Australian businesses/NFP's are bound by the Privacy Act if they:
➲ “Opt-in” or publicly volunteer to be regulated;
➲ Handle Personal Information (defined below) + have $3 million or more in annual turnover; or
➲ Are captured by the second set of criteria set out in the Act.
Caution: The additional “second set” of criteria mean that every business or charity regardless of turnover may be caught if they sell or purchase Personal Information or handle specific categories of Personal Information, such as TFN (Tax File Numbers, Health + Medical Data, etc.)
Small business/NFP operators generally are exempt from the Privacy Act unless one of the above-mentioned points apply.
Click the below link to access the online guide:
If you are still unsure you should take the cautious approach and put relevant privacy measures in place as well as seek Independent Legal Advice.
This FAQ was extracted from the below blog article "Privacy Policies & Australian Law" by James D. Ford GAICD | Principal Solicitor, Blue Ocean Law Group℠ which was originally published in late 2018 + is hosted on iubenda's website.
By way of full disclosure: Blue Ocean Law Group℠ is iubenda's Legal Network partner in Australia + New Zealand.
Blue Ocean Law Group℠ also collaborates with iubenda to present regular free webinars entitled: