Did you know certain businesses are required by law to have a privacy policy

Did you know certain businesses are required by law to have a privacy policy?

Introducing Gladwin Legal’s “Did you know?” series – providing quick tips about your legal obligations and rights as an Australian business, from company matters, to marketing, consumer law and more.

Did you know certain businesses are required by law to have a privacy policy? 

This includes some businesses that have a turnover of more than $3 million or those that collect certain information from people, known under the Privacy Act (1988) as ‘sensitive information’.

‘Sensitive information’ is defined under Section 6 of the Act, and includes information or opinions about an individual’s health, genetic or biometric information (such as fingerprints).

However, ‘sensitive information’ can also be to mean information or an opinion about an individual’s:

  • Racial or ethnic origin
  • Political opinions or their membership of a political association
  • Religious beliefs or affiliations
  • Philosophical beliefs; or
  • Membership of a professional or trade association, or a trade union
  • Sexual orientation or practices
  • Criminal record

In relation to all types of information collected, it must also be classified as ‘personal information’ to give rise to obligations under the law, meaning that the information must be about an identified individual or an individual that is reasonably identifiable, whether such information is true or not.

The way in which the information is collected does not matter; it could range from verbal communications, to filling a survey or form, to customers providing details for purchase.  The information does not have to be recorded in documents or electronically.

Does your business collect ‘sensitive’ or personal information?  If so, you should have a privacy policy in place. Gladwin Legal has helped many businesses with their privacy policies.  Contact us for a no obligation quote at or 1300 033 934.