Privacy Policies

Privacy Policies

You may have noticed that privacy policies are now standard features on most websites that you visit. This is because Australian privacy laws impose a requirement on certain types of businesses to have a privacy policy on their websites.

If you are thinking of creating a website for your business, you will need to consider whether you are required to have a privacy policy and what sort of information it needs to contain.

What is a Privacy Policy?

A privacy policy is a legal notice to anyone who uses your website regarding the collection of personal information and data. By having a privacy policy, it gives you the opportunity to inform users on how their personal information and data will be used and how it will not be used. With privacy policies becoming more standard practice across all industries, the legitimacy of your business may be questioned if your website does not have one.

Does your business require a privacy policy?

Despite the abundance of privacy policies on websites these days, not all businesses are required to have one on their website. Under Australian privacy laws, only those businesses who have an annual turnover of $3 million are legally required to have a privacy policy.

However, there are certain businesses that are legally required to have a privacy policy despite not having an annual turnover of $3 million, these include:

  • health service providers;
  • businesses who buy and sell personal information;
  • credit reporting bodies;
  • employee associations that are recognised under the Fair Work Act (Registered Organisations) 2009;
  • businesses that collect residential tenancy information;
  • businesses that are contracted as service providers under a Commonwealth contract;
  • businesses that are related to businesses covered by the Privacy Act; and,
  • businesses that have chosen to be recognised by the Privacy Act 1988 (Cth).

Even if your business does not meet the threshold required by Australian privacy laws to have a privacy policy, you should still consider implementing one onto your website, particularly if your website requires registration or uses data analytics. By being transparent with the users of your website on how you will manage their personal information and data, users will have more confidence in using your website as opposed to those websites who are not transparent with their data collection practices. 

What should my Privacy Policy contain?

Your privacy policy must be an accurate reflection on how your business manages personal information and data. Australian privacy laws require privacy policies to be clearly expressed and current in terms of how personal information and data is being managed at the time the user is visiting your website.

Regardless of your personal information and data collection practices, all privacy policies should contain the following key elements:

  • What type of data is being collected
  • Why your business is collecting that type of data
  • How your business is using that data
  • Why your business is using that data in a particular way
  • Whether the data can be disclosed to third parties
  • If data can be disclosed to third parties, in what circumstances can it be disclosed to third parties
  • Where the data you collect is stored
  • What measures you are taking to prevent data theft
  • How users can make a complaint and inquiry regarding how you manage their personal data

Depending on your business, there may be further information that you will need to include in your privacy policy. This is where our team of qualified solicitors can guide you in the right direction.

Where your Privacy Policy should be located on your website

If you have made the effort to create a privacy policy for your website, the next step is making it accessible to your users. Ideally, the privacy policy should be accessible on any webpage that a user can access on your website. It is impractical and unreasonable to expect users to click certain tabs and links to find your privacy policy. This is why you will find most privacy policies in the footer of all webpages accessible on a website.

If your website requires registration by the user or allows users to submit their emails to subscribe to a service offered by your website, a direct link should be visible to users when they are entering in this information. In fact, it is common to require users to tick a box agreeing that they have read the privacy policy. While most users are unlikely to read the privacy policy, it is a necessary step to protect your business, particularly when valuable personal information and data can be compromised by hackers and intruders.


Drafting a privacy policy that accurately reflects your personal information and data management can be difficult without a proper understanding of how Australian privacy laws work as it is these laws which will dictate how you should be collecting and using personal information and data.

Whether you are thinking of creating your own privacy policy or if you already have an existing privacy policy, we recommend seeking guidance from our team at GLG Legal who will be able to provide you with expert advice on how to draft a privacy policy fit for your business.