If your business has a website or app that collects personal data, you need a privacy policy. A privacy policy explains what personal information you collect, how you use it, and how you protect it.
In Australia, having a privacy policy is not just good practice – it’s often a legal requirement under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
In this article, our privacy and data lawyer, explains why a privacy policy is important and what you should have in your businesses privacy policy.
Key Takeaways
A privacy policy is a legal requirement in Australia if you collect or process personal data.
Your privacy policy should be visible and easy to access on your website.
Be transparent about how you collect, store, and share user data.
Avoid copying privacy policies from other websites – tailor one for your business.
What is a Privacy Policy?
A privacy policy is a legal document that explains:
What personal information you collect (e.g. name, email, IP address)
How and why you collect it (e.g. via cookies, sign-up forms, purchases)
How it is stored and kept secure
Whether it is shared with third parties or transferred overseas
How users can manage or delete their data
Examples of personal information include:
Full name
Email address
IP address
Passport number
Sensitive data (such as financial details, health information, data of minors)
Why Privacy Policies Are Important
Reason One: It’s a Legal Requirement under Australian Privacy Laws
Under the Privacy Act 1988, many businesses must have a compliant privacy policy. If your business meets the criteria (see below), failure to comply can lead to fines and reputational damage.
We are also aware that there are some significant changes coming to Australia’s privacy laws. You may need to revisit any privacy policy you include now once the new law comes into effect.
Reason Two: It builds trust and shows respect for your users’ privacy
A privacy policy shows that your company takes the data collected from its users seriously. A privacy policy assures website users and customers that you will keep their personal information safe and private. Additionally, they can trust that your business follows Australian laws.
Reason Three: It’s a requirement of a third-party service you use
Operating an online business or website often requires the use of third-party tools or services. For example, most websites use analytics tools to track the traffic coming to the website and traffic patterns. Websites and blogs often use advertising to generate revenue and affiliate links. All these services may require that your website, blog, or eCommerce store have a policy.
For example, platforms like Google Analytics, Apple App Store, and advertising networks require websites and apps to have a privacy policy.
Where Should I Put a Privacy Policy on My Website?
To comply with privacy laws, your privacy policy must be easily accessible.
Common placements include:
Header menu: prominently visible on all pages
Footer: standard practice for websites and eCommerce stores
About Us section: ensures easy navigation
Checkout forms: include a link and consent checkbox during purchase
Tip: We would recommend the Footer, as it’s generally accessible from every webpage on your site.
Do I Need a Privacy Policy?
You need a privacy policy in Australia if:
Your business has an annual turnover above $3 million
You are a health service provider
You engage in credit reporting activities
You collect personal information online (via cookies, sign-ups, purchases)
You transfer personal information overseas
Even small businesses often benefit from having one, especially if they use digital tools or marketing.
Learn more about sharing personal information outside Australia.
What Must a Privacy Policy Include?
An effective privacy policy should cover:
The types of personal information collected
The purpose of collecting and storing data
How data is collected, stored, and protected
A statement against spamming or selling emails
How individuals can access, correct, or delete their data
How complaints about privacy breaches are handled
Whether information is shared with overseas recipients, and if so, which countries
Contact details of your business
Learn more about important things to include in your privacy policy.
The Australian Privacy Principles
The 13 APPs provide the framework for managing personal information in Australia. They cover:
Lawful data collection
Transparency and disclosure
Data use and sharing
Security obligations
User rights to access and correct data
A compliant privacy policy must align with the APPs.
Learn more about the APPs and how they might apply to your business in our Business Guide to Australian Privacy Principles.
Tailoring Your Privacy Policy
Every business is different. Avoid copying templates from other websites as they may not fully meet your obligations.
Options for drafting your privacy policy:
Hire a privacy lawyer: ensures accuracy and compliance
Write your own: cheaper, but risks missing important legal requirements
Hybrid approach: draft it yourself and have a lawyer review it
Legal Tip: We don’t recommend copying and pasting policies from other websites as they may not fully meet your needs.
Frequently Asked Questions (FAQs)
Where should I place my privacy policy on my website?
A privacy policy should be prominently placed where visitors can easily find it, such as in the website’s header, footer, or on a dedicated page linked from places where personal information is collected, like signup or checkout forms.
Do I need a privacy policy if my business uses cookies?
Yes, if your website uses cookies to collect data, such as tracking user behaviour or storing preferences. Businesses should include a section in your privacy policy that explains how cookies are used and what data they collect.
What happens if I don’t have a privacy policy?
Not having a privacy policy when required can lead to legal penalties, including fines and regulatory actions.
It can also harm your business’s reputation and trustworthiness, as customers may be reluctant to share their personal information with you.
How often should I update my privacy policy?
It’s essential to review and update your privacy policy regularly, especially when there are changes in your business practices, data collection methods, or applicable laws.
Keeping the policy up-to-date ensures ongoing compliance and transparency with your customers.
How can I ensure my privacy policy complies with Australian laws?
To ensure compliance, it’s advisable to consult with a privacy lawyer who can tailor your policy to meet the specific requirements of the Privacy Act 1988 and other relevant regulations, ensuring it covers all necessary aspects.
How can I make my privacy policy user-friendly?
Use clear, straightforward language and organise the policy logically with headings and sections.
Avoid legal jargon to ensure that all users, regardless of their legal knowledge, can easily understand their rights and your practices.
