Does my Australian website need a Privacy Policy?

Today we’ll cover everything you need to know about the Privacy Act 1988 in Australia.  We’ll also discuss the legal requirements for a Privacy Policy on your website.

You probably tick a Privacy Policy box all the time on major websites. You might even receive an email occasionally when they update their policy.

But what about the little guys? Do you still need to have a Privacy Policy?

Keep reading and find out…

What is the Privacy Act 1988?

The Privacy Act 1988 (Privacy Act) was introduced into law at a federal level to protect the privacy of individuals in Australia. It also regulates how Australian Government agencies and some other organisations handle personal information.

The Privacy Act includes 13 Australian Privacy Principles (APPs), which apply to some private sector organisations and most Australian Government agencies. These are collectively referred to as ‘APP entities’. The Privacy Act also regulates the privacy component of the consumer credit reporting systemtax file numbers, and health and medical research.

What is a Privacy Policy?

A Privacy Policy is a document that explains how you will manage the personal information you collect from website users.

In Australia, the Privacy Act 1988 (Cth) is the relevant legislation governing privacy and your obligations. It is mandatory for many businesses (large and small) to have a Privacy Policy (more on that below).

It is common practice for websites to place a link to their Privacy Policy and Terms of use in the footer of the website. 


Does my business need a Privacy Policy?

Most small businesses are not legally required to comply with the Privacy Act 1988 and display a Privacy Policy. However, if you meet any of the below criteria, you MUST have one:

★ Annual turnover of $3 million or more

★ Health service provider (also includes complementary therapists; child care centres and private schools)

★ You are a business buying or selling personal information (e.g. a customer list)

★ A contractor providing services under a Commonwealth contract

★ The operator of a residential tenancy database (e.g. a real estate agent)

★ Credit reporting body

★ Reporting entity for the purposes of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006

★ Employee association registered or recognised under the Fair Work (Registered Organisations) Act 2009

★ A business that conducts protection action ballots (e.g. a union)

★ Your business is related to a business the Privacy Act covers (e.g. a subsidiary)

★ Business prescribed by the Privacy Regulation 2013

★ Your business has opted in to be covered by the Privacy Act

To check whether you need to comply, you can complete the privacy checklist for small business found on the OAIC website here.


What should a Privacy Policy include?

A Privacy Policy should contain the following information:

★ The types of personal information you collect (e.g. name, email, phone number, address)

★ How you collect, use and disclose personal information

★ The purposes for which you collect personal information (e.g. marketing)

★ Whether personal information is disclosed to overseas recipients, and if so, which countries

★ The option to remain anonymous or use a pseudonym 

★ How an individual can access or correct the personal information you hold

★ Security and storage of personal information

★ Website cookies and third party sites

★ How to make a complaint about a privacy breach

★ How you can unsubscribe or opt-out


What are the benefits of having a Privacy Policy?

If you meet any of the conditions listed above, the main benefit of having a Privacy Policy is that you will be obeying the law. Serious fines can apply for breaches of the Privacy Act. Definitely want to avoid that!

Even if you aren’t required by law to have a Privacy Policy, there are still many benefits to having one anyway:

  1. It shows Google your website is more trustworthy and can improve your site’s search rankings
  2. It shows your website visitors that you will protect their personal information, giving you more credibility
  3.  It makes your website appear more professional


If your business has an annual turnover of over $3 million or meets certain criteria under the Privacy Act, you must have a Privacy Policy on your website.

Even if the Privacy Act 1988 (Cth) does not apply to your business, it is still a good idea to have one in place. It means that your customers are clear on what personal information you are collecting about them and how you will use and disclose it.

A Privacy Policy should be easy to read, easy to understand and easy to find on your website.

Need a Privacy Policy Template?
We've Got One!

Visit our Shop and grab a Privacy Policy for your website today.

Enjoy? Share with your friends