Changes to the Privacy Act for Aussie SMBs
In the last 24 hours there has been some significant commotion in the space of data privacy for Aussie SMBs. Originally created in 1988 and pledged for renewal at the beginning of 2023, the Privacy Act (1988) is undergoing significant adjustments heading into 2024. We know it can be a lot to take in, especially for hardworking small business owners like us, so we thought we'd put something together to help you decode the changes that are coming.
Around 2.3 million small businesses are about to face new responsibilities when it comes to handling personal information, all thanks to a recent decision by the government to remove a current exemption from the Privacy Act. This exemption previously applied to businesses with an annual turnover of $3 million or less, meaning they didn't have to worry about keeping personal information secure or notifying individuals in case of data breaches. In short, this is a BIG change for small business and needs to be taken seriously.
What happened in the last 24 hours.
Attorney-General Mark Dreyfus shared that the government has embraced most of the 116 proposals presented in a significant review of the Privacy Act, which was released earlier this year. These proposals include measures such as:
- Requiring entities to seek informed consent before handling personal information.
- Establishing stronger safeguards for children, including the creation of a Children’s Online Privacy Code.
- Holding entities accountable for the responsible handling of information and the secure disposal of data when it's no longer needed.
- Providing clearer guidelines on how to protect individuals' privacy, especially when handling personal information on behalf of another entity.
Now, we understand that the idea of these changes might feel overwhelming or like another "thing" being thrust upon business owners in an ever changing compliance landscape, but these changes are for the better, seriously. There is going to be a transition period to allow small businesses like yours a reasonable amount of time to prepare. The government is also committed to working closely with the small business sector, as well as employer and employee representatives, to enhance privacy protections for private sector employees and small businesses.
Some of the changes coming...
The key legislative change, set for 2024, will introduce a "fair and reasonable" test for information collection, irrespective of consent. This addresses the common scenario where individuals simply "tick the box" on lengthy privacy statements. Moreover, the definition of personal information will expand to include cookie identifiers and IP addresses, even if an individual's name isn't mentioned, as long as they can be "reasonably identifiable."
Attorney-General Mark Dreyfus emphasised the significance of these changes by noting that "Australians increasingly rely on digital technologies for work, education, health care, and daily commercial transactions and to connect with loved ones. But when they are asked to hand over their personal data, they rightly expect it will be protected."
In response to the review, the government also expressed support "in-principle" for the introduction of a statutory tort for serious invasions of privacy.
Out of the 116 proposals presented in the review, the government has agreed with 36, agreed in principle to 68, and "noted" 10. Among those "noted" proposals are recommendations to allow people to opt out of personalised advertisements and to prevent political parties from targeting voters based on "sensitive information or traits."
What you can do.
Bottomline is, change is coming. 2024 is going to see the requirements for SMBs in Australia step up in one way or another. We want you to know that you're not alone in navigating these changes. Our team is here to offer guidance and support as you adapt to these evolving data privacy regulations, ensuring that your business remains secure and compliant. Now is the time to start thinking about what the next 12 months looks like for your business and how you are going to invest in bringing your systems into alignment with security recommendations. Together, we'll make this transition as smooth as possible, all while protecting your valuable data. We've got this!