Updating your privacy policy and why it is important

Since the introduction of the Australian Privacy Principles (APP) there has been frequent reviews by businesses and organisations on their privacy policies. Businesses and organisations that are bound by the Privacy Act 1988 (Cth) (the Act) are required under the APP to ensure that they have up to date privacy policy that accurately describes how the business or organisation manages personal information.

Personal information is defined under the Act as, “information or an opinion about an identified individual, or an individual who is reasonable identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.”

An entity operating outside of Australia will still have obligations under the Act if the entity has an Australian link. This includes if the business was formed in Australia, has its central management and control in Australia or is carrying on business that collects or hold personal information in Australia.

The introduction of the General Data Protection Regulation (GDPR) by the European Union ensures there is adequate protect of personal data of EU citizens. The handling of personal information in Australia is not limited to only businesses operating in Australia as the GDPR will affect Australian businesses that operate or conduct market research in the EU. These include businesses who:

Has an office in the EU;
Offers goods or services to EU citizens; and
Monitor the individuals of the EU.
The Regulations will come into force on 25 May 2018 and if you want more information on how the GDPR may affect you, Morrissey Law & Advisory has previously analysed this in our article on the GDPR.

It is important to note that each privacy policy will vary depending on the particular functions and activities of your businesses. A privacy policy is paramount to ensure that consumers are adequately informed on how their personal information is being collected and handled. It allows consumers to establish trust and allows businesses to ensure they are managing the relationship of existing and potential customers.

Here are some useful tips to assist you in making sure your privacy policy includes the information required.

Ensure you have an overview of the personal information that is held by your business. It is important to ensure you are aware of how the personal information is being handled, the policies and practices. This will ensure you are accurately describing to consumers how your business handles their personal information.
Make your privacy policy specific to your business or operation and consult and seek input from other departments in your business to ensure you are encompassing all areas in your business.
Arrange the information to focus on what readers are likely going to find important. Ensure that your privacy policy is not just a legal document but something that is simple and easy to read for consumers. Summarise where possible and be specific to ensure that information proivides clarity.
If you have any questions about your privacy policies and whether you comply with legislations and regulations please do not hesitate to contact Morrissey Law & Advisory.

This article was prepared by Hamish Geddes and Mary Ann Wen.

Disclaimer: This publication by Morrissey Law & Advisory is for general information and commentary only and should not be considered or relied upon as legal advice. Formal legal advice should be sought in relation to any matters or transactions that may arise in relation with communication.

2019-07-02T11:36:14+10:00May 23rd, 2018|Commercial & Corporate Advisory|