Free privacy policy template (Australia)

The Privacy Act 1988 (Cth) applies to: private sector organisations with annual turnover of $3m+ (APP entities); all Commonwealth government agencies; health service providers; credit providers and reporting bodies; and certain smaller organisations. The Privacy and Other Legislation Amendment Act 2024 introduced significant reforms including a statutory tort of serious invasion of privacy from 2025.

APP 1 requires a clearly expressed, up-to-date privacy policy covering: the kinds of personal information collected and held; how collected; how held; purposes of collection, use, disclosure; how individuals can access or correct their information; how complaints are handled; whether information is likely to be disclosed overseas; and the countries to which disclosure is likely. Websites must also address cookies, analytics, and third-party tracking.

The 2024 Privacy Act reforms introduced: a direct right of action for privacy breaches (from 2025); a statutory tort for serious invasion of privacy; new notification requirements for certain breaches; expanded small business coverage (progressively); and automated decision-making disclosures. Privacy policies should be reviewed against current requirements annually.

Tell me the business, what personal information is collected, and how it is used. I produce a draft privacy policy in under a minute, compliant with current Privacy Act 1988 (Cth) requirements. For commercial and tech lawyers this is a volume routine workflow.