Privacy law in Australia
The fundamental piece of legislation in Australia concerning privacy law is the Privacy Act 1988 (the Act), which is a federal statute that sets out privacy requirements in Australia. This legislation, however, does not apply to all businesses. At first instance, the Act only applies to businesses with an annual turnover of $3m or more. If your business has a turnover of less than $3m, than you’re considered a “small business” for the purposes of the Act, and the Act does not apply. There are, however, some exemptions to this rule. For example, health service providers, credit reporting agencies, or businesses that operate a residential tenancies database, are all bound by the Act regardless of whether or not they are a small business. For a complete list of small businesses that the Act applies to, see https://www.oaic.gov.au/privacy/privacy-for-organisations/trading-in-personal-information/.
1. The Privacy Act
2. The types of information you are collecting, and how it is collected
As a simple starting point, all privacy policies should detail what information will be collected about your customer. At a minimum, this is likely to include the name and contact details of your customer, and possible payment information such as credit card or bank details. Depending on the nature of your business, you should also consider whether you will be collecting information such as:
- Demographic information (ie age, country of birth, occupation);
- Market information (ie interests or hobbies);
- Any health information such as allergies or special needs requirements; or
- Professional information such as business associates, suppliers, or client base.
Once you have detailed the type of information collected, you should also mention how you will be collecting it from the customer. For example, when they fill out a registration form, when they input their payment details, or perhaps information will be collected as part of their use of the product by inputting information for analysis. You should fully disclose all relevant processes so that your customer is made fully aware of when they are sharing their information with you.
3. How the information is stored and dealt with
Once you have explained what information you will collect and how you collect it, you should explain how the information will be stored. For most startups, this tends to be on cloud-based storage systems, however many businesses still utilise paper files. When explaining your storage system, you should also assure your customer that there are mechanisms in place to protect the information.
whether it will be shared with any third parties and, if so, for what purpose. It is common for businesses to share the personal information
of their customers with third party service providers such as marketing consultants or professional advisors. If this is the case, this
4. Cookies and analytics
- What a cookie is, and how it collects information;
- What analytics platform you use; and
- How the analytics platform is used, and for what purpose.
5. Direct marketing
6. Contact information
Let us help