Privacy Policy: Why your website needs one

As a digital agency we build new websites, and part of that process is to help our clients compose content. It is interesting how many business owners insist on ditching the traditional ‘Privacy Policy’ and ‘Terms of Use’ pages to make space for more trendy footer links and widgets, or are happy to ‘copy and paste’ pages from competitor websites and adapt it based on their needs. This made me wonder about the need for these pages in today’s digital age, and whether or not the ‘copy and paste practice’ is enough to keep you on the right side of the law.

In addition – based on our experience – most advertisers on Social platforms, Google and other third party providers such as Mailchimp are blissfully unaware of the additional privacy clauses that have to be included in your website’s standard privacy policy, so we will set the record straight with a downloadable infographic summarising the additions.

Definitions

Before we look at Privacy Policy requirements and best practices, first some definitions of each of the terms relevant in this article:

• Privacy Policy: ‘So, a privacy policy is a legal statement that tells the user how a company or website operator may use, gather, manage or share the personal data that the user sends to the website when using that website or service.’[1]
• Personal Data: ‘Personal information can be anything that can be used to identify an individual, not limited to but including:
  • Name
  • Address
  • Date of birth
  • Marital status
  • Contact information (including telephone number or email address)
  • Financial records
  • Credit card information
  • Medical history’[2]
• ‘a Terms of Use (or Terms and Conditions) acts as a contract between the company (you, website owner, mobile app developer, etc.) [3] and the users or end-users who will use the service (website, mobile app or Facebook, etc.)’ . It ‘includes sections pertaining to user rights and responsibilities, definitions of key words and phrases found within the website, the definition of what the website considers to be proper use of their website, accountability for various online actions users can engage into, limitations of liability clarifying the websites position on damages and” [4] so on.

For purposes of this article I will not explore Terms and Conditions any further, but the reason I brought it up here is to iterate the following important note when considering to include or exclude these on your website:

A Terms and Conditions statement/page is optional for your business. A Privacy Policy is required by law.

Australian Requirements

In Australia the Privacy Act of 1988 regulates how data privacy should be handled. Schedule 1 of the act contains The Australian Privacy Principles (APPs) which ‘outlines how most Australian and Norfolk Island Government agencies, all private sector and not-for-profit organisations with an annual turnover of more than $3 million, all private health service providers and some small businesses (collectively called ‘APP entities’) must handle, use and manage personal information.’[5]

Principle 1 (called APP1) states that ‘APP entities must manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy’.[6]

Full details of the other principles are available online.

What should be in the Privacy Policy?

This will vary from business to business, but the broad answer to this question is as follows:

• ‘A list of the categories of personally identifiable information the operator collects;
• A list of the categories of third-parties with whom the operator may share such personally identifiable information;
• A description of the process (if any) by which the consumer can review and request changes to his or her personally identifiable information collected by the operator;
• A description of the process by which the operator notifies consumers of material changes to the operator’s privacy policy; and
• The effective date of the privacy policy.’[7]

For more details see https://www.oaic.gov.au/agencies-and-organisations/guides/guide-to-developing-an-app-privacy-policy where you will also find a handy APP privacy policy checklist to assess if your current policy meet the requirements.

Where should the Privacy Policy be?

The best practices around the placement and composition of a privacy policy is for it to be

1. Easily accessible
2. Easy to read
3. And ‘with privacy-related information that the consumer would be interested to know.’[8]

Resources I consulted online suggests that it would be safe to follow the principles laid out in the California Online Privacy Protection Act of 2003 (OPPA) which deals with posting policies conspicuously on websites by :[9]

• • Placing the privacy policy on the website homepage OR
  • Linking the privacy policy to the homepage using an icon – in a different colour used in the background of the page and displaying the word ‘Privacy’ OR
  • Linking the privacy policy to the homepage using a hyperlink
    • Displaying the word
      • ‘Privacy’ in capital letters AND
      • Using the same font size or greater than the surrounding text AND
      • In a font or colour that will make it distinguishable from surrounding text on the homepage

In Conclusion

Long story short – in Australia you are legally obligated to have a Privacy Policy on your website, clearly stating how you meet all the requirements. You have to keep it updated, and for every third party advertising service you utilise, an additional clause is most likely required. So simply copying and pasting a competitor’s privacy statement might very well not be enough to keep you out of trouble. Speak to a lawyer or use a reputable online policy provider like Iubenda (catering for Australian law) to make sure you can sleep sound at night. Alternatively contact us and we can point you in the right direction.

