Does my Business need a Privacy Policy?

Privacy Policy

Co-written by: Elyse Strahan (Paralegal)

It is not uncommon for those who are starting a new business or expanding a current business to consider whether they need a privacy policy. As commercial lawyers, we will always say yes and here’s why.

What is a Privacy Policy?

A privacy policy is an agreement between a business and the individuals it collects information from. The agreement establishes clear guidelines and rules regarding the business’ collection of information and how that information is used, stored and if the business can provide that information to third parties.

A privacy policy is a good way to reassure your customers that you care about their personal information and that you are a reputable business in complying with your obligations under Australian privacy law.

Do I need one?

The Australian privacy law is regulated by the Privacy Act 1988. The Act confers obligations to protect the privacy of customers and individuals to the following entities, except small business operators, registered political parties or state authorities:

  • an individual, including a sole trader (though generally, the Privacy Act doesn’t apply to an individual acting in a personal capacity);
  • a body corporate;
  • a partnership;
  • any other unincorporated association; or
  • a trust.

In addition to the above, if you are a small business in the following sectors or have an annual turnover of $3 million or less, you are also required to comply with the Privacy Act:

  • a private sector health service provider;
  • a business that sells or purchases personal information;
  • a credit reporting body;
  • a contracted service providerfor a Australian Government contract;
  • an employee association registered or recognised under the Fair Work Act;
  • a business that holds accreditation under the Consumer Data RightSystem;
  • a business that has opted-in to the Privacy Act;
  • a business that is related to a business that is covered by the Privacy Act; and
  • a business prescribed by the Privacy Regulation 2013.

Regardless of the categories above,  if you are a business which collects or handles personal information, including, amongst others, any phone numbers, names or addresses, including through a website, you must comply with the Australian Privacy Principles.

Next Steps

Inevitably, with the move to the digital age, your business will likely be required to comply with the Privacy Act and as such will require a privacy policy.

For information on whether you have obligations under the Privacy Act as a small business see here.


ABOUT AMANDA OLIC:

Amanda Olic

Amanda is our Head of Commercial and has experience in providing legal advice on a broad range of commercial law matters. Amanda has provided advice to small to medium companies and international companies in relation to contractual advice, employment policies and agreements, disputes and litigation.


For further information please don’t hesitate to contact:

Amanda Olic
Senior Associate
amanda@couttslegal.com.au
1300 268 887

Contact Our Coutts today.

This blog is merely general and non specific information on the subject matter and is not and should not be considered or relied on as legal advice. Coutts is not responsible for any cost, expense, loss or liability whatsoever in relation to this blog, including all or any reliance on this blog or use or application of this blog by you.