You have probably seen the familiar banner emails from companies informing you that they’ve updated their privacy policy or improved their Terms of Use. In fact, it seems that everyone is renewing their privacy policies, and often. But what exactly is a company’s privacy policy and why does it need to be updated? At Allied Legal, we took the liberty of answering this for you below.
What is a Privacy Policy?
A startup’s privacy policy is document that explains how a website or venture handles personal data protection in simple terms. A privacy policy should outline how a venture intends to collect, use, and store client information within its’ internal operations. This may include standard clauses such as the name of the venture, the types of personal data that will be collected and how it will be stored, how the website or company will use this data, user rights, complaints processes and how a user can access their data.
Why Do Startups Need to Update Their Privacy Policy?
Though it is not often that a client will sue a company in relation to data protection policy breaches, startups may still receive complaints from the Office of the Australian Information Commissioner (OAIC) on behalf of a client. In fact, Australia’s privacy requirements are amongst the strictest in the world which means that startups are often required by law to update their privacy policies. An updated privacy policies may be a response to any of the below:
Internal Changes to Handling of Data
A startup must update their privacy policy when their data handling processes change. The relevant updates to the privacy policy should then be communicated through channels such as on a startup’s website, via email or through postal lists.
To Comply with Laws and Regulations
The Privacy Act 1988 has strict general data protection regulations about how a startup should handle a client’s personal information. This means that a startup must be diligent when it comes to complying with the relevant data protection laws. The Act requires startups to be transparent with their client base about how their data is collected and stored. This information should then be made visible and easily accessible on a company’s website.
To Comply with International Policy
If a startup is dealing internationally, there are several data protection laws that they need to be aware of. This includes General Data Protection Regulation (GDPR), Children’s Online Privacy Protection Rule (COPPA) and the Australian Privacy Act 1988. Though international privacy regulations are not contradictory in different jurisdictions, there may be features that you must include in your privacy policy or terms of use to meet the demands of related regulations and GDPR policy.
Australia is strict when it comes to a consumer’s right to privacy. Your startup will therefore need to be cautious when it comes to your data protection policies. At Allied Legal we understand the importance of protecting both your clients and your startup. If you need a commercial lawyer on your side, you can get in touch on 03 8691 3111 or send us an email at hello@alliedlegal.com.au.
You might also like our article Should I Draft My Startup’s Terms and Conditions?
