Skip to content

Stay within the law

Maintain an honest reputation by complying with Australian consumer and fair trading laws

On this page

  • Know how to comply with fair trading laws
  • Find out about unfair market practices
  • Meet your privacy obligations
  • Protect your business from cybercrime

What you need to know about fair trading

Complying with the Australian Consumer Law and Fair Trading Act 2012 helps to reduce the risk of breaking the law and facing the expense of legal proceedings.

It can also help to improve customer relations and enhance your reputation as a business that deals fairly with customers, competitors and suppliers alike.

When running your business, you need to meet the following requirements.

Fair contracts

  • Contracts must be clear and fair, meaning there is a healthy balance between you and the consumer.

Learn more about contracts.

Receipts and itemised bills

  • Receipts must be provided for amounts over $50 or if requested.
  • Itemised receipts should be provided to anyone who asks for one.

Learn more about receipts and itemised bills.

Refunds and exchanges

Your refund and exchange policy must be clearly spelled out and comply with the Australian Consumer Law and Fair Trading Act 2012.

Adding a 'no refunds or exchange' note to your website doesn't prevent you from having to offer a refund or exchange if the goods:

  • are faulty
  • don't match the product description
  • are unfit for their intended purpose.

Learn more about refunds and exchanges.

Gift cards

The Australian Consumer Law (ACL) has been amended to provide protections for gift card consumers across Australia. These national changes apply to gift cards supplied to consumers on or after 1 November 2019.

Cards and vouchers sold before 1 November 2019 continue to have the same expiry period and applicable fees as at the time of purchase.

Changes to the law include:

  • a minimum three year expiry period for gift card
  • gift cards must display expiry dates
  • most post purchase fees on gift cards such as activation fees and balance enquiry fees are banned

Learn more, including which types of cards are included and excluded, on the Australian Consumer Law website.


  • Product and service descriptions must be correct and you must give your contact details.
  • The price of goods and service must stay the same for a reasonable length of time and you must have reasonable quantities available.

Find out more about honest ways to advertise your business.

No unconscionable conduct

No unconscionable conduct includes:

  • pressuring customers into purchases
  • unscrupulous behaviour
  • creating a false sense of urgency
  • using unacceptable verbal or physical behaviour.

These requirements mean your website needs to:

  • display your full business address or telephone number
  • the total price of any goods and services you're selling
  • how much you charge for postal and delivery fees.

Unfair market practices

Visit the Australian Consumer Law (ACL) website to find out more about:

  • unfair market practices
  • industry codes of practice
  • mergers and acquisitions of companies
  • product safety
  • collective bargaining
  • product labelling
  • price monitoring
  • the regulation of industries, such as telecommunications, gas, electricity and airports.

Small businesses that buy or sell goods by weight, volume or length also need to comply with the National Measurement Act 1960 and the National Trade Measurement Regulations 2009.

Businesses that are caught short-measuring their customers can be fined up to $170,000 per offence.

For more information visit the National Measurement Institute website.

Legal considerations for online businesses

If you're running any aspect of your business online, the main laws that apply in Victoria are:


Businesses have an obligation to protect customer privacy – especially if your customers are buying from you online. They need to know that you're doing your utmost to protect their information.

The Federal Privacy Act 1988 regulates information privacy and covers a number of different activities and sectors. Even if your business is not captured under the Privacy Act, maintain best practice privacy practices to maintain your credibility in the marketplace.

Provide a privacy statement and privacy policy to your customers

A business privacy statement should outline:

  • whether you collect personal information, what personal information you collect and how you store it
  • what you do and don't do with the information, for example whether you share it with other organisations
  • how people can contact you regarding the information you hold about them
  • how you will correct inaccuracies or delete information you hold about a customer.

If you're collecting information about your customers, it should be:

  • accurate
  • up-to-date
  • secure from unauthorised access – even from employees and contractors who don't need to see that information as part of their job.

Privacy policy template (DOCX 33.75 KB)DOCX icon

Reporting of data breaches

If your business experiences a cyber attack that involves personal information being assessed or disclosed, you have a responsibility to customers and others whose personal data may be involved to notify them of the breach. You may also have an obligation to report the breach to the Office of the Australian Information Commissioner (OAIC). under the Notifiable Data Breaches (NDB) scheme.

  • Step 1: Contain the data breach to prevent any further compromise of personal information.
  • Step 2: Assess the data breach by gathering the facts and evaluating the risks, including potential harm to affected individuals and, where possible, taking action to remediate any risk of harm.
  • Step 3: Notify individuals and the Commissioner if required. If the breach is an ‘eligible data breach’ under the NDB scheme, it may be mandatory for the entity to notify.
  • Step 4: Review the incident and consider what actions can be taken to prevent future breaches

Visit the OAIC website for further resources and to check if your business is subject to mandatory reporting under the NDB scheme.

Learn more about how to protect your business from cybercrime