Resources

Footnotes

[1] How To Write A Privacy Policy For Your Website. 2016. How To Write A Privacy Policy For Your Website. [ONLINE] Available at: https://www.makeuseof.com/tag/write-privacy-policy-website/. [Accessed 26 January 2016].
[2] How To Write A Privacy Policy For Your Website. 2016. How To Write A Privacy Policy For Your Website. [ONLINE] Available at: https://www.makeuseof.com/tag/write-privacy-policy-website/. [Accessed 26 January 2016].
[3] Terms of Use: Mandatory For Your Website? – TermsFeed. 2016. Terms of Use: Mandatory For Your Website? – TermsFeed. [ONLINE] Available at: https://www.termsfeed.com/blog/sample-terms-and-conditions-template/. [Accessed 26 January 2016].
[4] How To Write A Privacy Policy For Your Website. 2016. How To Write A Privacy Policy For Your Website. [ONLINE] Available at: https://www.makeuseof.com/tag/write-privacy-policy-website/. [Accessed 26 January 2016].
[5] Australian Privacy Principles| Office of the Australian Information Commissioner – OAIC. 2016.Australian Privacy Principles| Office of the Australian Information Commissioner – OAIC. [ONLINE] Available at: https://www.oaic.gov.au/privacy/australian-privacy-principles. [Accessed 26 January 2016].
[6] APP quick reference tool| Office of the Australian Information Commissioner – OAIC. 2016. APP quick reference tool| Office of the Australian Information Commissioner – OAIC. [ONLINE] Available at:https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-quick-reference/#app-1-open-and-transparent-management-of-personal-information. [Accessed 26 January 2016].
[7] How To Write A Privacy Policy For Your Website. 2016. How To Write A Privacy Policy For Your Website. [ONLINE] Available at: https://www.makeuseof.com/tag/write-privacy-policy-website/. [Accessed 26 January 2016].
[8] How To Write A Privacy Policy For Your Website. 2016. How To Write A Privacy Policy For Your Website. [ONLINE] Available at: https://www.makeuseof.com/tag/write-privacy-policy-website/. [Accessed 26 January 2016].
[9] How To Write A Privacy Policy For Your Website. 2016. How To Write A Privacy Policy For Your Website. [ONLINE] Available at: https://www.makeuseof.com/tag/write-privacy-policy-website/. [Accessed 26 January 2016].

Other References

• How To Write A Privacy Policy For Your Website. 2016. How To Write A Privacy Policy For Your Website. [ONLINE] Available at: https://www.makeuseof.com/tag/write-privacy-policy-website/. [Accessed 26 January 2016].
• Terms of Use: Mandatory For Your Website? – TermsFeed. 2016. Terms of Use: Mandatory For Your Website? – TermsFeed. [ONLINE] Available at: https://www.termsfeed.com/blog/sample-terms-and-conditions-template/. [Accessed 26 January 2016].
• APP quick reference tool| Office of the Australian Information Commissioner – OAIC. 2016. APP quick reference tool| Office of the Australian Information Commissioner – OAIC. [ONLINE] Available at:https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-quick-reference/. [Accessed 26 January 2016].
• APP quick reference tool| Office of the Australian Information Commissioner – OAIC. 2016. APP quick reference tool| Office of the Australian Information Commissioner – OAIC. [ONLINE] Available at:https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-quick-reference/#app-1-open-and-transparent-management-of-personal-information. [Accessed 26 January 2016].
• Guide to developing an APP privacy policy| Office of the Australian Information Commissioner – OAIC. 2016. Guide to developing an APP privacy policy| Office of the Australian Information Commissioner – OAIC. [ONLINE] Available at: https://www.oaic.gov.au/privacy/guidance-and-advice/guide-to-developing-an-app-privacy-policy/. [Accessed 26 January 2016].
• Australian Privacy Principles| Office of the Australian Information Commissioner – OAIC. 2016.Australian Privacy Principles| Office of the Australian Information Commissioner – OAIC. [ONLINE] Available at: https://www.oaic.gov.au/privacy/australian-privacy-principles. [Accessed 26 January 2016].
• Privacy Act 1988 Compliance. 2016. Privacy Act 1988 Compliance. [ONLINE] Available at:https://www.iubenda.com/blog/australian-privacy-act-1988-compliance-iubenda/. [Accessed 26 January 2016].