By Vanessa Emilio
Article sourced from – http://www.flyingsolo.com.au/ – Australia’s solo & micro business community
On 12 March 2014, significant changes to the Australian Privacy Law came into effect.
Who do the new laws apply to?
Strictly speaking, the current Privacy legislation is only a requirement for businesses with an annual turnover of $3M or more. There are some exemptions to this for businesses such as those involved in health services, advertising and marketing, contracting to the Commonwealth government.
Why you need a Privacy Policy
Just because your business does not meet the required $3M revenue threshold doesn’t mean you should not have a Privacy Policy. Here’s why:
- Credibility
Your business is more professional and has more credibility when you have a clear privacy practice in place. Privacy compliance is considered best business practice and most customers will appreciate it. It builds trust.
- Banks require it
If you are using a payment gateway for transactions on your website, then most banks normally require the publication of a privacy policy, a return/refunds policy and a warranty policy on your website or in your customer documentation.
- Google Adwords needs it
Google requires you to add a statement about cookies to your Privacy Policy, so you need a privacy policy in the first place!
- Customers expect it
Most businesses have a Privacy Policy, and if you don’t, customers will wonder why. They may even ask what you do with their information.
- OAIC Website Privacy Sweeps
The Office of the Australian Information Commission (it’s the Privacy Commissioner) has and will continue to do random sweeps of business websites, and will issue fines to non-compliant websites.
When they do their website privacy sweeps they do not know your revenue or whether your business needs to comply, so you may be required to prove your business revenue. Save yourself the potential trouble by having a Privacy Policy on your website.
In practical terms complying with the Privacy legislation has always meant your policy needs to inform people that you:
- Collect their personal information, what you collect and what you will do with it.
- Only use personal information about people in ways that they might expect.
- Do not pass personal information on without telling people.
- Give people the chance to see any information you hold about them if they ask.
- Keep personal information safe.
- Allow people to easily opt out of any marketing.
What you must now do to update your Privacy Policy
- Explain how a person is able to complain about a privacy breach and also how you will deal with any complaint.
- Tell your visitors and customers if you are likely to disclose personal information to overseas recipients and to which countries.
- Ensure you have specific details about what information you collect and how you use it.
- Include a statement confirming individuals can ‘opt out’ of further direct marketing.
- Add specific ‘opt outs’ on all communications (not just marketing).
- It is prudent to include a Cookies notification. If you target the US/UK markets, it’s already a requirement.
As you can see, privacy is an issue that every small business owner must take seriously. Building trust with your clients is vital, so getting your Privacy Policy right is good for business!