Do I need a privacy policy for my website in Australia? 2018 edition

Do I need an Australian privacy policy? Has the GDPR affected my website privacy policy? We answer all your questions and more.

One of the biggest questions we get from our clients when we’re designing their website is: Do I need a privacy policy for the website? Why do I need one?

We touched on this topic back in 2016, but like all things, they change! Here’s our updated version of the Australian privacy policy requirement for 2018.

The subject of website privacy policies in Australia is a big deal, and we’d like to clarify that as a website design agency, we can only provide general pointers to get you going. If you’re still not sure by the end of this article, we recommend visiting The Office of Australian Information Commissioner website or speak with your legal team.

How does the Privacy Act relate to your business and website?

Getting an idea about the Australian Privacy Policy starts with the Australian Government’s Privacy Act. As it stands, all private sector and not-for-profit organisations with an annual turnover of more than $3 million, all private health service providers and some small businesses are required to comply with the 13 Australian Privacy Principles when it comes to handling, using, accessing, holding and correction of personal information.

Two quick ways to identify if you need a privacy policy comes down to understanding these key items:

Personal information: Does your business and website collect information or opinions on an individual that identify or, at least, reasonably identify a person? Everything from email addresses (that you might collect through a newsletter sign up) to credit card details and physical addresses are all regarded as personal information

Annual turnover: Does your business have a gross annual turnover of AU$3 million each financial year?

If you answered yes to those questions, you likely need a privacy policy.

But how does this relate to websites? We’re glad you asked. Your website collects information called metadata. It’s a big deal as it can reveal information about you as an individual. Each website server will collect information about where the visitor came from, what device they used, what pages they looked at, how long they spent on a particular page and where they went from there. Websites CAN track this down to an individual connection.

Now, if you’ve identified that you need a privacy policy, you do have to display that on your website. Most website designers will pop this down the bottom banner of your website, out of the way, but still accessible.

Does the GDPR have anything to do with my privacy policy?

The GDPR has instituted some requirements for the wording of privacy policies to make it crystal clear that information is being collected. If you want to know how to make sure you’re following these requirements, we’ve detailed this further in our article: What does the GDPR mean for Australian Businesses?

A privacy policy is just the start, however. Website disclaimers, terms & conditions, terms of use for advertisers and contributors are some other policies you may need to include on your website.

Like we said, we’re not legal practitioners and this doesn’t constitute as legal advice, so always speak to your preferred legal team before taking action. What we can do, however, is offer your business an expert team of web designers, developers and digital marketers. For award-winning advice on digital strategy, website design and development, contact us today through the website or drop us a line on 07 3844 0577.

Read more insights