Privacy and the gathering and use of personal information is becoming a more and more important issue in Australia (and worldwide). The rules are gradually evolving and Australian websites are being actively monitored by the Office of the Australian Information Commissioner (OAIC). Make sure you understand what is expected of you if you gather any customer or website visitor personal information.
Legal issues covered in this guide
Click on any of the questions below to jump to that section of this legal guide.
- Privacy Policies for blogs?
- Privacy Policies for e-commerce websites?
- Privacy Policies for apps?
- Privacy Policies for email marketing?
- Do I need Privacy Policies for other countries?
- Do Australian website Privacy Policies meet UK and EU law?
- Do Australian website Privacy Policies meet US law?
If after reading this guide you still have a question, get in touch as we’d love to keep adding your questions to this comprehensive guide.
- You will respect a visitor’s privacy
- You will keep their personal information secure, and
- You will not misuse their email address
- Email addresses
- Physical addresses
- Telephone numbers
- Credit card numbers, etc.
If you are selling products or services online, your website should have both.
Your website should have both.
- The type of personal information that you collect and store
- The purposes for which you collect, hold, use and disclose personal information
- How you collect and securely store personal information
- A promise not to ‘spam’, sell or rent a visitor’s email address
- How an individual may access and correct any information you hold on them, including unsubscribing from any email list
- How an individual may complain about a breach of the Australian Privacy Principles and how you’ll deal with the complaint
- Whether you disclose personal information to other people or organisations, and if they’re overseas which countries, and
- Your contact details
- Take precautions against being hacked
- Purge out-of-date customer database records
- Act on email list unsubscribe requests promptly
A ‘cookie’ is a small file placed in your web browser that collects information about your web browsing behaviour. Use of ‘cookies’ allows a website to tailor its configuration to your needs and preferences, as well as potentially serve ads to you while you are browsing the Internet. Although ‘cookies’ do not access information stored on your computer or any personal information (e.g. name, address, email address or telephone number), they do allow collection of identifiable information.
If your website targets UK or EU users you should be aware of these additional ‘cookie’ regulations.
Yes. Google Analytics, Google AdSense and other analytics and ad serving networks track your website visitors using ‘cookies’. And these ‘cookies’ allow the collection of personally identifiable information from your visitors.
Maybe. If you accept online payments – either via PayPal or an online credit card transaction processor like Stripe – you need to tell your website customers how you handle their credit card details, address, telephone number, etc.
Do you store credit card details on your servers or in your shopping cart software? Is customer information encrypted and transmitted over secure (i.e. https) connections? Do your payment processing providers comply with international PCI (payment card industry) standards for data security?
Sometimes it is appropriate to link to the Privacy Policies of your payment processing providers – to give your customers greater comfort when dealing with you.
Privacy Policies for blogs?
- Comments: If you’re allowing blog comments, then you need a strong Website Disclaimer to inform visitors that you are not responsible for comments made by other people.
Privacy Policies for e-commerce websites?
E-commerce websites and online stores have a higher standard to meet when dealing with customer information and privacy issues. If you run an e-commerce site you will be taking payments online and transmitting/storing customer information such as credit card details, addresses, telephone numbers, etc.
- Credit card transaction processor
- Shopping cart provider
- Online CRM software provider, etc.
Privacy Policies for apps?
Privacy Policies for email marketing?
Did you know Australia has a Spam Act? Yes it does!
The Spam Act of 2003 prohibits the “sending of unsolicited commercial electronic messages”. And the penalties for breaking this law can be steep. For sending emails without consent, individuals can be fined $8,500 for each breach and companies can be fined $170,000!
If you are engaging in email marketing or you’re an affiliate marketer, make sure you comply with ACMA (Australian Communications and Media Authority) and American CAN-SPAM guidelines.
- Get consent by making people opt into your email list
- Include an unsubscribe link in every email you send
- Easy to read (i.e. not in a small font)
- Easy to understand, and
- Easy to find
We also offer free updates – so YOU don’t have to worry about changes to the Australian privacy legislation. We’re Australian lawyers and we make it our business to keep on top of these changes. We don’t overwhelm you with emails, but when the law changes and the template is updated we let you know.
Do I need Privacy Policies for other countries?
Do Australian website Privacy Policies meet UK and EU law?
New privacy legislation – The General Data Protection Regulation (GDPR) – came into effect in May 2018. This affects all businesses who collect personal information from UK and EU citizens. If you are an Australian business engaged in email marketing to UK and EU customers, then you need to comply with the new regulations.
For more information read our guide: How to Comply with GDPR.
No. Australia’s privacy regulations fall short of the UK’s (and EU’s) in one important respect. The UK’s Privacy and Electronic Communication Regulations include the requirement that if a website uses ‘cookies’ to track website visitor behaviour, then the visitor must be notified and consent to the use of ‘cookies’.
Australian online privacy laws may be modified in the future and more closely follow the UK/EU approach. However, this ‘cookie’ notification rule has been widely criticised and resulted in only 3 fines being issued in 3 years of implementation. So it may be that this regulation is either modified or disbanded in the future, before it is implemented in other countries.
Do Australian website Privacy Policies meet US law?
For over a decade there has been a great deal of debate in the US about strengthening their privacy laws. At the moment, there is no single regulatory body in the US that oversees privacy regulation. But with privacy being in the spotlight and with EU countries significantly modifying their privacy laws in recent years, this could easily change in the future.
We hope you found this guide to Australian Privacy Policies helpful.