accountants daily logo

Privacy Act to take in small businesses


Operations with an annual turnover of $3 million or less will no longer be exempt after the government accepts review proposals.

By Josh Needs 9 minute read

A review of the Privacy Act will mean small businesses with an annual turnover of $3 million or less which were previously excused from the bill’s obligations will no longer be exempt.

Attorney-General Mark Dreyfus said the government agreed with the majority of the review's proposals, including:

  • Giving individuals greater control over their privacy by requiring entities to seek informed consent about the handling of personal information.
  • Making entities accountable for handling individuals’ information and enhancing requirements to keep information secure, including destroying data when it is no longer needed.
  • Providing entities with greater clarity on how to protect individuals’ privacy, and simplifying their obligations when handling personal information on behalf of another entity.
  • Establishing stronger protections for children, including the introduction of a Children’s Online Privacy Code.

A key proposal made by the review, which the government agreed to in principle, was that the small business exemption for businesses with an annual turnover of $3 million or less be removed.

It said the exemption was being removed as “the community expects that if they provide their personal information to a small business it will be kept safe and not used in harmful ways”.

But removing the exemption “should not occur until further consultation has been undertaken with small businesses and their representatives on the impact that removing the small business exemption would have”.

“The government will also work with the small business sector, as well as employer and employee representatives, on enhanced privacy protections for private sector employees and for small businesses,” Mr Dreyfus said.

“These next steps build on legislation passed last year which significantly increased penalties for repeated or serious privacy breaches, and provided the Australian Information Commissioner with greater powers to address privacy breaches.”

His department would conduct an impact analysis and work with the community, businesses, media organisations and government agencies to inform the development of legislation and guidance material in this term of Parliament.

“Australians increasingly rely on digital technologies for work, education, healthcare and daily commercial transactions and to connect with loved ones. But when they are asked to hand over their personal data they rightly expect it will be protected.

You need to be a member to post comments. Become a member for free today!

You are not authorised to post comments.

Comments will undergo moderation before they get published.