Privacy Policies. They sound like a pain – and if you've ever tried to read (or decode) one, you'll know that they can be pretty arduous to make sense of.
APP Entities include:
- Businesses with an annual turnover of more than $3million (not including assets held, capital gains or proceeds of capital sales)
- Your business collects and trade personal information without the consent of the individual
- Your small business is a health service provider
- Your small business is required to comply with the data retention provisions under Part 5-1A of the Telecommunications (Interception and Access) Act 1979
On that note, it's not a document that should be drafted to mitigate risk in heavy legalese. It's something that should build trust between the company and people whose information you are collecting. It should be easy to read and reflect the company and its values.
- The kinds of information you collect and hold
- How you collect personal information
- How you hold personal information
- The purposes for which you collect, hold, use and disclose personal information
- How an individual may access and correct their personal information
- How an individual can complain if you, or a contractor, breaches the apps or a binding registered app code
- Whether you are likely to disclose information to an overseas recipient
The best way to present this information is in layers. Use headings such as "scope", "collection of personal information" and "disclosure" to make it easier to understand for the user.
So what is personal information? It's a very broad term, and captures any information (or opinion) about a person who is reasonably identifiable, or is identified.
- Phone number
- Bank account details
If you don't comply with the Privacy Act 1988 as required by law, an individual can make a complaint about your company to the OAIC. They have the power to investigate, conciliate and make determinations based on the complaint.
Breaches of the Australian Privacy Principles can result in civil penalties, and repeated breaches of the law in large fines. This can be $360,000 for individuals and up to $1.8 million for corporations.