Around 2.3 million small businesses face new obligations around the handling of personal information after the government said it would remove a current exemption from the Privacy Act. The overhaul would also remove a current policy exemption for businesses with turnover under $3 million – exposing around 2.4 million small and medium businesses (SMBs) to burdensome new governance requirements and potential severe penalties for the first time.

With recent figures finding that fewer than half of Australian SMBs see data privacy as a priority – and just 44.4 per cent confident that they have a “well-defined” privacy policy – removal of the exemption will push most of these businesses into uncharted territory.

Attorney-General Mark Dreyfus said the government had agreed to most of the 116 proposals contained in a landmark review of the Privacy Act that was released in February.

The new changes include the following:

  • requiring entities to seek informed consent about the handling of personal information
  • establishing stronger protections for children, including a Children’s Online Privacy Code
  • making entities accountable for handling information, and destroying data when no longer needed; and
  • providing greater clarity on how to protect individuals’ privacy, including when handling personal information on behalf of another entity

One of the most sensitive changes the government has agreed to is to end exemptions for small businesses from the Privacy Act. But the government has agreed, subject to further consultation, that small businesses should now come under the act, a reform that could impose costly obligations on those businesses.

It said the exemption was being removed as “the community expects that if they provide their personal information to a small business it will be kept safe and not used in harmful ways”.

But removing the exemption “should not occur until further consultation has been undertaken with small businesses and their representatives on the impact that removing the small business exemption would have”.

“The government will also work with the small business sector, as well as employer and employee representatives, on enhanced privacy protections for private sector employees and for small businesses,” Mr Dreyfus said.

These next steps build on legislation passed last year which significantly increased penalties for repeated or serious privacy breaches and provides the Australian Information Commissioner with greater powers to address privacy breaches.

How can we help?

If you have any questions or would like further information, please feel free to give our office on 08 9221 5522 or via email –  or arrange a time for a meeting so we can discuss your requirements in more detail.

General Advice Warning

The material on this page and on this website has been prepared for general information purposes only and not as specific advice to any particular person. Any advice contained on this page and on this website is General Advice and does not take into account any person’s particular investment objectives, financial situation and particular needs.

Before making an investment decision based on this advice you should consider, with or without the assistance of a securities adviser, whether it is appropriate to your particular investment needs, objectives and financial circumstances. In addition, the examples provided on this page and on this website are for illustrative purposes only.

Although every effort has been made to verify the accuracy of the information contained on this page and on this website, Camden Professionals, its officers, representatives, employees, and agents disclaim all liability [except for any liability which by law cannot be excluded), for any error, inaccuracy in, or omission from the information contained in this website or any loss or damage suffered by any person directly or indirectly through relying on this information.