Does My Small Business Need a Privacy Policy?
This is something I am asked a lot.
In short, my view is that every business needs and should have, a privacy policy. We are living in a digital age where more and more businesses are transacting online. You want to build trust with your audience, so even if your small business is currently exempt from the legislation that governs this area, my view is a privacy policy is an important element to building trust online, so your business should have one.
There is legislation that governs the collection, storing, and use of personal data, and that’s the Privacy Act 1988 (Cth). This is a piece of legislation that does a whole host of things, including regulating the way personal data is handled by businesses, and this includes outlining the legal basis for disclosing the personal data your business collects. In simple terms, a small business shouldn’t be disclosing personal data unless legally required to, such as if a subpoena is issued.
What is a privacy policy?
A privacy policy is your business policy that sets out for consumers (visitors to your website, for example, and your clients) what personal data your business is collecting; what is being done with that personal data (aka is it stored safely), and explains when you will disclose that personal data (whilst you and I know that you won’t disclose your client personal data unless you are required to by law, it is nice to actually let people know this).
What is personal data?
It’s any sort of data provided by your clients or website users. A simple name and email address is personal data according to the legislation. Often consumers are required to provide business and address details, payment details and so on, and this is all personal data.
Are there exceptions?
There are some exceptions under the Privacy Act that excludes certain small business owners from the legal requirement to have a privacy policy, although it is important to note that this is under review as a part of the Government's response to the ACCC's Digital Platforms Inquiry. The review being undertaken by the Attorney-General's office is all about looking to bring Australia's privacy laws into the digital era. That means strengthening privacy protections for individuals and streamlining compliance for businesses working across international borders.
There is a lot happening in this space, and what that may ultimately mean is that the exclusions may be removed, meaning that all small businesses will be required to have a privacy policy. A business could get caught out if it is relying on an exclusion and that exclusion is removed.
Is there a downside to having a privacy policy?
No. So ask yourself “why wouldn’t my business want to have one?”
In addition to building trust, my view is that transparency is a good thing for small business owners, as is professionalism. A small business’ documents are an extension of their business, so of course we want them to be professional and explain to consumer (or users of a website) what a business is planning to do with personal data.
Not sure how to have a privacy policy prepared for your business, or what it needs to include? We can definitely help with this! Ensuing your privacy policy is tailored for your business is just as important as having one. Reach out to us and we can help you get this sorted.
Our article Legal Advice for Small business | Ultimate Guide sets out more about other important legal documents and advice for small business owners.