Privacy Policy

What is a privacy policy?

A privacy policy is a statement or a legal document that sets out some or all of the ways a business collects, uses, and manages a customer’s personal information. It is also known as a ‘responsible use of data’, or a ‘use of private and confidential information policy’. But for our purposes, let’s just stick to calling it a privacy policy because that’s a lot easier to remember.

What is personal information?

Under the Privacy Act there is a long winded definition as to what constitutes ‘personal information’. But the Readers Digest condensed version is that personal information is your name (that one was sort of obvious), signature, address, email address, credit card information, telephone number, date of birth, medical records, bank account details and commentary or opinion about a person.

Who needs a privacy policy and why?

The Privacy Act does not apply to small businesses (with an annual turnover of less than $3m). However, a small business may choose to “opt in” to the Privacy Act to increase consumer confidence and trust. In saying the above, if you provide Health related services then you will need a privacy policy, irrespective of how much you turn over.

How do you comply with Australian privacy laws?
    1. Have a clear and current privacy policy in place;
    1. Your privacy policy must be available free of charge. Most business make their privacy policy available on their website where it can easily be read, downloaded and printed.
    1. You need to be able to respond to individuals who request details about what information you hold, how you use it and if you have shared it with others.
    1. Your privacy policy must:
  •  Include details about the kind of personal information you collect, how you collect that information and how you hold that information;
  •  Explain how the personal information is used;
  •  Advise how an individual may complain about access to the information and make corrections to any personal information; and
  •  Indicate whether the information is likely to be disclosed to overseas recipients.
Examples?

Prime examples of businesses that collect personal information are Facebook, Twitter and Snapchat.

So, when we sign up to a Facebook account, we agree for Facebook to store the personal information that we provide to it, such as our name, date of birth, mobile number and our relationship status. Now, customers or clients will probably be wondering why on earth would Facebook want to use this information? Well, Facebook could use it for a variety of reasons, such as for market research or for demographic information or marketing purposes.

Are privacy policies easy to draft/make?

Generally, the answer to that is yes. The requirements of a privacy policy are fairly straightforward, and are outlined above. The complexity arises in ensuring that all the potential uses that you will want to make with the personal information you collect are covered in the privacy policy. Also things can get a lot more complicated pretty quickly if you operate in the health sector, then you definitely need a privacy policy that is tailored specifically for your services and industry.

MENU