Privacy Act to take in small businesses
Operations with an annual turnover of $3 million or less will no longer be exempt after the government accepts review proposals.
A review of the Privacy Act will mean small businesses with an annual turnover of $3 million or less which were previously excused from the bill’s obligations will no longer be exempt.
Attorney-General Mark Dreyfus said the government agreed with the majority of the review's proposals, including:
- Giving individuals greater control over their privacy by requiring entities to seek informed consent about the handling of personal information.
- Making entities accountable for handling individuals’ information and enhancing requirements to keep information secure, including destroying data when it is no longer needed.
- Providing entities with greater clarity on how to protect individuals’ privacy, and simplifying their obligations when handling personal information on behalf of another entity.
- Establishing stronger protections for children, including the introduction of a Children’s Online Privacy Code.
A key proposal made by the review, which the government agreed to in principle, was that the small business exemption for businesses with an annual turnover of $3 million or less be removed.
“These next steps build on legislation passed last year which significantly increased penalties for repeated or serious privacy breaches, and provided the Australian Information Commissioner with greater powers to address privacy breaches.”
His department would conduct an impact analysis and work with the community, businesses, media organisations and government agencies to inform the development of legislation and guidance material in this term of Parliament.
“Australians increasingly rely on digital technologies for work, education, healthcare and daily commercial transactions and to connect with loved ones. But when they are asked to hand over their personal data they rightly expect it will be protected."