AAh, yes. The Privacy Policy. When was the last time you actually read one on a website you were visiting? Did you even notice if there was one on that website? Well, don’t feel bad if you skipped over that part because the majority (over 65%) of internet users do not glance at a website privacy policy. However, technically speaking it is still a document that should appear on your website, but there are exceptions.
We’ll get to those details in a moment. But first, let’s go over what a privacy policy is, why you may need one, and we’ll even answer some of the most frequently asked questions about these curious web pages.
So, fasten your seatbelt and prepare for an interesting ride. We guarantee the following information will be worth reading to the end and we intend to keep it from being as dry as your average privacy policy to ensure that you do get there and have all your questions answered.
What Is An Australian Privacy Policy?
Well, one that complies with the Australian Privacy Act 1988 would be the obvious answer, but what does that mean for you?
The privacy policy requirements in Australia are fairly straightforward.
If your business, online or in-person, in any way collects personal data from customers, you must have a privacy policy. You are excused from non-compliance if you have a small business (less than $3m annual turnover) and don’t fall into one of the types of businesses listed below, but before we get to that…what kind of “personal data” are we talking about?
That is an easy one to answer. Personal data in this instance is everything from photos, family names and billing addresses to credit card information and email addresses. If you are not sure, here is an easy way to determine what would classify as “personal data,” if your business collects customer information that can identify who that customer is, contact them in any way, or is related to that individual’s banking or financial information, then you are legally bound to have a privacy policy posted. The information doesn’t have to identify a person directly if it can be combined with other information to identify them. For example, an email address might not identify a person, but combined with business information, or a social media profile, it probably will.
Do I Need A Privacy Policy On My Website In Australia?
According to the Privacy Act 1988, five main criteria set out what types of businesses are required by law to have a privacy statement Australia. The list is as follows:
- a business with a turnover of more than $3m per annum
- a business that acts as a health service provider
- a business that trades in personal information
- a business that uses residential tenancy databases
- a business that is registered as a credit reporting body
So, based on those five points, what if you have a personal blog online? You know, one where you post photos and articles about your latest camping holiday or swap recipes online or talk about pets. If your personal blog site does not have a reason to collect any type of personal data from the visitors to your website, then you probably don’t need to worry about having a standard website privacy policy Australia. But if your blog site requests visitors to enter their email address for a regular newsletter, you should have a privacy policy posted somewhere just to cover your bases.
How To Write A Privacy Policy For Australia
Fortunately, you can access a privacy policy template for your small business direct from the Legaleasy website. These templates are great in that you typically just have to input your specific information related to your business and the template contains the basic nuts and bolts of your standard privacy policies. But what if you want to go it alone and build your own website privacy policy? Well, that is an option but there are a half dozen points that must be covered in your homemade privacy statement. They are as follows and can appear in any order within the privacy policy you post online.
- It must explain how your business collects personal data
- It must explain how personal data will be securely stored
- It must outline how your business will use that personal data
- It must explain if your business will share personal data with a third party
- It must explain a customer’s rights to access their own personal data
Again, this is where a privacy statement template can save you a lot of time and effort.
Isn’t A Privacy Policy Another Name For Terms and Conditions?
Good question. The short answer is: No!
Sure, you will find a lot of the same information on both the privacy policy and terms and conditions pages, because the people who have put them together aren’t aware of the significant difference between the purpose of each document. For starters, the Terms and Conditions should contain a broader overview of a user’s rights concerning using the services or products of the business website. Terms and Conditions are more of a rules and regulations page and may deal with such items as liability disclaimers, restrictions on usage, the legal ramifications of cancelling a customer account, and copyright protection. On the other hand, a Privacy Policy is strictly focused on the use of personal information.
So, What’s The Point of A Privacy Policy If Most Website Visitors Don’t Even Look At It?
Aside from the fact that a privacy policy is a legal requirement if your website business collects personal information, it does something very important to your business reputation. The contents of your standard privacy policy for websites are to tell customers and website visitors that your business cares about them and will do whatever it takes to keep them safe when using your website. In other words, your business can build trust with its users. That is something that typically takes months or years to develop. Oddly enough, the mere sight of a privacy policy makes your business appear a tad more legitimate and a whole lot more caring. That is also why you will find privacy policies posted on websites that do not collect personal information; because it works.
If you do any sort of online advertising, you have probably also discovered that sites like Google and Facebook require a link to your privacy policy before they will let you publish any advertising. So getting your privacy policy up to date can also help to promote your business.
Do You Need A Lawyer When You Create Your Privacy Policy?
It’s not a legal requirement, but it won’t hurt to have your privacy policy viewed through a lawyer’s legal lens. Essentially, you would want a legal professional to ensure that the details of your privacy policy meet regulations within your specific local, state, and national jurisdictions, as well as the expectations of your industry. This will prevent the possibility of breaking any laws or professional rules that could result in penalties and fines.
You Mentioned A Privacy Policy Template Australia. Where Can I Find One?
Well, you are so lucky to have found this website. That’s because we have a lot of different legal document templates. To find the templates for privacy policies, all you have to do is click HERE.
I Have A Completed Privacy Policy. Now, What Do I Do?
Pretty much the final step to online privacy statements is getting it online. Whether you have built your website yourself or have a webmaster handling those chores, ensure that your privacy policy is posted on a page all its own. Remember to make it easy to find in navigation, and that it looks straightforward. The usual place to look for a privacy policy is via a link to the footer of your website – something that shows up on every page. If you have content behind a payment gateway, or inside a membership portal, make sure the footer in that part of the website has the link as well.
Do not use a hard-to-read font or a font so small that your privacy policy is difficult to read. They call it “small print” for a reason, but this is something that has to be accessible to all. It is also a good idea to review the privacy policy from time to time and update it when necessary.
