Does your business have an APP compliant privacy policy?

The Australian Privacy Principles (APPs) require an APP entity (essentially not a small business) to have a clearly expressed and up-to-date privacy policy (APP privacy policy) describing how it manages personal information. The APP privacy policy must be based on and reflect the practices, procedures and systems that the APP entity has implemented to ensure it complies with the APPs.

While the APPs are not directly applicable to small businesses, it is often the case that non-small businesses require their supply chain to have an APP privacy policy in order to do business together. Accordingly, it is a low cost way to pass the screening of larger businesses to get your foot in the door, not to mention good practice to regularly review your policies and procedures.

There are specific requirements for an APP privacy policy and they must contain the following information:

• The kinds of personal information that the entity collects and holds;
• How the entity collects and holds personal information;
• The purposes for which the entity collects, holds, uses and discloses personal information;
• How an individual may access personal information about the individual that is held by the entity and seek the correction of such information;
• How an individual may complain about a breach of the APPs and how the entity will deal with such a complaint;
• Whether the entity is likely to disclose personal information to overseas recipients; and
• If the entity is likely to disclose personal information to overseas recipients, including the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy.

An APP entity must also take reasonable steps to:

• Make the privacy policy available free of charge and in an appropriate format; and
• Give the privacy policy to an individual in the form the individual requests.

If you would like us to review or prepare an APP compliant privacy policy for your business, or are looking for on-point practical guidance, contact Rankin Business Lawyers.

Stacey Brennan
Lawyer