My mate says he can give me a privacy policy to use in my business, will that do?

Unless your mate is a lawyer, then no, probably not. I’d probably give that cheap TV he’s offering (the no-name brand with the “Sony guts”) a wide berth as well.

A privacy policy should be adapted to your business and set out how your business in particular deals with personal information.

A generic or “borrowed” policy may contain processes which do not meet your business requirements and mis-describe the types of personal information you collect. It can contain mistakes (that will then be replicated when you copy it) and may also be out of date with current Privacy Act requirements or common practice. Lastly, using someone else’s policy without permission may constitute copyright infringement.

What is a privacy policy?
A privacy policy is a document that sets out how your business collects, uses and discloses the personal information of the individuals with whom it deals. “Personal Information” is defined fairly wide under the Privacy Act 1988 and can include information or an opinion about an identified person, whether it is true or not. Generally speaking, it needs to be “about” an “identified individual” or an individual who is “reasonably identifiable”. In short, information that is not about an individual (because there is only a remote connection to that person) is not personal information.

I’m only small, do I really need to have a privacy policy?
If your small business turnover exceeds $3m (or it falls into a number of specific categories, such as health service providers or businesses trading in personal information) then the Privacy Act 1988 covers your small business and you’ll have to comply with the Australian Privacy Principles (APPs).

APP 1.3 requires an APP entity to have a clearly expressed and up-to-date APP Privacy Policy.
It is critical that such a policy is clear, coherent and written in plain English which is easily understood.

Is there a benefit to having a policy even if I’m not strictly required to?

Even if your business is not required to have a privacy policy under the Privacy Act, it may still be prudent to have one so that potential clients can easily understand what information you will be collecting about them and how that will be used (or disclosed).

In this sense, a well drafted and administered policy can assist you to project a professionalism that gives potential clients confidence in dealing with your business.

Having a privacy policy can also help position your business for future growth and establish best practice among your employees. It may empower staff to uniformly address any customer privacy concerns, deal swiftly with complaints and aid in the development of best practice as the business evolves.

If you require professional assistance and advice with a privacy policy for your business, contact a member of our team for practical, no-nonsense guidance.

Joseph Carneli
Senior Associate

2020-07-30T23:33:42+00:00July 20th, 2020|Business Advice, Compliance, Corporate Advisory, Data Protection|Comments Off on My mate says he can give me a privacy policy to use in my business, will that do?