For those who use the internet there is a certain page on almost every legitimate website visited that most people are unaware of, however, commercial lawyers not only know about them, but in many cases, they will have written the text that appears on that page. The page we are referring to is the privacy policy page, and if your business has a website, whether to include a privacy policy page is something that you must give serious consideration to.
If the term ‘privacy policy’ is new to you, or you have heard of it but are unsure of what it is, then we are going to provide you with the basics of what they are, what they should include, and what the dangers are of breaching a privacy policy. Whilst we will do our best to give you a sound explanation, as with all legal matters relating to your business, we highly recommend that you speak to your commercial lawyers for further advice on implementing a privacy policy.
Privacy Policy 101
A privacy policy is a document created by a business and made available to all, normally on its website, as to how it handles the personal information of customers and others who might provide such information and data to that business. One key principle of the privacy policy is that it should indicate that the business it applies to complies with the 1988 Australian Privacy Act concerning the confidentiality and security of personal information.
A privacy policy published on your website should not be confused with your terms and conditions or your disclaimer. The former states the terms relating to the purchasing and supply of goods and services, and the latter relates to matters such as guarantees, warranties, and the accuracy of anything published on your business’s website.
What Businesses Should Have A Privacy Policy?
Your commercial lawyers will be able to advise you whether your business must have a privacy policy as a legal requirement, or whether it is simply a recommendation, albeit a recommendation that most businesses should follow.
Specifically, if your business has an annual turnover that exceeds 3 million AUD per annum then it must fully comply with Australian Privacy Principles (PPP) and in almost all cases that would require having a privacy policy drawn up by your commercial lawyers. However, if your business has a lower turnover than this threshold, it is still best practice to have a privacy policy published.
What Should Be Included In A Privacy Policy?
Once again, your commercial lawyers are who to approach when seeking the specifics of what your business’s privacy policy should include. The rule of thumb in most cases will be the following:
- Business’s name
- Business’s contact details
- What personal information and data is collected
- How personal information and data are collected
- Purposes for collecting, using, storing, and disclosing personal information and data
- How individuals can access the information and data held concerning them, and how to correct it if there are errors or omissions
- How individuals can raise a complaint concerning breaches of Australian Privacy Principles
- A guarantee that the business will not sell, rent, or spam personal information
Penalties For Breaching A Privacy Policy
There are so many specific actions that could lead to a business breaching its privacy policy that it would be impossible to list them all, however, common sense tells us the main ones will be losing, disclosing, or misusing personal information and data. As for what the repercussions can be if your business breaches its privacy policy either deliberately or inadvertently, these include:
- An order stating you must change how the business operates concerning the collection and storing of personal data
- The requirement to issue an apology
- A fine
- Payment of compensation to the individuals affected
As with all legal matters relating to your business, if you want further advice on privacy policies, please speak to your commercial lawyers.