7 Legal Essential for Business Online: Part 2 – Privacy Online

What is the big deal about privacy? Everyone gives all their personal information to companies like Facebook and Google, so why not give it to your business? Data privacy is a big deal, particularly in Europe and Cyber-crime is on the increase, or at least awareness of it is. If you collect information, then you are obliged to provide at least minimum protection against disclosure.

So who is covered? If you collect the contact details of your customers, you are collecting personal information which is protected under privacy laws.  If you are a small business, you may not have to comply with privacy laws, but if you want your customers to feel secure in giving you their information, it is advisable to comply.

Even as a small business you will have to comply with privacy laws if you operate in the health industry (this can include life coaching where an element of mental health or wellbeing is involved) or you offer potential customers something in exchange for their information, like a sample or free report.

What you need is a privacy policy that applies across your whole business, a person who understands and knows how to apply it, and procedures to back up the handling of privacy enquiries or disputes.

The Australian Privacy Principals can be summarised as follows:

1.       Manage personal information in an open and transparent way

2.       Give people the chance to remain anonymous

3.       Only collect the information that is necessary to provide your product or service

4.       There are categories of sensitive information that have higher standards of protection, like health information or information protected under anti-discrimination laws

5.       If you collect information other than from the person it is about, let people know

6.       Let people know what you do with the information you collect and whether or not you share it with others

7.       Tell people if you use their information for direct marketing

8.       If you store information in the Cloud and it is overseas, or you use outsource workers overseas who have access to that information, let people know

9.       Don’t use government allocated identifiers for storing personal information eg. Medicare number

10.   Take reasonable steps to ensure that personal information remains accurate, up to date and complete

11.   Take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure

12.   Give people access to their personal information

13.   Correct personal information if it is inaccurate

Your privacy policy should cover all of the above and the easiest place to keep a copy is on your website where anyone can access it. There are additional requirements imposed by search engines if you wish to advertise online, and if you are selling other company’s products, they may ask you to demonstrate compliance with their privacy protection expectations.

Privacy protection doesn’t have to be complicated; just understood.  Make sure you review your policy and procedures annually to ensure that you are meeting you privacy obligations and feel confident that the processes you have in place work.

If you don’t already have a privacy policy, there is a free plugin available for WordPress websites at http://lawforwebsites.info if you want basic protection without having to draft something yourself.  If you would rather have something specifically tailored to match your business, contact the author.


About the author
Jeanette Jifkins is the founder and Principal of Onyx Online Law, an Australian based law firm with the focus of supporting businesses with an online presence. She has extensive experience with a broad variety of corporate and commercial issues including contracts, mergers and acquisitions, business structures, employment and governance.