Privacy Act to Include Small Businesses

The Privacy Act is changing, and this means small businesses making less than $3 million a year, which didn’t have to follow certain privacy rules before, now have to.

On 28 September 2023, the Federal Government released its formal response (Response) to the Privacy Act Review Report published in February this year.

The Government’s response is proposing changes to the Privacy Act to give people more control over their privacy, make sure companies handle information responsibly and securely, and ensure the rules are clear for protecting privacy, especially for kids online.

One of the proposed changes is that small businesses will no longer be exempt from compliance.  The Government has committed to talking more with small businesses before proceeding with the changes.

Other proposed changes include:

  • Extension of the definition of ‘personal information’
  • Strengthening of obligations around consent, and transparency of privacy polices and collection notices.
  • introducing a requirement for processing of personal information to be “fair and reasonable”.
  • Improved enforcement powers for the Office of the Australian Information Commissioner
  • Changes to the Data Breach Scheme to require quicker notice in line with the General Data Protection Regulation (GDPR) and to allow entities to stagger their notifications to individuals as information becomes available.

Actions for Small Businesses:

Whilst the full ramification of the changes is not yet known, small business owners should take the opportunity to review the personal data that they hold for their customers and what protections they have in place for this data. A good place to start may be a review of your cyber and data security with your IT provider. 

Arrange a meeting, and let’s see what the future may bring for your business.