Reading time: 4 minutes

Data security is an increasing issue for Australians today. In a world where individuals increasingly need to share their sensitive personal information with various organisations, many worry that their privacy will suffer. These concerns include the data they give to charities and not-for-profits (NFP) given that such bodies often hold financial information like credit card details. For charities and NFPs to realise their goals then, they need to respond to such concerns. If you run an NFP or charity and need information about how a privacy policy can benefit you, this article discusses why you need one, when you need one and what it should say.

Why Do I Need a Privacy Policy?

Your charity and NFP may need a privacy policy to comply with their legal obligations under the Privacy Act 1988 (Cth) (the Act). Schedule 1 of the Act contains the Australian Privacy Principles (APP). These regulate how businesses, government agencies and organisations handle, use and manage personal information.

Principle 1 seeks to safeguard the open and transparent use of data. APP entities need to take all reasonable steps to implement internal practices such that an organisation complies with the APP and can deal with customer complaints and questions about their compliance with them.

Principle 1.3 requires that all APP entities have a comprehensive, accessible and up to date privacy policy concerning how they manage personal information. As Schedule 1 of the Act (containing the APP) amended the Act itself, the APP are Australian law.

When Do I Need a Privacy Policy?

Your charity or NFP requires a privacy policy if it meets the definition of an APP entity in the Act.

Under the Act, an APP entity is either an agency or organisation.

An agency is a government department or other public position including (among others) ministers, the Australian Federal Police and federal courts.

The Act defines an organisation as:

  • An individual;
  • Body corporate;
  • Partnership;
  • Any other unincorporated association; or
  • Trust.

Unless that organisation is a:

  • Small business operator;
  • Registered political party;
  • A state or territory authority, agency, or a prescribed instrumentality of a state or territory.

A small business operator is an individual, body corporate, partnership, unincorporated association or trust who carries on one or more small businesses with an annual turnover of $3,000,000 or less in the preceding financial year.

In short, the Act requires your charity or NFP to have a privacy policy if your business structure makes you an organisation and your annual turnover exceeds $3,000,000. Note that the Act refers to turnover rather than profit.

However, your charity or NFP should seriously think about having a privacy policy even if you do not need one legally. Many people like to know how a business handles their data, especially if they are giving them financial details.

What Should Your Policy Say?

Your privacy policy needs to tell people how your charity or NFP manages, protects and safeguards its data. Be sure to inform people how you identify possible risks to your information and what you do with the information you no longer need.

Let people know that they can access their data and how to do so. Also, outline your procedures for handling questions and complaints about the handling of personal information.

You might also discuss how you safeguard the quality of your information and your systems vis-à-vis independent contractors who may have access to data.

When you draft your policy, concentrate on the structure as well as the content. Headings can help orient customers. Simple language is best because your policy is then easy to read and understand. If you need to summarise, do so unless it affects the quality of your policy.

Providing a link to the APP (if applicable) is an excellent idea as is giving clear contact details if customers wish to make an inquiry or complaint.

The Office of the Australian Information Commissioner has produced a guide to drafting a legally comprehensive privacy policy. It is available online at no charge and is easy to follow and understand.

However, think carefully about obtaining professional legal assistance to draft your policy. While it may involve cost, it will ensure that it meets any and all of your legal obligations.  You can focus on your work in the community.


If you have any questions concerning privacy policies or need help to draft one, the ACNC sets out some tips on developing your own privacy policy.


Redundancies and Restructuring: Understanding Your Employer Obligations

Thursday 7 July | 11:00 - 11:45am

If you plan on making a role redundant, it is crucial that you understand your employer obligations. Our free webinar will explain.
Register Now

How to Sponsor Foreign Workers For Your Tech Business

Wednesday 13 July | 11:00 - 11:45am

Need web3 talent for your tech business? Consider sponsoring workers from overseas. Join our free webinar to learn more.
Register Now

Advertising 101: Social Media, Influencers and the Law

Thursday 21 July | 11:00 - 11:45am

Learn how to promote your business on social media without breaking the law. Register for our free webinar today.
Register Now

Structuring for Certainty in Uncertain Times

Tuesday 26 July | 12:00 - 12:45pm

Learn how to structure to weather storm and ensure you can take advantage of the “green shoots” opportunities arising on the other side of a recession.
Register Now

Playing for the Prize: How to Run Trade Promotions

Thursday 28 July | 11:00 - 11:45am

Running a promotion with a prize? Your business has specific trade promotion obligations. Join our free webinar to learn more.
Register Now

Web3 Essentials: Understanding SAFT Agreements

Tuesday 2 August | 11:00 - 11:45am

Learn how SAFT Agreements can help your Web3 business when raising capital. Register today for our free webinar.
Register Now

Understanding Your Annual Franchise Update Obligations

Wednesday 3 August | 11:00 - 11:45am

Franchisors must meet annual reporting obligations each October. Understand your legal requirements by registering for our free webinar today.
Register Now

Legal Essentials for Product Manufacturers

Thursday 11 August | 11:00 - 11:45am

As a product manufacturer, do you know your legal obligations if there is a product recall? Join our free webinar to learn more.
Register Now

About LegalVision: LegalVision is a commercial law firm that provides businesses with affordable and ongoing legal assistance through our industry-first membership.

By becoming a member, you'll have an experienced legal team ready to answer your questions, draft and review your contracts, and resolve your disputes. All the legal assistance your business needs, for a low monthly fee.

Learn more about our membership

Need Legal Help? Submit an Enquiry

If you would like to get in touch with our team and learn more about how our membership can help your business, fill out the form below.

Our Awards

  • 2020 Innovation Award 2020 Excellence in Technology & Innovation Finalist – Australasian Law Awards
  • 2020 Employer of Choice Award 2020 Employer of Choice Winner – Australasian Lawyer
  • 2020 Financial Times Award 2021 Fastest Growing Law Firm - Financial Times APAC 500
  • 2020 AFR Fast 100 List - Australian Financial Review
  • 2021 Law Firm of the Year Award 2021 Law Firm of the Year - Australasian Law Awards
  • 2022 Law Firm of the Year Winner 2022 Law Firm of the Year - Australasian Law Awards