DOES MY BUSINESS NEED A PRIVACY POLICY?

A privacy policy is a legal document which explains to visitors, users and customers of a website what kind of personal information is collected, how that information is used and how it is secured. Under Australian law, you are required to have a privacy policy if your business, organisation, website or interactive application collects personal information or alternatively if your business has an annual turnover of $3 million or more. Businesses found in breach of privacy laws or who are guilty of misusing personal information can be liable for large fines.

WHY DO I NEED A PRIVACY POLICY?
The Privacy Act and Australia Privacy Principles (APPs) dictate that as a business owner, you are responsible for protecting any personal information that you collect. The manner in which personal information is collected, stored and used must comply with the Privacy Act and APPs regardless of whether the information is collected in person, via a website, through an online app or any other means. The APPs are designed to protect confidential information and to protect the privacy of individuals by regulating the way personal information is collected, used, disclosed and managed.
Beyond formal legal requirements, a clear, concise and easily accessible privacy policy educates your customers on how your business collects, handles and stores personal information and instils confidence that your information will be secure and handled with care.
WHAT IS PERSONAL INFORMATION?

The Privacy Act defines ‘personal information’ as information or an opinion about an identified individual, or an individual who is reasonably identifiable:

     (a)  Whether that information is true or not; and
     (b)  Whether the information or opinion is recorded in a material form or not.

It can include information such as:

     (a)  Name & date of birth
     (b)  Personal address
     (c)  Business name & address
     (d)  Email & website address
     (e)  Phone and fax numbers
     (f)  Employment & academic records
     (g)  Internet protocol information
     (h)  Voice or facial recognition biometrics
     (i)  Credit & financial information
     (j)  Tax file information
     (k)  Health information
     (l)  Sensitive information (such as race, gender, religion, sexual orientation etc)

I DON’T COLLECT PERSONAL INFORMATION. DO I STILL NEED A PRIVACY POLICY?
What actually constitutes ‘personal information’ must be considered on a case by basis. If your business does not collect personal information, it is good practice to inform your customers of this fact in a privacy policy. You should however remember that whilst your business may not personally collect personal information, intermediary services that you use may collect personal information throughout the course of a transaction or communication (e.g. PayPal or Mail Chimp). If this is the case, it is important that you declare this in your privacy policy to inform your customers and users.
IT CAN BE A REQUIREMENT OF DOING BUSINESS
Many small businesses rely on their website and social media platforms for advertising and engagement with their clients. These online mediums are essential in improving business awareness and increasing new client acquisitions or sales. Many small business owners don’t realise that a large number of third-party service providers who provide hosting, maintenance, backup, storage, analytics, marketing, payment processing and other services demand that you have a privacy policy. For example, Google analytics requires users to have a privacy policy disclosing how it collects and processes information. Similarly, social media platforms such as Facebook, Instagram and Twitter require business owners to have a privacy policy in place before signing up to their advertising services.
WHAT ARE MY OPTIONS?
Although it may be tempting to replicate a privacy policy from another business, we strongly urge you to reconsider. Even if a business appears to be similar to your own, the fact remains that the way you collect, store and use personal information may be entirely different. You should also consider that the privacy policy you are replicating could be outdated, flawed or entirely incorrect which can leave your business exposed and potentially in breach of Australian privacy laws.
Obtaining the most comprehensive protection for your business typically involves engaging a lawyer to draft a tailor-made privacy policy which addresses your specific business circumstances. However, we realise that some businesses may not be able to afford a lawyer or have the time to consult one.

The alternative is to utilise an automated DIY online document solution to prepare a privacy policy which asks you a series of questions about your business based on a wide range of common scenarios that small businesses encounter on a regular basis.

Advantage Legal offers both of these solutions to ensure that all small businesses can achieve the level of protection that their business requires. You can book in a free consultation with one of our team by clicking here or alternatively you can purchase a DIY privacy policy directly from our website.

NEED ASSISTANCE

If you have any questions or need help recovering your small business debts, feel free to contact the team at Advantage Legal. We offer a free 20 minute consultation which can be booked directly through our website by clicking here. You can also learn more about us by following us on LinkedInFacebook Instagram. This article is for education purposes only and should not be relied upon as legal advice. Any person relying on the information contained in this article does so at their own risk.

SUBSCRIBE TO OUR LATEST BLOG UPDATES

Helpful information on NSW compensation law and general commercial law to assist your small business.