If the Privacy Act 1988 (the Act) applies to your business, you must have a Privacy Policy. If you fail to comply, you face fines of up to $1.7 million for companies, or $340,000 for entities that are not companies (including individuals) for serious or repeated breaches of the Act.

A Privacy Policy states how your business will collect and deal with personal information. The Australian Privacy Principles (APPs) contained within the Act require your Privacy Policy to contain, amongst other things, how you will use and disclose the personal information that your business collects.

How do I draft the ‘disclosure of personal information’ clause?

Now that your customers know that you are collecting their personal information, the next thing they probably want to know is what you will be doing with that personal information and to whom it will be disclosed.

In your Privacy Policy, you need to have a well-drafted ‘disclosure of personal information’ clause, which sets out the circumstances in which you will disclose the personal information of a customer. You may simply be disclosing personal information to a third party service provider so that you can provide the necessary products and services to the customer, but regardless of how obvious it may be, it should be disclosed to the customer.

Other parties to which your business may disclose personal information may include any of the following:

  • Credit reporting agencies and courts;
  • Tribunals, regulatory authorities where customers fail to pay for goods or services provided to them; and
  • Courts, tribunals and law enforcement officers as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend your legal rights.

You may also wish to have a contract lawyer include a clause that sets out what will happen if, and when, your business is sold. If your customer database will also be sold, then you are disclosing the personal information of all of your customers to another individual or entity, and this should be clearly stated in your Privacy Policy. Even if you plan on drafting a Privacy Policy yourself, it is certainly worth having a contract lawyer review this to ensure you are compliant.


It is important that your business has a Privacy Policy that is compliant with the Act, which means that your Privacy Policy must address the circumstances in which a customer’s personal information may be disclosed.

Having a Privacy Policy is good business practice and highly recommended for any business that collects personal information.

At LegalVision we provide a compliant free website Privacy Policy.

However, if this is too simple, and you believe that your business requires a more detailed Privacy Policy, one of our lawyers would be happy to provide you with a review and prepare a Privacy Policy that is tailored to your business.

If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.
Would you like to get in touch with Priscilla about this topic, or ask us any other question? Please fill out the form below to send Priscilla a message!