In our third issue of “Legal Questions for Every Charity and Not-For-Profit Organisation” we deal with the topic of Privacy. The update forms part of our series of short summaries of legal issues that we have noticed during the course of advising our clients are common and important to charities and not-for-profit (NFP) organisations.


Do you know whether your organisation is required to comply with the Privacy Act? Does your organisation have a compliant Privacy Policy and other measures in place to ensure compliance with privacy legislation?

Generally speaking, small businesses or not-for-profit organisations with a turnover of $3 million a year or less are exempt from having to comply with the “Australian Privacy Principles” under the Privacy Act and therefore are not required by law to have a privacy policy. However, there are a number of exceptions to this rule.

Even if you are not required to have a Privacy Policy, it is a good idea to have an up-to-date Privacy Policy in place, particularly if your organisation collects and uses personal information.

We recommend you consider the following:

Do you have a Privacy Policy? When was it last reviewed?

Does your policy accurately reflect how your organisation collects and uses personal information?

Is personal information safely and securely stored?

Is there someone in the organisation who can take on the role of a privacy officer, to deal with complaints and other privacy concerns from the public?

Please do not hesitate to contact us with any queries related to the Privacy Act or to discuss your Privacy Policy.

Bill d’Apice, Partner | +61 2 9233 9013 |
Belinda Marsh, Senior Associate | +61 2 9233 9083 |