Logo - ABA Legal Group

Understanding privacy policies: Does my business really need one?

Corporate documents

Understanding privacy policies: Does my business really need one?

What is a privacy policy?

A privacy policy is a legal statement that explains how a business will handle its visitors’ or customers’ personal information. A privacy policy should ideally state that it is compliant with the Australian Privacy Act 1988 (Act) and that all visitor personal information is secure and confidential.

It is important to understand that privacy policies are different to terms and conditions, and website disclaimers. But what actually is a privacy policy, and how does it differ from other legal policies that you find on most corporate websites?

  • privacy policy – covers data collection and confidentiality and security of information collected through the website or business;
  • terms and conditions – this can overlap with a privacy policy, but it contains a lot more information about the terms and conditions attached to the delivery of your products and/or services, including copyright, limitation of liability, delivery, returns and refund policy information; and
  • website disclaimers – deals with information accuracy, copyright, liability for loss or damage, links etc.


Who needs a privacy policy?

The Act requires all businesses with an annual turnover of $3 million or more to comply with the Australian Privacy Principles (APP’s). Regardless of turnover, all businesses collecting personal information online are recommended to have a privacy policy, especially given the potential for turnover growth in future. Personal information can include:

  • names;
  • dates of birth;
  • email addresses;
  • billing and shipping information;
  • phone numbers;
  • credit card numbers; and
  • bank details.


Why implement a privacy policy?

It is good practice to have a clear and comprehensive privacy policy as it can add credibility to a website or business and help build rapport with visitors or customers. A well drafted privacy policy will also ensure that you are compliant with the APP’s when your business starts generating more turnover. This means that you will be prepared for future growth and will not be caught unaware and in breach of the Act; which may result in significant legal implications, including fines.


What should my privacy policy include?

There are 8 key elements that your privacy policy should include:

    1. business name and contact details;
    2. type of personal information collected and held;
    3. how personal information is collected and held;
    4. the purpose for collecting, holding, using and disclosing personal information;
    5. how an individual may access personal information and seek the correction of such information;
    6. how an individual may complain about a breach of the Australian Privacy Principles and how the entity will deal with such complaint;
    7. whether the entity is likely to disclose personal information to overseas recipients; and
    8. a guarantee not to spam, sell or rent an individual’s personal information.


It is often recommended that your website privacy policy incorporate additional clauses, such as:

  • analytic or ad services notifications;
  • opt-out clauses;
  • a cookie notification clause; and
  • active consent for collection of personal information.


What are the consequences for breaching my privacy policy?

A privacy policy can be breached in a number of ways, however a main cause for breach is through lack of compliance with the clauses of your privacy policy. Complaints are made regularly to the Australian Privacy Commissioner where potential consequences can range between:

  • an apology;
  • a requirement to change business processes;
  • fines ;
  • compensation for financial loss suffered; and
  • Court proceedings.


Convinced that implementing a privacy policy for your business is a good idea?

If you operate a business that turns over more than $3 million per year, would like to pre-empt future growth, or just see the value in protecting your business by implementing a privacy policy; get in touch with Tammi for a free initial consultation around your privacy policy requirements.

We are here to discuss the needs of your business, assist you to protect your business and get you demonstrating real value and legitimacy to your stakeholders. We assist with other essential business services such as intellectual property protection, which you can read about in one of our other articles.


Co-written by Kurt Fechner.

The information contained in this blog is general in nature and should not be considered to be legal, tax, accounting, consulting or any other professional advice. In all cases, you should consult with a professional advisor familiar with your factual situation for advice concerning specific matters before making any decisions. By reading this blog, you confirm your understanding of this disclaimer.

Tammi McDermott
Got a question? We help businesses of all shapes and sizes.

Sign up to our mailing list to receive the latest news & updates from ABA Legal Group.