Why Does Your Website Need A Privacy Policy?

In general, all Australian websites should have a Privacy Policy statement. While there are a few that can 'squeak by' without one, Australian Consumer Law now requires that you post one in the event you collect any information from your visitors or customers. This includes their email addresses, phone numbers, physical address, credit card numbers, or the like. Simply having a 'Contact Us' form on your site means you must post a Privacy Policy.      

However, it's not just Australian consumer law that mandates you have a Privacy Policy. Google does also. For many business owners, being 'dropped' from the Google search index would be catastrophic for their businesses, since their customers would have a hard time finding them. As it turns out, Google has begun checking to see whether you have a privacy policy in place -- and penalising websites which do not.         

If you use Google services like Google Analytics, you are specifically required to post a comprehensive privacy policy that mentions your use of the Google services to collect data. This is also true for Google AdSense, Google AdWords, Google Maps & Google Earth, and more. Simply including a map of your location that is based on Google Maps thus requires you to have a Privacy Policy, and if you don't you may find Google taking action to enforce this requirement against you.

Facebook also requires a privacy policy if you want to create an app on their site. If you don't, they may notify you about a "privacy policy violation" and threaten you with "enforcement action" -- in other words, removing your app from Facebook's business page tabs -- unless you comply within a very short time period. This is definitely a scenario in which it is better to be prepared than to be caught scrambling at the last minute.         

To go even further, think about the issue of trust. Posting a Privacy Policy shows you being honest and open, which helps build trust with your customers. The more they trust you, after all, the more likely they are to do business with you. When someone hands over their email address or payment details, they don't want them to be misused, and so spelling out exactly how you will use and store what they give you helps gain their trust.   

What is your privacy policy required to include?

According to Australian law, anyone who collects customer or visitor information must post a privacy policy that clearly states the information you collect, and how you use it.          

At the same time, it's generally good practice to cover several more points, as well. Specifically, you should include a promise that you will not "spam" users or sell or rent out their personal details (and if you do the latter, you are required to have a separate legal document covering that). You should also reassure them that unsubscribing from any of your email lists is easy.           

It's worth noting that Australian law requires you to collect only the information that is needed for conducting your business, and to describe in your Privacy Policy how you will secure and safeguard the information you collect.

If you target visitors from the EU -- which includes the EU -- you are also required to have a 'Cookie policy statement' and actively notify your website that you use cookies on your site. What is a Cookie policy statement? This is a notification that your website uses so-called 'browser cookies,' which are capable of tracking users but not accessing specific information on their computers.

Australia may also add a clause to the law requiring a Cookie policy statement soon enough, so it's best to be on the safe side and ensure your Privacy Policy has one. This is one benefit of getting a legal template from a reputable company that will do anything to make your life easier -- including updating the template if the law changes and notifying you of the new template.    

It's crucial to note that having a Website Disclaimer or Terms and Conditions is not the same as a Privacy Policy. In, fact a Privacy Policy is totally different from those two documents. Your Privacy Policy covers how you collect and secure customer and visitor information on your site, like browsing activity and email addresses. Website Disclaimers or Terms and Conditions, on the other hand, deal with questions like the accuracy of the information on your site, ownership of copyright, loss or damage liability, refund policies, warranties, guarantees, links, and the like. In general, you should have both a Privacy Policy and a Website Disclaimer, and if you sell online you must also have a Terms and Conditions.