When the Privacy Act was first enacted in 2000, small businesses earning less than $3 million per year were considered a low risk cohort. With some exceptions, they have been exempt from the Privacy Act. However, the Government has realised that the use of digital technology in conducting business has increased privacy risks posed by businesses of all sizes.
The Review of the Privacy Act was released in February 2023. It is proposing that the exemption for small businesses in the Privacy Act be removed. This means that approximately 95% of small businesses which are currently exempt from the Privacy Act, will have to comply.
The Government is consulting with the sector to develop appropriate support for small businesses. It will also consider whether any privacy obligations should be modified and what support will be needed to help small businesses make the change, for example:
- tailored guidance
- e-learning modules
- resources and tools
- a transition period
While the proposed reforms of the Privacy Act are presently unknown, it doesn’t stop small businesses from proactively addressing privacy concerns and forward planning.
