The law that protects consumers in Victoria is the Australian Consumer Law and Fair Trading Act 2012.
Consumer laws put restrictions on your business to ensure you're fair in the way you:
- trade (online and in-person)
- operate in the market.
Complying with these laws can improve customer relations and give your business a reputation as one that deals fairly with your customers, suppliers and competitors. Breaching the Act is illegal and can cost you a lot of money in long-term legal expenses.
Fair trading laws
When running your business, you must meet certain standards in providing:
- fair contracts
- receipts and itemised bills
- refunds and exchanges
- gift cards.
These laws apply whether you're trading online or in a brick and mortar premises. Online businesses must also comply with the laws in the:
Your contracts must be clear and fair. Fair means there is a healthy balance between you and the consumer.
Receipts and itemised bills
You must provide:
- a receipt for amounts over $50 or if the consumer asks for one
itemised receipts if the consumer asks for one.
Refunds and exchanges
Your refund and exchange policy must be clearly spelled out and comply with the Act.
Adding a 'no refunds or exchange' note to your website doesn't prevent you from having to offer a refund or exchange if the goods:
- are faulty
- don't match the product description
- are unfit for their intended purpose.
The Australian Consumer Law (ACL) was amended to provide protections for gift card consumers across Australia. These national changes apply to gift cards supplied to consumers on or after 1 November 2019.
Cards and vouchers sold before 1 November 2019 continue to have the same expiry period and fees as at the time of purchase.
Changes to the law include:
- Gift cards must have a minimum 3-year expiry period.
- Gift cards must display expiry dates.
- Most post purchase fees on gift cards such as activation fees and balance enquiry fees are banned.
Fair advertising laws
Product and service descriptions must be correct and you must give your contact details.
The price of goods and service must stay the same for a reasonable length of time and you must have reasonable quantities available.
No unconscionable conduct
You must not display 'unconscionable conduct'. Unconscionable conduct includes:
- pressuring customers into purchases
- dishonest or unethical behaviour
- creating a false sense of urgency
- using unacceptable verbal or physical behaviour.
These requirements mean your website must display:
- your full business address or telephone number
- the total price of any goods and services you're selling
- how much you charge for postage and delivery fees.
Fair market practices
The Australian Consumer Law (ACL) website has information about:
- unfair market practices
- industry codes of practice
- company mergers and acquisitions
- product safety
- collective bargaining
- product labelling
- price monitoring
- industry regulation such as telecommunications, electricity and airports.
Small businesses that buy or sell goods by weight, volume or length must also comply with the National Measurement Act 1960 and the National Trade Measurement Regulations 2009.
Businesses that short-measure their customers can be fined up to $170,000 per offence.
Visit the National Measurement Institute website for more information.
Spam and privacy laws
If you're running any aspect of your business online, the main laws that apply to you are the:
Protect customer privacy
Businesses have an obligation to protect customer privacy, especially if your customers are buying online. Customers need to know that you're protecting their information.
The Privacy Act 1988 regulates information privacy and covers many different activities and sectors. Even if your business isn't captured under the Privacy Act, you must maintain best practice privacy practices to keep your credibility in the marketplace.
Find out more about the Privacy Act on the Office of the Australian Information Commissioner (OAIC) website.
Collecting customer information
If you're collecting information about your customers, it should be:
- up to date
- secure from unauthorised access – even by employees and contractors who don't need to see that information as part of their job.
Provide a privacy statement and policy
Your business privacy statement should outline:
- whether you collect personal information, what personal information you collect and how you store it
- what you do and don't do with the information – for example, whether you share it with other organisations
- how people can contact you regarding the information you hold about them
- how you will correct inaccuracies or delete information you hold about a customer.
Reporting data breaches
If your business experiences a cyber attack where personal information is accessed or disclosed, you have a responsibility to notify customers and others whose personal data may be involved.
You might also have to report the breach to the OAIC under the Notifiable Data Breaches (NDB) scheme. Visit the OAIC website to check if your business is subject to mandatory reporting under the NBD scheme.
What to do if there's a data breach
In the event of a data breach:
- Contain the data breach to prevent any further compromise of personal information.
- Assess the data breach by gathering the facts and evaluating the risks, including potential harm to affected individuals. Where possible, take action to remediate any risk of harm.
- Notify the individuals involved, as well as the OAIC if you're required to by the NDB scheme.
- Review the incident and consider what actions you can take to prevent future breaches.
Avoid sending spam
Find out more about the Spam Act and how to avoid sending spam on the Australian Comunications and Media Authority (ACMA) website.