privacy policy

Privacy Policy: What should you include?

Privacy & Data

In today’s digital world, people are increasingly concerned about how their personal information and data is used by businesses. Most businesses are required to have a Privacy Policy under the law, which sets out how you use the personal information of clients and customers. This article explains the law around privacy policies to keep your business compliant.

 

What is a Privacy Policy?

A Privacy Policy is a document which sets out how your business handles the personal information of users, clients and customers. It may be available online, such as on your business website or app, or may be a physical document.

 

Who needs a Privacy Policy?

Organisations or agencies covered by the Privacy Act 1988 (Cth) are legally required to have a Privacy Policy. This includes businesses with an annual turnover of more than $3 million, and other small businesses such as those selling personal information or health service providers.

Many businesses under the turnover threshold still choose to have a Privacy Policy to protect their business from any disputes arising regarding use of personal information. This increases your level of transparency and can show to clients and customers that your business is reputable and compliant with its legal obligations.

 

What should my Policy include?

Your Privacy Policy must set out:

  • Your businesses’ name and contact details
  • The kind of personal information collected and stored
  • How personal information is collected and stored
  • Reasons for collecting personal information
  • Use and disclosure of personal information
  • How users, customers and clients can access or correct their information
  • How users, customers and clients can lodge complaints about the handling of their information

Importantly, your Privacy Policy should be tailored to your specific business. Some businesses adopt template privacy policies found online which fail to meet the obligations required under the Privacy Act and are not catered for the needs of each individual business. Engaging a legal professional to help you draft your documents can help you avoid running into legal compliance issues.

 

What is ‘personal’ and ‘sensitive’ information?

The Privacy Act protects both personal and sensitive information. Generally, sensitive information is protected more heavily than other kinds of personal information.

Personal information includes any information that could identify someone, such as:

  • Their name, address, or date of birth;
  • Credit or financial information;
  • Employment information;
  • Photographs; or
  • IP address.

Sensitive information is personal information about a specific aspect of someone, such as their:

  • Race or ethnicity;
  • Political associations;
  • Religion;
  • Sexual orientation or identity;
  • Criminal record; or
  • Health.

 

Key takeaways

  • A Privacy Policy sets out how your business handles the personal information of users, clients and customers. Businesses with an annual turnover of more than $3 million are legally required to have one.
  • Many businesses under the turnover threshold still adopt a Privacy Policy to protect their business and increase levels of transparency and compliance.

 

Gladwin Legal are experts in privacy law and have extensive experience in advising businesses. If you require assistance in drafting or reviewing your Privacy Policy, please contact us at or 1300 033 934.

 

This article was written by Ruth Ong.