Your privacy policy should always include a ‘last updated’ date either under the heading or at the end so you can track each time you update it and which one you had in place when you collected information – just in case you have to deal with a request for personal information in the future.
FAQs – Frequently Asked Questions
Welcome to the Bonus Round! If you skipped the important parts above, don’t worry. We’ll cover some of those details in our random list of FAQs below.
Are All Australian Businesses Required To Comply With The Privacy Act?
It doesn’t matter what structure your business is, whether it is a company, partnership, trust, unincorporated association or just you, Australian businesses with an annual gross income of $3,000,000 or more must comply, regardless of industry.
A business that has less than that in gross annual revenue must comply with the Privacy Act regulations if it:
- acts as a health service provider
- trades in personal information
- uses residential tenancy databases
- is registered as a credit reporting body
- is contracted to provide services for a Commonwealth contract, as the contractor or a subcontractor
What Are The 13 Australian Privacy Principles?
The devil is in the detail, but each of the 13 Privacy Principles broadly covers a separate aspect of privacy protection. They are as follows:
Privacy Principle 1 – ensures that businesses that manage collected personal information do so openly and transparently.
Privacy Principle 2 – states that businesses that collect personal information provide users with the option to use anonymity.
Privacy Principle 3 – covers how businesses can interact with personal information.
Privacy Principle 4 – reviews how companies must deal with unsolicited personal information.
Privacy Principle 5 – explains notification requirements about the collection of personal information.
Privacy Principle 6 – provides guidelines for using or disclosing personal information on behalf of the business.
Privacy Principle 7 – says personal information should not be used for direct marketing purposes, unless it is not sensitive information (eg. an email address), it was obtained directly from the person (ie. not from a list or off social media), and that person would reasonably expect that information to be used that way. This principle is consistent with anti-spam laws.
Privacy Principle 8 – ensures that personal information from outside of Australia is dealt with following the Privacy Act.
Privacy Principle 9 – covers the adoption, use, and disclosure of government-related identifiers.
Privacy Principle 10 – says that personal information must be current.
Privacy Principle 11 – details security precautions required every business should have in place to be Privacy Act compliant.
Privacy Principle 12 – explains that individuals can request access to their collected personal information.
Privacy Principle 13 – reviews the correction of personal information.
Do I Need A Privacy Policy On My Website?
You do if your business earns more than $3,000,000 in annual revenue, or collects health information, trades in personal information, does credit reporting or is involved in a government contract. Rather than relying on an exemption, it is not a bad idea to have a privacy policy posted on your website to show users that you are taking steps to keep them safe while using your website.
Are Emails Private and Confidential?
According to the Privacy Act, intercepting an email maybe considered illegally accessing personal information. Whether an email is private and confidential will depend on how it is used and who owns the email domain. Company emails usually belong to the company and are not private or confidential within the company. Lesson being – if you want to send private messages, don’t do it on company property.
What Is A Good Privacy Policy?
A good standard privacy policy template outlines at least these six different points. They are:
- How your business collects personal data
- How your business will use that personal data
- If your business will share that personal data with a third party
- What the customer’s rights are concerning their personal data
- How the personal data will be securely stored
- Whether or not that personal data will be used in cookies or third-party websites
How Can I Create A Privacy Policy?
For more information regarding privacy policy templates, click HERE.
Can I Write My Own Privacy Policy?
Of course you can! Every business has a right to decide its own risk appetite. If you think your business is in a position of low risk of having a privacy complaint made against it, then you might not want to get a professional job done. You do need to cover at least the key points required (noted above) and you should consider how your business is going in meeting the 13 Privacy Principles. Once you have prepared it, it is a good idea to have a legal professional give it the once over to make sure that your business complies with all regulations regarding privacy policies that affect your industry and the type of work you do. For legal advice, we recommend Onyx Legal.
Do I Need Terms and Conditions On My Website?
Terms and Conditions are different from a privacy policy. Terms and conditions cover various aspects of the website itself where a privacy policy is aimed at the handling of personal information. It is a good idea to include both on your website.
Do I Need A Privacy Policy If I Don’t Have A Website?
You do if your business earns more than $3m in annual revenue, or collects health information, trades in personal information, does credit reporting or is involved in a government contract. If you do not have a website, your privacy policy must be posted in a public place within your business in plain view for customers to see, and easily accessible.
What Is The Difference Between A Privacy Policy And A Privacy Statement?
A privacy policy is a document that spells out how a company deals with personal information. This includes how it is gathered, used, stored, and managed. A privacy statement, or privacy notice, tells a customer about your business’s privacy practices. It could be as simple as ‘We value your privacy and will not sell your information to anyone.’ It is usually a much shorter notice that tells customers that personal information is being collected and protected.
Can I Copy Someone Else’s Privacy Policy?
Ohhh we don’t recommend it! Did I tell you about that time a beautician copied a privacy policy from a crematorium and forgot to check what it said? You get the idea.
You could copy someone else’s privacy policy. But you might be infringing their copyright and you will have to ensure that the details specific to your business are contained in the policy and not that of the original company. Or you could just save a lot of time and effort and just use one of the privacy policy templates available HERE.
In Conclusion
Privacy is as important now as it ever has been. With the ease of information flow online, the need for stronger privacy policies has become obvious.
More an more countries around the world are updating their privacy legislation and getting closer to the onerous requirements imposed in Europe under the GDPR. We will be updating our privacy policy templates as laws change.
To protect your business and your website, it is a good idea to have a solid privacy policy posted. You can review our Legaleasy templates HERE or, if we’ve scared you and you feel the need for legal advice specific to your business, we recommend contacting Onyx Legal.