On this page
- Know how to comply with fair trading laws
- Find out about unfair market practices
- Meet your privacy obligations
- Protect your business from cybercrime
What you need to know about fair trading
Complying with the Australian Consumer Law and Fair Trading Act 2012 helps to reduce the risk of breaking the law and facing the expense of legal proceedings.
It can also help to improve customer relations and enhance your reputation as a business that deals fairly with customers, competitors and suppliers alike.
When running your business, you need to meet the following requirements.
- Contracts must be clear and fair, meaning there is a healthy balance between you and the consumer.
Receipts and itemised bills
- Receipts must be provided for amounts over $50 or if requested.
- Itemised receipts should be provided to anyone who asks for one.
Refunds and exchanges
Your refund and exchange policy must be clearly spelled out and comply with the Australian Consumer Law and Fair Trading Act 2012.
Adding a 'no refunds or exchange' note to your website doesn't prevent you from having to offer a refund or exchange if the goods:
- are faulty
- don't match the product description
- are unfit for their intended purpose.
The Australian Consumer Law (ACL) has been amended to provide protections for gift card consumers across Australia. These national changes apply to gift cards supplied to consumers on or after 1 November 2019.
Cards and vouchers sold before 1 November 2019 continue to have the same expiry period and applicable fees as at the time of purchase.
Changes to the law include:
- a minimum three year expiry period for gift card
- gift cards must display expiry dates
- most post purchase fees on gift cards such as activation fees and balance enquiry fees are banned
Learn more, including which types of cards are included and excluded, on the Australian Consumer Law website.
- Product and service descriptions must be correct and you must give your contact details.
- The price of goods and service must stay the same for a reasonable length of time and you must have reasonable quantities available.
Find out more about honest ways to advertise your business.
No unconscionable conduct
No unconscionable conduct includes:
- pressuring customers into purchases
- unscrupulous behaviour
- creating a false sense of urgency
- using unacceptable verbal or physical behaviour.
These requirements mean your website needs to:
- display your full business address or telephone number
- the total price of any goods and services you're selling
- how much you charge for postal and delivery fees.
Unfair market practices
Visit the Australian Consumer Law (ACL) website to find out more about:
- unfair market practices
- industry codes of practice
- mergers and acquisitions of companies
- product safety
- collective bargaining
- product labelling
- price monitoring
- the regulation of industries, such as telecommunications, gas, electricity and airports.
Small businesses that buy or sell goods by weight, volume or length also need to comply with the National Measurement Act 1960 and the National Trade Measurement Regulations 2009.
Businesses that are caught short-measuring their customers can be fined up to $170,000 per offence.
For more information visit the National Measurement Institute website.
Legal considerations for online businesses
If you're running any aspect of your business online, the main laws that apply in Victoria are:
- The Spam Act 2003
- The Privacy Act 1988
- The Electronic Transactions Act 1999
- The (Victorian) Electronic Transactions Act 2000.
Businesses have an obligation to protect customer privacy – especially if your customers are buying from you online. They need to know that you're doing your utmost to protect their information.
The Federal Privacy Act 1988 regulates information privacy and covers a number of different activities and sectors. Even if your business is not captured under the Privacy Act, maintain best practice privacy practices to maintain your credibility in the marketplace.
A business privacy statement should outline:
- whether you collect personal information, what personal information you collect and how you store it
- what you do and don't do with the information, for example whether you share it with other organisations
- how people can contact you regarding the information you hold about them
- how you will correct inaccuracies or delete information you hold about a customer.
If you're collecting information about your customers, it should be:
- secure from unauthorised access – even from employees and contractors who don't need to see that information as part of their job.
Reporting of data breaches
If your business experiences a cyber attack that involves personal information being assessed or disclosed, you have a responsibility to customers and others whose personal data may be involved to notify them of the breach. You may also have an obligation to report the breach to the Office of the Australian Information Commissioner (OAIC). under the Notifiable Data Breaches (NDB) scheme.
- Step 1: Contain the data breach to prevent any further compromise of personal information.
- Step 2: Assess the data breach by gathering the facts and evaluating the risks, including potential harm to affected individuals and, where possible, taking action to remediate any risk of harm.
- Step 3: Notify individuals and the Commissioner if required. If the breach is an ‘eligible data breach’ under the NDB scheme, it may be mandatory for the entity to notify.
- Step 4: Review the incident and consider what actions can be taken to prevent future breaches
Visit the OAIC website for further resources and to check if your business is subject to mandatory reporting under the NDB scheme.