Privacy Do’s and Don’ts for Australian Websites
The widespread information about website requirements for organisations covered by the GDPR and California Privacy Rights Act causes plenty of confusion for Australian website owners. To complicate matters further, specific privacy actions are required by common third-party platforms online (like Google and Mailchimp). This blog post will define some privacy do’s and don’ts for Australian websites to aid legal compliance and protect your business reputation:
5 Privacy Do’s and Don’ts for Australian Websites
Privacy policies should be seen as dynamic, living documents that reflect your organisation’s privacy practices. Since your organisation’s privacy practices are unique, it’s challenging to reflect them using a ‘borrowed’ privacy statement.
Get Opt-In Consent to Marketing
Opt-in consents require the user to actively check a box, while opt-out assumes consent unless it’s specifically taken away.
Opting for opt-in consent is important for achieving trust from your website visitors, too. While some users don’t care about their privacy settings, those that do are more likely to trust websites that supply opt-in consent options.
In the context of your email marketing, asking users for opt-in consent may also increase the quality of your marketing lists. It ensures that you only send marketing materials to those who want to receive them.
Other benefits of opt-in consent for marketing include the following:
- Opt-in is a more ‘active’ consent – which will make it more defensible if your consent practices ever become an issue. Read more about this in our email marketing laws blog post.
- Implementing opt-in consents is also likely to be more ‘future-proof’. As users become more aware of privacy, and as the laws catch up, opt-in consents are becoming a global trend.
Remember, ‘marketing’ is given a broad interpretation and covers things like:
- downloading whitepapers;
- signing up for a newsletter; or
- getting more information about other products and services you provide.
Don’t Collect Information You Don’t Need
Data minimisation is critical for risk management in today’s cyber security landscape. It refers to the practice of limiting the collection, processing, and storing of personal information to that which is adequate, relevant and necessary to carrying out the specified purpose. This means you should collect the data that you need to achieve your purpose – no more, no less.
You can still ask for that extra information that might help you understand your customers better but make sure that that is optional (not mandatory) and that the information is still relevant to what you want to use it for.
Include A Cookie Notice
Australia’s privacy law does not specifically regulate cookies. Instead, it requires companies to declare the personal information collected by cookies. You can read more about cookie laws in APAC here.
Delete Data from Your Website Backend
Your website backend presents a higher data security risk than other options. Modern websites tend to have multiple third-party integrations, which are susceptible to hacking and data exfiltration. By regularly moving your data from your website backend and storing it securely elsewhere, you reduce the risk posed by employees (and malicious actors looking to exploit them) and third parties with access to it.
See Our Australian Privacy Compliance Tool
Our privacy compliance self-assessment tool provides a quick review of compliance with the Australian Privacy Ac 1988 (Ch), and helps you benchmark how well you are doing with managing privacy compliance in your business.
To provide this comprehensive report, you will complete a series of 43 questions across the 13 Australian Privacy Principles plus the mandatory data breach notification obligations that form the fundamentals of privacy compliance obligations in Australia.
It will take between 30 minutes and 2 hours to complete.
Or contact us with your questions. Our experienced privacy team would love to assist.