APP 1 requires that privacy policies include:
- The organisation’s name and contact details.
- What kinds of personal information being collected and stored.
- How personal information is collected and where it is stored.
- Why personal information is collected.
- How the personal information will be used or disclosed.
- How to access your personal information, or ask for a correction.
- How to lodge a complaint.
- If they are likely to disclose your information outside Australia and, if practical, which countries they are likely to disclose the information to.
The OAIC highlights that many organisations include the following headings:
- Scope — describes what the policy applies to
- Collection of personal information — provides the key information about what personal information is collected and why. Focus on areas that are most sensitive or that the reader would least expect
- Disclosure (sharing) — describes the key disclosures and the conditions around those disclosures. This is a good place to mention overseas disclosures. Disclosures of personal information are usually the most important to individuals, but unexpected uses could be mentioned too
- Rights and choices — describes any key choices that individuals can make, including the right to request access and correction of personal information held about them
- How to make a complaint — briefly describes how to make a complaint about privacy and what to do if they are not satisfied with the outcome
- Contact details — including (at least) a generic telephone and email address that won’t change with personnel.
- Use short sentences of 20 words or less.
- Use the active voice.
- Break text up into paragraphs of 3-4 sentences, or fewer.
- Use clear headings.
- Number paragraphs under headings.
- Use a table of contents.
- Avoid acronyms.
- Avoid unnecessary synonyms.
- Aim for a Flesch Readability Score of 60 or higher. The Microsoft Editor has this functionality built in.