Privacy Do’s and Don’ts for Australian Websites
The widespread information about website requirements for organisations covered by the GDPR and California Privacy Rights Act causes plenty of confusion for Australian website owners. To complicate matters further, specific privacy actions are required by common third-party platforms online (like Google and Mailchimp). This blog post will define some privacy do’s and don’ts for Australian websites to aid legal compliance and protect your business reputation:
5 Privacy Do’s and Don’ts for Australian Websites
Does Your Website Need a Privacy Policy?
Organisations covered by the Australian Privacy Principles must post a privacy policy (and according to APP 1 certain information has to be included). However, having a privacy policy can be beneficial even if your organisation is not legally required to have one.
Google, for example, considers trust to be one of its principal factors to rank a webpage. It’s widely thought that your privacy policy will play a role in this. So, having a privacy policy may help your website be considered ‘trustworthy’ by Google.
An up-to-date and accurate privacy policy also increases trust with your website’s visitors, which comes with a range of benefits
Write Your Own Privacy Policy
There are several common mistakes we see Australian organisations make when it comes to their privacy policies, including copying the privacy policy of another organisation or ‘setting and forgetting’ the privacy policy.
Privacy policies should be seen as dynamic, living documents that reflect your organisation’s privacy practices. Since your organisation’s privacy practices are unique, it’s challenging to reflect them using a ‘borrowed’ privacy statement.
Get Opt-In Consent to Marketing
Opt-in consents require the user to actively check a box, while opt-out assumes consent unless it’s specifically taken away.
Opting for opt-in consent is important for achieving trust from your website visitors, too. While some users don’t care about their privacy settings, those that do are more likely to trust websites that supply opt-in consent options.
In the context of your email marketing, asking users for opt-in consent may also increase the quality of your marketing lists. It ensures that you only send marketing materials to those who want to receive them.
Other benefits of opt-in consent for marketing include the following:
- Opt-in is a more ‘active’ consent – which will make it more defensible if your consent practices ever become an issue. Read more about this in our email marketing laws blog post.
- Implementing opt-in consents is also likely to be more ‘future-proof’. As users become more aware of privacy, and as the laws catch up, opt-in consents are becoming a global trend.
Remember, ‘marketing’ is given a broad interpretation and covers things like:
- downloading whitepapers;
- signing up for a newsletter; or
- getting more information about other products and services you provide.
Don’t Collect Information You Don’t Need
Data minimisation is critical for risk management in today’s cyber security landscape. It refers to the practice of limiting the collection, processing, and storing of personal information to that which is adequate, relevant and necessary to carrying out the specified purpose. This means you should collect the data that you need to achieve your purpose – no more, no less.
You can still ask for that extra information that might help you understand your customers better but make sure that that is optional (not mandatory) and that the information is still relevant to what you want to use it for.
Include A Cookie Notice
Australia’s privacy law does not specifically regulate cookies. Instead, it requires companies to declare the personal information collected by cookies. You can read more about cookie laws in APAC here.
However, it is a good practice to include an opt-in cookie notice on your Australian website. Cookie consent banners and opt-ins signal to your users that your website is transparent about its data collection practices. And of course, the banner should be linked to a well drafted and accurate Cookie Policy.
Delete Data from Your Website Backend
Your website backend presents a higher data security risk than other options. Modern websites tend to have multiple third-party integrations, which are susceptible to hacking and data exfiltration. By regularly moving your data from your website backend and storing it securely elsewhere, you reduce the risk posed by employees (and malicious actors looking to exploit them) and third parties with access to it.
See Our Australian Privacy Compliance Tool
Our privacy compliance self-assessment tool provides a quick review of compliance with the Australian Privacy Ac 1988 (Ch), and helps you benchmark how well you are doing with managing privacy compliance in your business.
To provide this comprehensive report, you will complete a series of 43 questions across the 13 Australian Privacy Principles plus the mandatory data breach notification obligations that form the fundamentals of privacy compliance obligations in Australia.
It will take between 30 minutes and 2 hours to complete.
Find our Privacy Compliance Tool here.
Or contact us with your questions. Our experienced privacy team would love to assist.