If you are a healthcare business owner, you are probably well aware of the Australian Privacy Principles and your obligations relating to these. All private health service providers, irrespective of size, must have a Privacy Policy describing how they manage people’s personal information. Your policy will state how you comply with the areas covered by the 13 Privacy Principles. For example:

  • What personally identifiable data are you collecting and for what purpose?
  • How do you collect this data?
  • How do you keep it secure?
  • When do you share or disclose personally-identifiable data?
  • What measures are taken to ensure the accuracy of data?
  • How your customer can access the data you hold about them and ask for corrections to be made.

Use of Google Analytics requires additions to the Privacy Policy

You may be less familiar with the need to update your Privacy Policy when you start using analytics on your website. Google Analytics is the tool of choice for most people who want to start understanding website traffic and whether the website is achieving its goals.
The Google Analytics terms of service specify that you need to post a Privacy Policy. Minimally it needs to cover:

  • You must say that you are using cookies. Google Analytics places cookies on the user’s browser to track visits to your website.
  • You must say that you are using Google Analytics and how it collects and processes data. Google suggests pointing to their own description of this by linking to their article “How Google uses information from sites or apps that use our services”.

If you have switched on Advertising Features within Google Analytics, you must also include:

  • The Google Analytics Advertising Features you’ve implemented, e.g., Demographic and Interest Reports, Remarketing Audiences.
  • How you and third-party vendors are together using cookies and identifiers.
  • How visitors can opt-out of Google Analytics Advertising Features. For example, through Ads Settings on their browser, Ad Settings for mobile apps, or through Advertising opt-out services such as those provided by the Digital Advertising Alliance and the National Advertising Initiative.

In their policy for use of Advertising Features, Google also encourages website owners to link to their information on Google Analytics opt-out browser add-ons. These can be installed by anyone to prevent their data from being used by Google Analytics.
Note that the Google Analytics terms of service also requires that you “will comply with all applicable laws, policies and regulations relating to the collection of information from Users”. In other words, our local privacy law needs to be complied with alongside Google’s requirements.

Where should I display my Privacy Policy?

You’ll need to display your Privacy Policy on your website if you are using website analytics. It could be a menu item or a link from your header or footer.
Make sure your staff are familiar with your Privacy Policy and understand what it means for their day-to-day job roles. It’s a great topic for a staff meeting discussion or training refresher.