Privacy shake-up for small business

08.11.2024

Digital Literacy

08.11.2024

Privacy shake-up for small business

By Bill Owens

Managing Director

Share This Post:

Changes are coming to Australia's privacy regulatory landscape, and it is expected that 95% of Australian businesses will have new data and privacy obligations under the reforms.

Australia’s privacy landscape is undergoing a significant shake-up with the appointment of Carly Kind as the new Privacy Commissioner earlier this year. In recent media interviews, Kind has outlined the key areas of focus for Australia’s Privacy Act reform, with a number of crucial points pertinent to business leaders and board members. 

In the proposed reforms to rebalance the privacy scales, non-compliance is no longer just seen as a compliance issue, with Kind calling non-compliance “harmful,” signalling a greater focus on individual rights and a push to foster a culture of compliance and data responsibility within the small business community. 

Read on for the key areas of reform relevant to senior business leaders and considerations for reviewing the privacy posture of your organisation. 

Good privacy practice [is] fundamental to operating a good business.

Carly Kind

Privacy Commissioner

Australia's New State of Privacy

1. Urgent Overhaul of Privacy Laws

The urgency for an overhaul of Australia’s privacy laws has never been more apparent, as highlighted by high-profile data breaches including Optus, Medibank and ClubsNSW exposing personal details. Kind emphasises that this overhaul is long overdue, with ongoing efforts spanning seven years to understand and implement necessary reforms. 

 2. Expanded Liability for Small Businesses 

One of the significant shifts in Australia’s privacy landscape is the inclusion of small businesses under the purview of privacy regulations. Previously, many small businesses operated without formal compliance, but under the proposed reforms, they will be required to adhere to privacy legislation. This change will affect around 95% of Australian businesses, and understandably, a number of small businesses are concerned about the regulatory and financial burden of being forced to comply with privacy rules, however Kind says good privacy practice is fundamental to operating a good business. 

3. Greater Enforcement for Compliance 

With small businesses now liable for privacy compliance, there will be greater emphasis on enforcement and accountability. The proposed reforms empower regulators to take a more proactive stance in ensuring compliance across all business sectors. This includes enhanced penalties for privacy breaches, enabling regulators to address non-compliance more effectively. 

4. Focus on Children’s Privacy  

The new regime places a strong emphasis on children’s privacy, defining a child as anyone under 18 and prohibiting targeted direct marketing to children. These measures reflect a growing awareness of the need to protect vulnerable populations in the digital age. 

5. Empowering Individual Rights 

Individuals will gain new rights under the proposed reforms, including a statutory tort of privacy, rights to erasure, de-indexing on search engines, and enhanced avenues for legal recourse. These changes aim to empower individuals and enhance their control over personal data. 

6. Impact on Business Operations 

For small businesses, these changes signify a shift in operational practices. Small businesses will need to invest in resources and strategies to meet privacy obligations, including data protection measures and legal compliance frameworks. While this may pose initial challenges, it also presents an opportunity for small businesses to enhance their data handling practices, build trust with customers and safeguard from increased cyber threats. 

7. Navigating the Regulatory Landscape 

Business leaders and board members in small businesses are urged to stay informed about the evolving regulatory landscape. This includes understanding their new obligations under privacy laws, implementing necessary compliance measures, and staying updated on enforcement trends. Proactive engagement with privacy regulations can mitigate risks and demonstrate a commitment to responsible data management. 

How Business Leaders can prepare for compliance

While the privacy reforms are yet to pass through Government, businesses of all sizes should begin preparing for compliance. The evolution of Australia’s privacy landscape will ultimately see enhanced protections to protect individuals and organisations and foster greater responsible data practices across industries. 

Proactive steps taken now, including conducting a privacy assessment, reviewing and implementing data governance and protection measures, educating employees on privacy best practices, and establishing clear policies and procedures for handling personal data can help businesses to mitigate risks in the short term and ensure smoother compliance in the long run. 

Get in touch

If you need assistance navigating the privacy landscape or the current privacy and data governance posture for your organisation, please get in touch. We’d love to help.

Contact

About The Author

Bill Owens

Managing Director

With decades of experience in global business consulting and technology, Bill excels in governance, strategy development, risk management, and financial management. He serves as the non-executive Chair of Relationships Australia Queensland and is a member of the Gymnastics Australia Commercial Committee. Additionally, Bill contributes to the Tech Council of Australia and acts as a Technology Industry Expert for Queensland Leaders. He is a graduate of the Australian Institute of Company Directors course.

You might also like

View all insights