Amendments to Australian Privacy Legislation take effect from the 12th March 2014. The changes require private-sector organisations and Australian Government agencies covered by the laws to be more transparent about how they handle your personal information. Consumers will be able to read an entity’s privacy policy and find out how they handle personal information, whether it is likely to be sent overseas and how to complain about a possible privacy breach.
The way in which your personal information can be used for direct marketing will also change. For the first time, you will have the right to ask a private-sector organisation to tell you where they got your personal information. A private-sector organisation will also have to give you an easy way to opt-out of receiving direct marketing communications.
Five new kinds of credit-related personal information including the repayment history on your home or car loan and your credit card will be able to be collected by credit reporting bodies and passed onto lenders. It is also important to remember that you can request a copy of your credit report from a credit reporting body for free in most circumstances. The new privacy laws will also give the Commissioner new powers to resolve privacy complaints and investigations, including the ability to impose a penalty of up to $1.7 million.
The easiest way for businesses to communicate their Privacy Policy is via their website. Australian Privacy legislation states that if you collect or access any personal information including email addresses, telephone numbers, mailing addresses, etc. you are required to post a Privacy Policy. Even if you do not collect any personal information, your website will look more professional by posting a Privacy Policy. It provides comfort to your website visitors that you are aware of the legal requirements and that you are a legitimate online business.
What should be in your Privacy Policy?
Additional to these basic requirements, the following information should also be included where applicable:
Besides the Privacy Policy itself, you need to ensure you have a review system in place for personal information you have stored but no longer use. Ensure you arrange confidential destruction of personal information that is no longer required to operate your business.
How to create a Privacy Policy
In formulating your Privacy Policy, you need to consider your business’ privacy requirements. Different guidelines exist for different types of businesses. A good guide to a lot of these requirements may be found on the OAIC website. All items mentioned in the OAIC’s guide, in addition to the Privacy Act (1988), must be considered and included in a business’ Privacy Policy, which is why it’s advisable to have a lawyer create one or to use a customisable template from a legitimate provider. For the same reasons you shouldn’t copy another website’s Terms and Conditions, you should never copy another business’ Privacy Policy.
Apps need Privacy Policies too
Apps and App businesses are also subject to Australian privacy legislation. If you have developed an app that requires or accesses any personal information to run, then you’ll need a Privacy Policy.
With the growth of the internet and the introduction of punitive penalties with this latest legislation, more regulatory resources are being put on to ensure online businesses meet their privacy obligations. An updated Privacy Policy on your website will reduce your chances of being caught out under these new principles and fined.