The accessibility of the online world has opened doors for businesses and their customers alike. However, operating online comes with its own set of rules.
If your business has a website, then you want to make sure it’s compliant with privacy laws. Following the correct rules and regulations can save you from complaints and penalties down the line.
There are exceptions to this rule:
- If you are a health service provider or your business possesses the health information of others (for example, NDIS providers are often required to collect health information)
- If operating under a business that requires you to collect personal information.
- If you are operating under a commonwealth contract
This includes names, phone numbers and addresses.
Therefore, if your website collects information from those visiting it, such as emails, phone numbers, names and addresses then you fall under the exception and need to adhere to privacy laws.
A privacy statement should include your business name and how to contact you. Additionally, it needs to cover details about the information that is being collected.
- The kind of information being collected
- The purpose of collecting it
- How it will be stored
- How it will be used
- Consequences if not collected
The Privacy Act
The Privacy Act has thirteen Australian Privacy Principles. These principles set guidelines for handling information online, namely, the collection of information, transparency, protection, access and accuracy of the information.
It outlines the responsibility of a business to take reasonable steps to ensure that they have met all their obligations regarding website privacy.
Additionally, the principles also deal with disclosing information overseas. Even if your business is established in Australia and you’re expanding overseas, it’s vital to be familiar with these practices.
Is This Legally Enforceable?
The Office of the Australian Information Commissioner (OAIC) handles any claims of breaches of the APP. If there are multiple breaches, they do have the power to impose civil penalties on businesses.
The EU General Data Protection Regulation (GDPR) is the document which provides online privacy for web users based in the European Union.
Non-compliance with the regulations will result in a heavy financial penalty of either €20 million or 4% of your global revenue.
How Serious Are They?
The GDPR has fined major companies before for breaching privacy policies. In 2021, it was reported GDPR had fined Amazon $877 million dollars for a matter apparently regarding cookie consent. The fine was issued and Amazon was requested to make subsequent changes to its practices.
What Other Policies Might I Need?
Cookies remember information and a user’s browsing history. So, it’s a common way for websites to store a user’s information and monitor their online activity.
Cyber Security Policy
A cyber security policy is something every business should have. Even if your business is not an ecommerce business, it is common for you to have some online element that requires compliance with privacy laws.
This is particularly important if your business requires any handling of information from customers such as personal information, credit cards numbers and cookies. A cyber security policy will aim to protect all that information from potential hackers and scammers.
Data Breach Response Plan
Once you have obtained the personal information of another person, you are responsible for that information. It is crucial that you have a plan in place to protect that information.
If a breach were to occur, then you would need to have a process ready. A Data Breach Response Plan is the best way to do this. Rather than panic, having the right steps in place can prevent further damage from happening.
A confidentiality clause is a binding agreement to keep particular information private. If you are giving a third party access to information and don’t feel the privacy act fully covers your requirements, then you may want to consider having a lawyer help you draft a confidentiality clause.
This can also apply to employees of your business who have access to trade secrets and other valuable inside information that could potentially threaten your competitive edge in the market.
Where Do I Begin?
Get your FREE quote now.
We'll get back to you within 1 business day.