Small businesses owners need to take note of these proposed changes and begin preparing for their potential impact!
It is essential that small businesses prioritise data protection and privacy measures in their operations. In the future, small businesses may face increased scrutiny and penalties for any data breaches or privacy violations.
The Australian government has released in February 2023 a report proposing expansive reforms to the Privacy Act 1988 (Cth) to strengthen and modernise privacy protections for Australians. These proposed reforms touch on every aspect of how personal information is collected and managed, and introduce a multitude of new rights for individuals.
The changes are expected to be introduced before Parliament within the next 12 months.
A small business is currently defined as “one with an annual turnover of $3 million or less. Annual turnover for the purposes of the Privacy Act includes all income from all sources. It does not include assets held, capital gains or proceeds of capital sales.”
The Report recommends that small businesses must be subject to the same privacy protections as larger businesses, and that the Act be extended to apply to personal information handled by small businesses.
The proposed reforms will touch on every aspect of how personal information is collected and managed and introduce a multitude of new rights for individuals.
The proposed changes will also expand the definition of personal information to include technical information, such as IP addresses and location data, and inferred information, such as predictions of behavior or preferences. This will help resolve uncertainty which had existed over the treatment of certain categories of data under the Act.
While the Report is still relatively light on specific detail, the Attorney-General's Department has kicked-off another round of industry consultation which is expected to culminate in the release of an Exposure Draft and new legislation before the Parliament in the next 12 months. The proposed reforms will likely have significant implications for small businesses, so it is important to stay informed and prepare for their potential impact.
We recommend small businesses prioritise data protection and privacy measures in their operations to prepare for the potential impact of the proposed reforms to the Privacy Act.
The removal of the small business exemption means that small businesses must comply with the same privacy protections as larger businesses, and the expanded scope of the Privacy Act will include technical and inferred information. It is crucial that small businesses take steps to protect their customers' data and privacy and avoid any potential penalties for data breaches or privacy violations.
Contact Lynden Group for additional professional advise on how you can mature your SME cyber resilience posture.