A privacy policy is a document which clearly outlines to both current and potential clients of your business, how your business collects, stores, retains and uses personal or private information, and how they can access or correct their personal, private information.

It indicates to people looking to acquire your business' goods or services that you take their privacy seriously, and provides them with a degree of comfort about how they can access or correct private information your business may hold about them.

It depends. If your business is a small business for the purposes of the Privacy Act 1988 (Cth), that is, it has a turnover less than $3M, then your business is not required to have one.

However, if your business' turnover is in excess or more than $3M, or if your business falls into a particular category of business, such as a credit reporting agency, or a provider of health services, then your business must have a privacy policy that complies with the Australian Privacy Principles.

Standard privacy policies which cover most businesses start from a fixed price of $400.00.

Australia recently a new statutory cause of action, allowing a person who has suffered because of a breach of their privacy, to pursue the person who breached their privacy for damages, amongst other things.

The new cause of action, set out in Schedule 2 of the Privacy Act 1988 (Cth) is called the 'tort of serious invasion of privacy'.

You can read more about it here.

A non-disclosure agreement is a legal contract between two parties, which is generally used where one party is going to provide the other party with confidential information, or information not in the public domain.

a non-disclosure agreement (commonly referred to as an NDA), is frequently used in business transactions, such as where a one person wishes to buy a business, and that business wishes to protect its confidential information, such as financial records, from public disclosure.

Data security relates to the measures, practices and procedures which must be put in place to protect the private, personal and sensitive information on an individual which is stored, retained and used by a business for one particular purpose or another. 

There are recommended guidelines and standard practices which should be adhered to, in order to ensure compliance with various rules and regulations which relate to the storage and retention of personal, private and sensitive information. 

Contact us today to see how we can help with data security law!

Yes