Community legal centres occupy a particular position in the digital landscape. You are handling enquiries from people in crisis. You are operating under funding agreements that carry reporting obligations. Your website may be the first point of contact for someone who has never sought legal help before and is not sure where to start.
And yet the digital foundations of many CLCs (the website, the search presence, the underlying security and accessibility) are treated as an afterthought. Not through negligence. Through the simple reality of running a stretched organisation with limited internal capacity and a board that has more pressing things to focus on.
This guide covers the specific digital risks, obligations, and opportunities that apply to CLCs in Australia, and what it looks like to manage them properly.
Why CLCs Face Distinct Digital Risk
Most digital risk frameworks are written for commercial organisations. The risks CLCs carry are different in character, if not always in kind.
The people who contact you are often in vulnerable circumstances. An enquiry form that fails, a contact page that returns an error, or a phone number that has changed but has not been updated online can have consequences that extend well beyond a missed lead. Someone who needed help and could not reach you may not try again.
Your organisation almost certainly holds sensitive personal information: names, circumstances, legal matters. A security breach involving that data is not just a technical problem. It is a serious harm to the people you exist to protect, and potentially a significant compliance issue under the Privacy Act and the Australian Privacy Principles.
Your funding agreements may carry specific requirements around digital governance, accessibility, or data handling that are rarely front of mind until an audit or renewal process surfaces them.
And your board (rightly focused on service delivery, funding, and governance) needs to be able to understand and sign off on your digital risk position without needing a technical background to do so. Our Digital Risk Checklist for Community Legal Centres is a practical starting point for that conversation.
Accessibility Is a Legal and Ethical Obligation
WCAG 2.1 AA is the accessibility standard that applies to most Australian organisations receiving government funding. For CLCs, it is not a best-practice aspiration. It is increasingly a contractual requirement, and in some cases a condition of funding renewal.
More importantly, it is simply the right baseline for organisations whose work reaches people across the full spectrum of ability, circumstance, and digital confidence.
In practical terms, accessibility compliance means your website is navigable by keyboard alone, readable by screen readers, legible at standard text sizes, and free of design patterns that create barriers for people with cognitive, visual, or motor impairments. It also means your contact pathways (the forms, the phone numbers, the chat tools) are accessible by the same standard.
Most CLC websites we review have accessibility gaps. Not because anyone decided accessibility did not matter, but because it was never systematically checked. A proper audit typically surfaces issues that can be addressed incrementally, without a full rebuild.
Search Visibility as a Form of Access to Justice
When someone types “free legal advice tenancy NSW” or “community legal centre near me” into Google at 11pm on a Tuesday, the organisations that appear are the ones that have been deliberate about being findable. Not necessarily the ones doing the best work.
This is the uncomfortable reality of search visibility for CLCs. The connection between your services and the people who need them depends, in part, on technical and content decisions that most legal centres have never had the capacity to address properly.
What good search visibility looks like for a CLC is not especially complicated, but it does require sustained attention. It means having clearly structured service pages that describe your specific areas of practice in plain language. It means your local search presence (your Google Business Profile, your ACNC listing, your directory entries) is accurate and consistent. It means your content uses the language your clients actually search with, not the language your sector uses internally.
It also means, for eligible CLCs, considering whether a Google Ad Grant could extend your reach to people actively searching for the kind of help you provide.
The Google Ad Grant for Community Legal Centres
Most CLCs are registered charities and hold ACNC registration, which means they are likely eligible for the Google Ad Grant: up to $10,000 USD per month in free Google advertising.
For a CLC, the grant is most usefully directed at high-intent searches: people actively looking for legal help in your area of practice and your geography. “Tenancy rights solicitor Sydney,” “family law help no cost Melbourne,” “employment dispute legal advice Brisbane.” These are searches from people who have already decided they need help. Being present in those results matters.
The grant does require ongoing management to stay compliant. There are click-through rate requirements, keyword restrictions, and monthly account activity obligations. An account that is set up once and left unattended will eventually drift out of compliance and be suspended.
But managed properly, it is one of the more reliable and cost-effective ways for a CLC to extend its reach to people who need its services.
See our Definitive Guide to Google Ad Grants for Australian Nonprofits for a fuller picture of how the grant works in practice.
Security and Data Handling
CLCs collect sensitive personal information as a matter of course. Online enquiry forms, intake questionnaires, callback requests: all of these involve people sharing details about their circumstances that they would not want disclosed, lost, or compromised.
The Privacy Act 1988 and the Australian Privacy Principles set out the obligations that apply. The Notifiable Data Breaches scheme requires CLCs to notify both the Office of the Australian Information Commissioner and affected individuals in the event of a data breach that is likely to cause serious harm.
In practical terms, sound digital security for a CLC means keeping your website platform and plugins updated, using reputable hosting with appropriate backup and recovery capabilities, securing your forms against common vulnerabilities, and having a basic incident response plan that your staff know exists.
None of this needs to be complicated. But it does need to be someone’s responsibility.
Governance and Board Reporting
CLC boards carry governance responsibility for the organisation’s digital risk position. In practice, most boards receive little or no structured reporting on digital matters, not because directors do not care, but because the information has never been packaged in a way that is useful to a non-technical board.
Good digital governance for a CLC means having a clear picture of your risk position (security, accessibility, data handling, search visibility, vendor relationships) in plain English, reviewed at a frequency that makes sense for your organisation. Typically quarterly.
It also means having documentation that supports accountability: who is responsible for what, what your hosting and software arrangements are, what your backup and recovery position looks like, and what the plan is if something goes wrong.
This documentation does not need to be extensive. It needs to exist, be accurate, and be accessible to the people who might need it. The Marzipan Digital Governance Pack provides a practical framework for getting this in place.
What Digital Stewardship Looks Like for a CLC
The organisations that manage their digital presence well tend to share a few characteristics. They treat it as ongoing infrastructure, not a periodic project. They have someone accountable for it, internally or externally. They review their position regularly rather than waiting for something to go wrong. And they have a clear, shared understanding of what good looks like.
For most CLCs, building that capacity internally is not realistic. The organisation is there to provide legal services, not to manage digital infrastructure. The more sustainable model is an external partner who understands the sector, carries the technical responsibility, and translates the digital position into plain English for the board on a regular basis.
That is the model Marzipan operates under. We work with a small number of legal, community, and purpose-driven organisations on an ongoing basis, handling the digital governance, search visibility, accessibility monitoring, and Google Ad Grant management that most CLCs do not have the internal capacity to sustain.
If you would like a clear picture of where your organisation’s digital position currently stands, the Digital Capacity Diagnosis is the right starting point. It is a structured, one-off review covering your website, search visibility, security posture, accessibility, and governance gaps, with board-ready findings in plain English.
[ Digital Capacity Diagnosis ]
Further Reading
- When Someone in Crisis Finds You Online, Your Website Is Already Speaking
- The Definitive Guide to Google Ad Grants for Australian Nonprofits
- Does My Organisation Qualify for a Google Ad Grant?
- Digital Risk Checklist for Community Legal Centres
- Rebuilding With Care: A Free Guide for Purpose-Driven Organisations
