A simple guide to developing a privacy policy

Some companies require access to your personal data in order to deliver their service. It can be scary giving companies permission to access your personal data, but you can rest at ease if the company has a solid privacy policy. In this Legal Kitz blog, we will explore the purpose of a privacy policy and how to instate one in your business to protect yourself and your customers.

What is the purpose of a privacy policy?

The main purpose of a privacy policy is to inform users about the data being collected by an organisation. Although many users fail to read privacy policies thoroughly, a privacy policy is a legal requirement if a company is accessing customers’ data or information. Failure to ensure transparency and honesty between the organisation and the customers may result in legal action. Therefore, special consideration must be given when formulating a privacy policy. Typically, a privacy policy consists of which personal information is gathered, how it is being used and how it is being protected. 

What should I include in a privacy policy?

While privacy policies need to be specific to every organisation, there are some important topics that need to be covered in every privacy policy. Our sister company, Business Kitz has a Subscription Service which includes a solicitor-drafted Privacy Policy template that includes all the key requirements of a high-quality privacy policy.

According to the Australian Privacy Principle, organisations are required to have a detailed and up-to-date privacy policy outlining how it manages personal information.

Here is a step by step guide to writing a privacy policy:

STEP 1: Specify information

The first piece of information you must include in a privacy policy is disclosing the kind of personal information being collected from your users. Upon reading your privacy policy, the user should know exactly what information they are giving away. It is also a good idea to cover your bases by outlining the legal structure that permits you to do so. This can be done by linking to further articles or government policies. 

STEP 2:  Provide An explanation 

To garner an environment wherein your users/ customers trust you, it is a good idea to provide them with an explanation as to why this information is necessary for your business Creating a narrative wherein they feel that sharing their information to organisation is in some way beneficial for them may make them less skeptical about it. Using language such as ‘creating a personalised experience’ is an impactful way of bringing meaning to the use of their data. Over recent years, customers have become more aware and critical as to how their personal information is used and shared as a result of the rise of online platforms. 

STEP 3: Specify method of information collection

When collecting information, it is extremely important to inform your customers how it is that you plan to collect the information. Information can be collected in multiple ways, such as cookies, order forms, surveys, account registrations, and more. A privacy policy without this information is deemed incomplete. In addition, mentioning your mode of information collection protects your customers from any possible hackers who may pose as your organisation and potentially ask for personal and sensitive information.

STEP 4: Specify user’s information and its accessibility to third parties

It is extremely important that you mention any third parties involved who may also have access to this information. This is crucial as your customers might be willing to share their personal information with you but not with others. Therefore, you need to ask your users for consent and provide them with the option to opt in or opt out of having their information be shared with third parties. 

STEP 5: Explain future updates

Privacy policies need to be update regularly and especially when law changes. In addition, as your organisation grows, there will be more groundwork to cover. Therefore, you should inform them beforehand how you plan on contacting them in case there is an update or change in the privacy policy. If you plan on using the information for additional reasons, you must inform them of that as well.


STEP 6: User information protection 

Cybersecurity is an important issue that every organisation must consider. Having an actionable plan on what you will do in an instance of cyber-attacks must be thoroughly communicated with your users/customers. This includes stating the current software being used, encrypted files etc. 

Legal advice

Check out Business Kitz’ subscription service today to access their full range of legal, commercial and employment documents to begin your business with a solid foundation that ensures compliance. If you are unsure about how to best protect yourself and your future business, our sister company, Legal Kitz can assist you. To arrange a FREE consultation with one of their highly experienced solicitors, click here today, or contact us at [email protected]  or 1300 988 954.

Share A simple guide to developing a privacy policy on Facebook Share A simple guide to developing a privacy policy on Twitter Share A simple guide to developing a privacy policy on LinkedIn