Government to Scrap Privacy Act Exemption for Small Businesses

Businesses generating up to $3 million annually will be subjected to new data privacy standards, following the government’s recent declaration regarding the comprehensive review of the Privacy Act.

The government has either endorsed or provisionally accepted most of the 116 suggestions put forward in the review this past February.

Central to these recommendations is the abolition of the current Privacy Act exemption for around 2.3 million small businesses that earn $3 million or less annually. Until now, these businesses weren’t required to secure personal data or inform individuals in case of data breaches.

The government plans to engage with these businesses to gauge the impact of revoking this exemption. Feedback from these consultations will guide decisions on modifying privacy responsibilities to alleviate regulatory pressures on small enterprises. Furthermore, they’ll assess the assistance needed for businesses to adapt to these new privacy norms. Additionally, the government is leaning towards broadening the definition of personal data to encompass IP addresses, cookies, and device markers. This expansion also aims to recognize individuals who might be “reasonably identifiable” even without clear identification.

Other critical reforms that received the government’s nod include:

  • Securing clear consent for personal data management.
  • Fortifying safeguards for minors by launching a Children’s Online Privacy Code.
  • Mandating entities to be responsible for safeguarding personal data and emphasizing the need to discard it when no longer essential.
  • Offering clearer guidelines to entities regarding the protection of individual privacy and simplifying mandates when managing personal information on another entity’s behalf.

The Tech Council of Australia is in favour of the government’s stance.

Kate Pounder, CEO of the Tech Council of Australia, expressed her satisfaction regarding the government’s feedback on the Privacy Act review.

“We were pleased to see that many proposals put forward by the TCA have been accepted by the Government,” stated Pounder. “The Tech Council of Australia has consistently supported the need to modernise Australia’s outdated privacy laws to better reflect our increasingly interconnected and global digital economy.”

She further added, “Privacy reform is a fundamental component in enhancing Australia’s capability to adopt AI responsibly, fortify cybersecurity, and foster the tech sector’s continual growth.”

She concluded, “We welcome the Government’s decision to release the final review report and consult further before developing legislation”.