Big changes are coming for small businesses in Australia. The government is shaking things up with proposed updates to the Privacy Act. Now, even small businesses with an annual turnover of $3 million or less will fall under this Act.
So if you are a business owner, you need to step up your game on handling personal information just like the bigger players.
Why the change? Well, in a digital world where data is king, keeping personal information safe is a big deal. The government had a good hard look at the rules and decided it’s time for everyone to follow the same playbook, big or small.
This blog is here to guide you through what’s changing, why it matters, and what steps you can take to be ready. It’s all about keeping your business on the right side of the law and taking care of your customers’ vital information.
Key Proposals from the Privacy Act Review Report
Attorney-General Mark Dreyfus highlighted the government’s agreement with most of the suggestions from the review, including:
- Ensuring individuals have more say over their privacy by mandating organisations to obtain clear consent for managing personal information.
- Holding organisations responsible for safeguarding individuals’ information, alongside boosting measures to keep data secure, like discarding data when it’s no longer essential.
- Offering organisations better guidance on preserving individuals’ privacy, and making their duties more straightforward when managing personal information on behalf of another entity.
- Implementing robust safeguards for children, inclusive of a new Children’s Online Privacy Code.
Implications for Australian SMEs
Now, here’s what the upcoming changes could mean for SMEs:
More Rights for Individuals
Individuals now have a stronger say over their personal data. For small businesses, this means:
- Clear Communication: Explain how you plan to use individuals’ information.
- Prompt Responses: Address any concerns or requests from individuals regarding their personal information swiftly.
Stepping Up Security
The updated act emphasises stronger security for personal information. This nudges small businesses to:
- Tighten Security Measures: Ensure that personal data is securely guarded.
- Proper Disposal: Destroy or de-identify personal data when it’s no longer needed.
Accountability Is Key
Small businesses now have a bigger role in ensuring personal information is treated with respect. This encompasses:
- Record-Keeping: Maintain accurate records of how personal information is handled.
- Being Ready for Checks: Prepare for possible inquiries or checks on your data handling practices.
In a nutshell, these changes aim to create a safer and more transparent atmosphere. It’s about nurturing a culture of respect and trust around personal information.
For small business owners, adapting to these new rules might seem daunting, but with the right steps, you’ll ensure your business aligns with the new privacy landscape.
Preparing for Compliance: Recommended Steps
First off, you’ll need to grasp how the Privacy Act will now apply to your business, especially if you’ve been under the small business exemption umbrella.
Conducting a threshold assessment is your first port of call. It’ll help you decipher the nitty-gritty of what’s required of your business under the new provisions.
Mapping Out Your Data Journey
Knowledge is power, and knowing what kind of personal information you handle, how you handle it, and where it’s stored is crucial. A data mapping and customer journey exercise is a smart move to:
- Identify the types of personal information in your database.
- Understand the flow of personal information within your operations.
Review Your Notices and Policies
Your existing collection notices and privacy policies may need a facelift to align with the new Privacy Act provisions.
Review them thoroughly to spot any areas that require updates or complete rewrites. It’s all about ensuring they reflect your current data handling practices accurately and comply with the new law.
Helpful Resources to Understand Privacy Act
Getting your business on the right side of the new Privacy Act amendments is more than just a legal requirement; it’s about fostering trust with your customers by showing that you value their privacy. The time to act is now, not later.
To ease you into this transition, there’s a bunch of resources and contacts that can offer a helping hand:
Office of the Australian Information Commissioner (OAIC)
The OAIC website is a goldmine of information on privacy laws and how they apply to your business. You can explore guidelines, fact sheets, and other educational materials that breakdown the complex legal jargon into digestible information.
Your industry association might have tailored advice and resources to guide you through the compliance process.
It might be wise to seek professional legal advice to understand the salient points of the new provisions and how they apply to your operations.
WebBuzz Digital Privacy Consultants
Our privacy consultants can take a look through your current data handling processes, which could save you a lot of headaches down the line. We can provide recommendations and practical steps to ensure you’re on the right track.
Contact us for a FREE assessment of your digital presence or call us on 1300 41 0081.