Is a Privacy Policy just another piece of bureaucracy required by large corporates or should small business owners consider having one on their website too?
As a small to medium business owner, a privacy policy can seem like just something else you need to keep up to date with. Understanding the relevant legislation, crafting something which fits the bill and keeping it up to date could be just another set of tasks on your to-do list.
So do you Really Need One?
In a nutshell, yes and no. That is, there is no legal requirement for private businesses (with a turnover less than $3million) to have one in Australia. However whether you are collecting data from your visitors (such as their name and email address on a contact form) or whether they are accessing your information a Privacy Policy is highly recommended.
Having a Privacy Policy shows trust and transparency, lets visitors know how their data will be utilised, stored and when, if ever, it will be deleted. It gives a great impression that your business cares about its potential clients by letting them know how their personal information will be used and kept.
Other countries do require a Privacy Policy and there is no way you can stop your website from being viewed by people in other countries, so it is safest to have one. European countries have quite strict requirements about knowing what is happening to personal data and some US states have advanced privacy practices which need to be met.
And then there is Google -Ruler of the Internet
If you are using Google Analytics then it worth visiting their terms and conditions about what happens with personal data:
“You will not and will not assist or permit any third party to, pass information to Google that Google could use or recognize as personally identifiable information. You will have and abide by an appropriate Privacy Policy and will comply with all applicable laws, policies, and regulations relating to the collection of information from Visitors. You must post a Privacy Policy and that Privacy Policy must provide notice of your use of cookies that are used to collect data.”
What should a Privacy Policy include?
As a template there are some things your Privacy Policy should be clear about:
- You must identify yourself as the site owner and set out details about how you can be contacted should visitors have questions about your Privacy Policy.
- You need to identify which data is being collected and why it is being collected e.g. is it for Analytics, Email Marketing etc?
- You need to set out if any third parties will have access to any of the data either directly like Email Marketing platforms such as MailChimp or indirectly through things like social media shares and app integrations.
- Your privacy policy should set out what rights users have to request access to the data you have about them, how they can change that data and how they go about requesting that the data be removed from your records (this is a mandatory requirement under European regulations).
- You also need to state the date from which the Privacy Policy is effective.
Getting Advice
In Australia, the Office of the Australian Information Commissioner can provide advice about how to go about writing a robust Privacy Policy.
They are the independent national regulator for privacy and freedom of information – particularly in relation to how government held information can be held and protected – but the principles are the same for private businesses.
While the Privacy Act covers government agencies and organisations with a turnover of more than $3million, it also covers private sector health service providers including mainstream medicine, complementary therapists, such as your naturopath or massage therapist, gums, child care centres and schools and other education providers. Credit providers, government contractors and employee associations (such as unions) are also included under this umbrella.
Smaller or non-related business can opt-in to be covered by the privacy legislation and this may benefit your brand, show trust and build integrity.
You can download a full copy of the Australian Privacy Principles Guidelines here, but at 213 pages it will take you a while to get through!
There are thirteen Privacy Principles and they cover:
- management of personal information
- collection of personal information (both solicited and unsolicited)
- use and disclosure of personal information
- direct marketing
- cross-border disclosure
- quality and security of information, and
- access and correction of information.
A good Privacy Policy will touch on all of these principles while not making it onerous for your visitors to read or understand.
Perhaps now is a great time to review your Privacy Policy – download it from your own website and read through it as if you were a visitor. Taking time to make sure it complies with the current principles and perhaps update it to make things clearer or more straightforward will be an investment in your brand, its integrity and the trust you build between your business and your customers.
P.S.
Found a spelling or grammatical error in this post? Then contact me as soon as possible and let me know. In return for your super proof reading, I will offer you a free 30-minute review of your digital presence and some fresh ideas you can try out for free.
Get in Touch
If you’d like help with your website or your blogging, then make a time to chat by using the orange button below. I can help you to:
- Clarify your target market.
- Identify the suitable images that will resonate with your message and your target market
- Create keyword rich content to update your site and entice your customers
- Get your digital presence ranking up.