Table of Contents
1. Review your website
While we will discuss in more detail who privacy laws apply to in the next section, privacy laws generally apply to websites that collect Personally Identifiable Information (PII). PII is defined as any information that could identify someone. Examples of PII that are commonly collected by websites include:
- Phone numbers;
- Physical addresses; and
- IP addresses.
- Contact forms;
- Email newsletter sign up forms;
- Account creation forms;
- eCommerce portals where consumers can make purchases; and
- Analytics programs such as Google Analytics.
Once you have reviewed your website for these features and determined what PII you collect, you should also ask yourself:
- How do I use the PII that I collect?
- Who, if anyone, do I share this PII with?
Once you have reviewed your website, it is time to determine what privacy laws apply to you.
2: Determine which privacy laws apply to you
While privacy laws have a very broad application in the sense that they apply to businesses outside of the states or countries in which they are passed, they also have certain criteria that you need to meet for the law to apply to you. Therefore, you should not just assume that every privacy law applies to you, but you should determine your obligations.
- Australia Privacy Act of 1988: applies to Australian organisations with an annual turnover of more than AUD $3,000,000 and the organisations outside of Australia that have an Australian link. It also applies to the following Australian organisations even if they have a turnover of less than AUD $3,000,000 per year:
- Private sector healthcare providers;
- Businesses that sell or purchase PII;
- Credit reporting bodies;
- Contracted service providers for Australian government contracts;
- Employee associations registered or recognized under the Fair Work (Registered Organisations) Act 2009;
- Businesses that have opted in to comply with the law;
- Businesses that are related to a business covered by the law; and
- Businesses prescribed by the Privacy Regulation 2013.
If your business website sells or captures PII of citizens of countries other than Australia, you need to be aware of the laws that apply to them as well.
3: Include the necessary disclosures
- The effective date of your policy;
- Your name and contact information;
- What PII you collect;
- Sources from which you collect the PII;
- Purposes for which you will be using the PII;
- Whether you share PII and, if you do, the categories of third parties with whom you share it;
- How your website responds to Do Not Track signals;
- Whether you sell PII – fi you do, you may need to make further disclosures regarding such sales;
- Whether you use PII for targeted advertising and how individuals can opt out (this disclosure will start to be required in 2023);
- A list of the privacy rights provided to consumers;
- How a consumer can exercise their privacy rights;
- How a consumer can appeal a decision made regarding a privacy rights request (this disclosure will start to be required in 2023);
- How a user can complain to the authorities if they feel like their privacy rights have been infringed upon;
- Legal bases under which you process PII;
- How long you store PII;
- Whether you use PII for direct marketing;
- Whether you use PII for automated decision making or profiling;
- Whether you transfer PII outside of certain countries or to an international organization;
- How you protect the PII that you collect;
- Whether you use any type of analytics on your website such as Google Analytics; and
Get in touch if you think your website needs a more robust Privacy page.
We partner with Termageddon to help you reduce your risk.