If your business collects information about customers or users and stores it electronically (almost all businesses do), you need to consider privacy law.

Personal Information

The storage and use of “personal information” is covered by the Privacy Act 1988 (Cth) (Act). The definition of personal information in the Act is very broad (and imprecise): personal information is any information that identifies a person or could be used to identify a person. This includes obvious categories of information like names and addresses, but reaches as far as information like dates of birth and post codes in circumstances where data can be cross-referenced to deduce someone’s identity.

Amongst other things, the Privacy Act requires businesses dealing with personal information to maintain a “Privacy Policy”.

Recent Changes

The recent changes to Privacy Law make it a far more pressing consideration for Australian businesses – a regime that has been criticized as “toothless” now includes fines of up to $1.1 million for breaches.


It is likely that your business is legally obligated to maintain a Privacy Policy, especially if it is operating a website that collects information about users.

Back to Technology