The Australian government’s recent changes to the Privacy Act are a big step forward for consumer data safety, but for 2.3 million small Australian businesses the transition will be tough. While strict privacy measures were previously reserved for large enterprises, new regulations mandate that all businesses must comply, regardless of their size.
On the consumer side, this is a major win – particularly after millions of Australians were affected by several high-profile data breaches in recent years. For small and medium-sized enterprises (SMEs), however, it may be a different story. These businesses are already burdened by red tape and bureaucracy and will undoubtedly require guidance from the government to navigate the transition.
To comply with these new requirements, most small businesses will need to invest time and money in updating their systems and implementing new technology solutions. This will include measures such as adopting digital ID verification to boost data security and prepare for the government’s upcoming national digital ID rollout.
Small businesses often collect vast amounts of personal and sensitive information, such as emails, phone numbers, addresses, and credit card numbers. SMEs previously had no obligation to keep personal information secure or to notify affected people if they experienced a data breach, but once the changes to the Privacy Act kick in, the consequences of these mistakes could be severe.
To avoid legal penalties and fines for failing to protect consumer data, many will need to restructure their processes, systems, and workforce. This means major changes to the way they receive informed consent, handle customer information, and implement processes for destroying data when it’s no longer needed.
While it’s true that greater regulation around consumer data is essential, it’s also true that countless SMEs will struggle to implement these measures. Adapting systems, implementing new technology, and retraining staff is costly, not to mention time-consuming and overwhelming for business owners. To help with the transition, the government must provide advice, training, and guidance on how businesses can comply with their changing obligations.
This roadmap to compliance will prove invaluable to small businesses which are the lifeblood of the Australian economy. Beyond that, it will ensure that the government’s vision of a more secure data landscape is made possible. Too often, government regulations are enforced and penalised without any effort to provide methodologies, processes, or best practices for compliance. If large entities like Optus, Medicare, and Latitude struggle with data security, how can family businesses know where to turn?
The Australian Taxation Office (ATO) provides a useful example of how guidance works wonders for compliance: it enforces strict rules for compliance while also assisting companies when they need help. This type of symbiotic relationship would ensure that businesses aren’t left in the dark to manage one of the biggest and most important regulatory changes in recent years.
The government’s reforms to the Privacy Act reinforce the principle that privacy is a fundamental right – not a privilege. This has never been more important in our digital age, where cybercrime and data breaches are more common than ever before. By working together, the government and SMEs can ensure that our data is protected. After all, once it’s compromised, customer privacy cannot be reclaimed
Contributed by Dr Philip Bos, CEO and Founder of BlueKee