In March 2014, there was a major amendment and update to the Privacy Act 1988 (Cth). The original legislation was enacted in 1988 with the aim of protecting personal information. However, the original Act never foresaw the internet era in which individuals are sharing their personal information and becoming more at risk with over-sharing.

The amending Act has made major changes to the original Privacy Act, including a new and more cohesive set of privacy principles – the Australian Privacy Principles (APPs). The reforms have made a significant impact on private sector businesses that handle personal information. In order for your business to comply with the new AAP requirements you should review and update your privacy policy in accordance with AAP 1.

What is a privacy policy?


A privacy policy sets out the way an organisation gathers, uses, discloses and manages a customer or client’s data. Under the APPs, a privacy policy must also include a provision which indicates how an individual may access, change and request removal of their personal information from the organization, or how they would be able to communicate anonymously or with a pseudonym. The policy must also describe what the individual should do in the event of a dispute with the organisation and who they can contact.

Does my business need a privacy policy?
Small businesses with an annual turnover of $3 million or less are NOT required to have a privacy policy under the Privacy Act. However, a privacy policy does assure your customers that their personal information will be used responsibly. Furthermore, it also protects your business and helps you manage your customer’s expectations. The following small businesses are not exempt from having a privacy policy under the Act:

  • Health service providers
  • Organisations trading personal information
  • Organisations related to a larger body corporate (which is not a small business)
  • Contractors providing services under a Commonwealth contract
  • Reporting entities for the purposes of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006
  • Operators of residential tenancy databases

If you need any legal advice from a lawyer in regards to your privacy policy, the team of Lawyers at The Quinn Group can help. Contact us on 02 9223 9166 or fill out an online enquiry.