Do I need a privacy policy for my website in Australia?

Is your website breaching the Australian Privacy Act?


This is another curly question that we’re often asked. Privacy policy is a big serious issue and because we’re a digital design agency, not a law firm, we can only give you some very general reference points. The following information should NOT be regarded as legal advice, it’s a summary of publicly available information edited to be as concise and relevant as possible.

First, get to know the Privacy Act for your business

The first place to start getting an idea about the Australian privacy policy is the Australian Government’s Privacy Act. All private sector and not-for-profit organisation with an annual turnover of more than $3 million, all private health service providers and some small businesses (collectively called ‘APP entities’) must comply with the 13 Australian Privacy Principles when it comes to handling, using, accessing, holding and correction of personal information. The key to understanding this comes down to:

  • Personal Information – does your business – including your website – have information or opinions that can identify or reasonably identify an individual? This includes, name, address, telephone number, etc. If you have a contact form on your website – you’re collecting personal information. If you have a customer’s physical address, email address or credit card details, you have personal information.
  • Annual Turnover – does your business have an annual turnover of $3 million? Annual turnover is the gross (before tax) revenue or income for the 12-month financial year – July 1 to June 30 the following year.

If you answered yes to those questions – you need a privacy policy for your website, but remember we are NOT legal experts, so always check with a qualified legal professional. Getting further details from The Office of the Australian Information Commissioner is the first step:

What if my business turnover is less than $3 million?

Even if your turnover is a lot less – for example: $0, you probably still need a privacy policy. Always check with a qualified legal practitioner, but if you’re collecting personal information, your small business may still need to comply with the Australian Privacy Principles (APPs). This is particularly the case if:

  • your business is handling an individual’s consumer credit information, including credit reports, or
  • your business is handling an individual’s tax file number

If your small business handles any of these sorts of details, The Office of the Australian Information Commissioner has some great resources for you, including checklists and quick reference tools that tell you exactly which parts of the Privacy Act your business needs to comply with.

How does this relate to websites?

The privacy policy is relevant to your website, along with any apps or digital games you have developed, for two main reasons:

  1. because your website collects information that you don’t even know about. It’s called metadata and it’s also a really big deal because it can reveal information about an individual.
  2. every business that requires a privacy policy (and we’ve established that just about every business with a website does) needs to display that they have a privacy policy on their website.

A privacy policy is just the start

Have you ever scrolled down to the bottom of a website? To the very bottom – where there is some small fine print? Just like fine print in any other document, it’s where important legal information resides.

Here’s a quick summary of the fine print your website may or may not need to include:

  • If you own a website that publishes information or advice, you need a website disclaimer
  • If you sell goods or services on your website, you need to comply with Australian consumer law. You need terms & conditions
  • If you allow advertising on your website you need terms of use for advertisers
  • If you allow contributors to post on your website, you need terms of use for contributors

As we’ve stated before, the words and details above DO NOT constitute legal advice. For any legal information about a website privacy policy, seek advice from a qualified legal practitioner.

If only everything was as simple as good digital design, that’s an area where iFactory is an expert. For award-winning advice on digital strategy, digital marketing, web design and web development , contact us.

Read more insights