If your WordPress website collects any personal data from Australian users — even just email addresses — you need to comply with the Privacy Act 1988 and the Australian Privacy Principles (APPs). Here’s a practical guide to getting your site compliant.
Who Does the Privacy Act Apply To?
The Privacy Act applies to businesses with an annual turnover above $3 million, all health service providers regardless of size, and businesses that trade in personal information. The Government is currently reviewing whether to extend these obligations to smaller businesses, so it’s wise to comply proactively.
Privacy Policy Requirements
- What personal information you collect and why
- How it is stored and protected
- Whether it is disclosed to third parties or overseas
- How users can access or correct their data
- How to make a privacy complaint
WordPress-Specific Actions
- Enable the built-in Privacy Policy page (Settings > Privacy)
- Review what data contact forms (e.g., WPForms, Contact Form 7) collect and store
- Audit third-party plugins that may transfer data offshore (Google Analytics, Facebook Pixel)
- Implement a cookie consent banner if using tracking cookies
- Configure comment moderation to minimise unnecessary data retention
- Use SSL (HTTPS) for all data transmission
Notifiable Data Breaches (NDB) Scheme
Under the NDB scheme, if your site suffers a data breach that is likely to cause serious harm, you must notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable. Have an incident response plan ready before a breach occurs.
Children’s Privacy
If any part of your service is directed at children under 16, apply extra caution. Avoid collecting personal data from minors without parental consent, and ensure your privacy policy clearly addresses this.
Ozlin Info builds privacy-first WordPress websites for Australian businesses. Contact us for a compliance review of your current site.