Getting started

A guide to your website Privacy Policy

- October 18, 2013 3 MIN READ

Who needs one, what should it include and how can you create it? Here’s your essential guide to website Privacy Policies.

A website Privacy Policy (also known as a Privacy Statement) lets your website customers and potential customers know that you collect their personal information.

As a rule of thumb, every business website should have a Privacy Policy. Australian Privacy legislation states that if you collect or access any personal information including email addresses, telephone numbers, mailing addresses, etc. and meet certain other business criteria under the Australian Privacy Principles, you are required to post a Privacy Policy.

Even if you do not collect any personal information, your website will look more professional by posting a Privacy Policy. It provides comfort to your website visitors that you are aware of the legal requirements and that you are a legitimate online business.

In any case, Australian Privacy law is constantly evolving and trying to keep up with developments online, so it’s likely that all businesses with an online presence will soon be required by law to have a Privacy Policy on their website.

What should you include in your Privacy Policy?

At a minimum, your Privacy Policy needs to cover the following:

  • What website visitor or customer information you collect
  • What you use this information for
  • How you store the personal information, and
  • What you do to ensure it is kept secure

Want more articles like this? Check out the business startup section.

In addition to these basic requirements, you may need to include the following details if they are relevant to your business:

Email updates: If you send emails with product advertisements or updates, your Privacy Policy should state this and note that you provide customers with options to easily unsubscribe. Of course, just saying this is not enough; you have to follow through and provide links for recipients to unsubscribe and an email address where customers can ask for their details to be updated or deleted.

Credit card details: Most modern shopping cart services or website plugins do not retain customer credit card details. However, if you are selling online you should check your particular setup. If you store any credit card information you must state this in your Privacy Policy. And if you don’t, it’s probably a good idea to reassure customers that you don’t too.

Selling contact information: If you sell email addresses, mailing address or telephone numbers you need to state this in your Privacy Policy. You also need to get active agreement from your website visitors in order to do so. You cannot just advise your customers and sell their details without their agreement.

Besides the website Privacy Policy itself, you need to ensure you have a compliance ‘system’ in place to regularly review and cull personal information you have stored but no longer use. You shouldn’t keep personal information that is no longer required to operate your business.

How to create a Privacy Policy

In formulating your privacy policy, you must consider your own actual business privacy requirements. A good guide to a lot of these requirements may be found on the OAIC website. All items mentioned in the OAIC’s guide, in addition to the Privacy Act (1988), must be considered and included in a business’s privacy policy, which is why it’s advisable to have a lawyer create one or to use a customisable template from a legitimate provider.

Things to keep in mind

Don’t copy: For the same reasons you shouldn’t copy another website’s Terms and Conditions, you should never copy another business’s Privacy Policy.

Apps need Privacy Policies too: Apps and App businesses are also subject to Australian privacy legislation. If you have developed an app that requires or accesses any personal information to run, then you’ll need a Privacy Policy.

You need to comply by March 2014: The Privacy Policy requirements have recently changed with amendments to the Australian Privacy Law, and all businesses have until March 2014 to become fully compliant.

With the growth of the internet, more regulatory resources are being put on to ensuring online businesses meet their privacy obligations. If you ensure you have an updated Privacy Policy on your website from the outset, you will reduce your chances of being caught out by any regulatory ‘sweep’ and fined.

Are you aware of your obligations to do with your website’s Privacy Policy?

Read Vanessa Emilio’s guide to website Terms and Conditions

Here’s why you need to upgrade your Flying Solo membership pronto!

  • Share your business journey in an exclusive member profile
  • Get free lifetime access to our Going It Alone digital course
  • Participate in members-only events and experiences
  • Boost your business’ visibility with a Directory listing

$149.95 + GST
Billed annually
  • Andrew Caska

    Caska IP Patent Attorneys

    'Flying Solo opened up so many doors for us - I honestly don't know where I'd be without it"