Many businesses deal with the personal information of their customers daily. Under Australian law, businesses that deal with personal information must comply with privacy regulations and have a privacy policy in place. If you have recorded even just the names and phone numbers of your customers, you might need a privacy policy. This article will explain what the legal requirements are for your business when collecting personal information from your customers.

Australian Regulations

Australian law regulates how businesses and government agencies can handle and collect personal information. Under the law, there are 13 Australian Privacy Principles (APPs) that govern the rights and obligations of businesses when dealing with privacy and the personal information of customers. These rules are relatively flexible, so you can tailor them around your business model and the needs of your customers. 

If your business breaches any of these privacy regulations, you may face regulatory action. This may involve being investigated by the Office of the Australian Information Commissioner (OAIC) and receiving serious penalties.

What is Personal Information?

Under Australian law, personal information is any information about someone where you can reasonably identify the person due to the information. It does not matter whether the information is true or not, or whether the information or opinion is recorded in a material form or not. What constitutes personal information is not always straightforward, so you should always treat information as personal information if you have any doubt. 

Examples of what might constitute personal information include:

  • names;
  • addresses;
  • phone numbers;
  • date of births;
  • tax file number;
  • bank or credit card details; and
  • medical records.

What is a Privacy Policy?

A privacy policy is a legal document between your business and each person that you collect information from. A privacy policy should describe when your business needs to handle personal information and how you will do so. You must ensure that your policy complies with the APPs.

Activities which involve handling personal information may include:

  • providing services;
  • marketing campaigns;
  • handling complaints;
  • managing employee records;
  • running a website; and
  • sending newsletters.

Your policy should describe:

  • exactly what personal information your business collects;
  • the purpose behind your business collecting this information; 
  • whether your business discloses personal information to overseas entities; and
  • how individuals can access their personal information.

When Do You Legally Need a Privacy Policy?

You will need to have a privacy policy if your business is an APP entity. If your business handles personal information and has an annual turnover of $3 million or more, it is an APP entity. Consequently, you must have a privacy policy that is up-to-date and available to the public.

However, if your business handles personal information but has an annual turnover of less than $3 million, you may still be an APP entity if your business:

  • is a health service provider (this includes gyms);
  • sells or purchases personal information; and
  • has opted-in and chosen to comply with the APPs.

What Are the Benefits of a Privacy Policy?

While not all businesses that collect information from customers will legally need a privacy policy, there are many benefits to having one in place. Having a clear policy in place will assist to manage your legal risk. Further, it ensures that your customers are aware of:

  • which information you collect from them; 
  • how you store their information; and 
  • what you use it for.

Having a privacy policy in place instils confidence in your customers, even when you are not legally required to have one. 

Key Takeaways

Under Australian regulations, you must have a privacy policy in place if you are an APP entity. A privacy policy will set out how you use your customer’s personal information. Even if your business is not legally required to have a privacy policy, having one will instil confidence in your customers. If you need assistance with drafting or reviewing a privacy policy, contact LegalVision’s IT lawyers on 1300 544 755 or fill out the form on this page. 

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.
Casey D'Souza

Get a Free Quote Now

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • We will be in touch shortly with a quote. By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.

Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at

View Privacy Policy