News ยป You Need a Privacy Policy and a Security Policy in 2020

You Need a Privacy Policy and a Security Policy in 2020

Posted 28 January, 2020

Your business is handling all kinds of data. It is vital that your organisation has policies in place to let your customers know what you're doing with the data you're collecting and that you have systems in place to protect it. 

What is a Privacy Policy?

Privacy laws around the world dictate that if you collect personal information from your website visitors, then you need to have a Privacy Policy posted to your site and available with your mobile app (if applicable).

A Privacy Policy is a legal agreement that explains what kinds of personal information you gather from website visitors, how you use this information, and how you keep it safe.

Examples of personal information might include:

  • Names
  • Dates of birth
  • Email addresses
  • Billing and shipping addresses
  • Phone numbers
  • Bank details
  • Social security numbers


A Privacy Policy generally covers:

  • The types of information collected by the website or app
  • The purpose for collecting the data
  • Data storage, security and access
  • Details of data transfers
  • Affiliated websites or organisations (third parties included)
  • Use of cookies

Australian Privacy Laws

The Australian Privacy Act of 1988 requires all businesses collecting personal information online in Australia to have a Privacy Policy. One of its key features is a list of 13 Privacy Principles that govern the gathering and processing of personal data. All businesses are required to be open and transparent about their data collection activities, and they must disclose these in an up-to-date Privacy Policy.

Read more about the Australian Privacy Act here:


EU Privacy Laws

On May 25, 2018, the General Data Protection Regulation (GDPR) replaced the existing EU Data Protection Directive which had been enforced since 1995. The EU Data Protection Directive regulated the gathering and handling of personal information in the EU and protects it from misuse. It demanded that all companies operating from an EU country must have a Privacy Policy.

Read more about GDPR here:


How do I create a Privacy Policy?

Here are a few methods to create your own Privacy Policy.

  • DIY using a free template. It is possible for you to attempt to write your own privacy policy using the above information on legal requirements as a starting point. Here is one  example of a site that offers policy templates:
  • Hiring a lawyer. If you can afford it, this is a good option as it ensures that you have access to a professionally contracted and personalised policy. You'd want to make sure that you find a lawyer with experience in international data protection law and check that the person being hired is up-to-date with requirements
  • Using an online generator. This option is particularly interesting in that its usefulness heavily depends on the quality of the generator being used. Many online generators simply regurgitate the same generic clauses easily found in online templates, leaving you open to the same risks mentioned above. Here is an example of an online policy generator:


What is a Security Policy?

Depending on the industry that you are in, and the data security and compliance regulations that may apply to you, a security policy can be quite involved.

At a minimum, every business should have a written security policy to demonstrate that the company takes data privacy and security seriously and has systems in place to protect it.

Without having a policy in place, that all employees have seen and agree to abide by, it may be problematic should a problem develop in the future.

A basic security policy for your company should include:

  • Password policy
  • Acceptable use policy for email, internet browsing, social media, etc.
  • Access and control of proprietary data and client data
  • Access to company data from remote locations, or on non-corporate devices
  • Physical security protocols for doors, dealing with visitors, etc.
  • Understanding of data classification, what is critical and private data
  • How to deal with and report lost or stolen devices
  • How to handle and report a suspected security breach or data loss
  • Requirements and expectations for Security Awareness Training
  • Use of third-party cloud or file sync services such Dropbox, SharePoint, etc
  • Requirements for encryption and computer locking procedures

How do I create a Security Policy?

Creating a security policy requires in-depth technical abilities to convert the details of your data you collect, systems you use, and the types of business you conduct into security protocols that can be implemented for your company.

We recommend a consultation with one of our security experts at Cloud Made Simple. We can help develop a comprehensive set of written information security and data privacy policies that address the specific requirements of your business. We’ll also ensure your organisation is properly equipped with security tools to keep your business’s and your client’s data safe. Call us to discuss getting your Security Policy setup today.