage collected personal information do so openly and transparently.
Privacy Principle 2 – states that businesses that collect personal information provide users with the option to use anonymity.
Privacy Principle 3 – covers how businesses can interact with personal information.
Privacy Principle 4 – reviews how companies must deal with unsolicited personal information.
Privacy Principle 5 – explains notification requirements about the collection of personal information.
Privacy Principle 6 – provides guidelines for using or disclosing personal information on behalf of the business.
Privacy Principle 7 – says personal information should not be used for direct marketing purposes, unless it is not sensitive information (eg. an email address), it was obtained directly from the person (ie. not from a list or off social media), and that person would reasonably expect that information to be used that way. This principle is consistent with anti-spam laws.
Privacy Principle 8 – ensures that personal information from outside of Australia is dealt with following the Privacy Act.
Privacy Principle 9 – covers the adoption, use, and disclosure of government-related identifiers.
Privacy Principle 10 – says that personal information must be current.
Privacy Principle 11 – details security precautions required every business should have in place to be Privacy Act compliant.
Privacy Principle 12 – explains that individuals can request access to their collected personal information.
Privacy Principle 13 – reviews the correction of personal information.
Are Emails Private and Confidential?
According to the Privacy Act, intercepting an email maybe considered illegally accessing personal information. Whether an email is private and confidential will depend on how it is used and who owns the email domain. Company emails usually belong to the company and are not private or confidential within the company. Lesson being – if you want to send private messages, don’t do it on company property.
- How your business collects personal data
- How your business will use that personal data
- If your business will share that personal data with a third party
- What the customer’s rights are concerning their personal data
- How the personal data will be securely stored
- Whether or not that personal data will be used in cookies or third-party websites
Of course you can! Every business has a right to decide its own risk appetite. If you think your business is in a position of low risk of having a privacy complaint made against it, then you might not want to get a professional job done. You do need to cover at least the key points required (noted above) and you should consider how your business is going in meeting the 13 Privacy Principles. Once you have prepared it, it is a good idea to have a legal professional give it the once over to make sure that your business complies with all regulations regarding privacy policies that affect your industry and the type of work you do. For legal advice, we recommend Onyx Legal.
Do I Need Terms and Conditions On My Website?
Privacy is as important now as it ever has been. With the ease of information flow online, the need for stronger privacy policies has become obvious.