Does my business/NFP need to have a Privacy Policy + comply with the Australian Privacy Act?

Legal Background ➲ Australian privacy act 1988 (Comm.)

The Privacy Act and Australian Privacy Principles (‘APPs’) govern the collection, storage, use and disclosure of Personal Information

Australian businesses/NFP's are bound by the Privacy Act if they:

➲ “Opt-in” or publicly volunteer to be regulated;

➲ Handle Personal Information (defined below) + have $3 million or more in annual turnover; or

➲ Are captured by the second set of criteria set out in the Act.

Caution: The additional “second set” of criteria mean that every business or charity regardless of turnover may be caught if they sell or purchase Personal Information or handle specific categories of Personal Information, such as TFN (Tax File Numbers, Health + Medical Data, etc.)

Small business/NFP operators generally are exempt from the Privacy Act unless one of the above-mentioned points apply.

Does your business/NFP need to comply with the privacy act?

Click the below link to access the online guide:

Does my Business/NFP need to comply with the Privacy Act?

If you are still unsure you should take the cautious approach and put relevant privacy measures in place as well as seek Independent Legal Advice.

Credits:

This FAQ was extracted from the below blog article "Privacy Policies & Australian Law" by James D. Ford GAICD | Principal Solicitor, Blue Ocean Law Group℠ which was originally published in late 2018 + is hosted on iubenda's website.  

By way of full disclosure: Blue Ocean Law Group℠ is iubenda's Legal Network partner in Australia + New Zealand.

Blue Ocean Law Group℠ also collaborates with iubenda to present regular free webinars entitled:

How to make your website/app easily compliant with Australian Law?

Further Reading: