Unless your mate is a lawyer, then no, probably not. I’d probably give that cheap TV he’s offering (the no-name brand with the “Sony guts”) a wide berth as well.
A generic or “borrowed” policy may contain processes which do not meet your business requirements and mis-describe the types of personal information you collect. It can contain mistakes (that will then be replicated when you copy it) and may also be out of date with current Privacy Act requirements or common practice. Lastly, using someone else’s policy without permission may constitute copyright infringement.
If your small business turnover exceeds $3m (or it falls into a number of specific categories, such as health service providers or businesses trading in personal information) then the Privacy Act 1988 covers your small business and you’ll have to comply with the Australian Privacy Principles (APPs).
It is critical that such a policy is clear, coherent and written in plain English which is easily understood.
Is there a benefit to having a policy even if I’m not strictly required to?
In this sense, a well drafted and administered policy can assist you to project a professionalism that gives potential clients confidence in dealing with your business.