Powered by MOMENTUM MEDIA
accounting times logo

Powered by MOMENTUMMEDIA

Powered by MOMENTUMMEDIA

SMEs urged to start preparing for Privacy Act changes

Profession
23 November 2023
smes urged to start preparations for privacy act changes

Small businesses and accounting firms should start taking proactive steps to comply with the Privacy Act ahead of slated changes by the government.

With the government indicating it will look to adopt a recommendation to remove the Privacy Act exemption for small business, businesses should start preparing for this change as part of their planning for 2024, according to RSM director of risk advisory Ashwin Pal.

In late September, Attorney-General Mark Dreyfus announced the government would adopt a recommendation from the Privacy Act Review Report to remove the exemption that currently excludes small businesses with a turnover of less than $3 million from having to comply with the act.

Mr Pal said this means that any business regardless of revenue will have to adhere to privacy and online data protection rules.

==
==

“If your business deals with personal identity information or personal health information, soon you’ll have to comply with the Privacy Act no matter how small your revenue. Right now, most small businesses would struggle to comply,” he warned.

Mr Pal also noted that there will be smaller accounting firms that are impacted by this change.

“Accounting firms hold a lot of confidential, private information because they’re lodging tax returns,” he said.

“They’ll have all manner of information about an individual client including all their tax details. That’s probably as personal and private as it actually gets.”

A good starting point for businesses is the Australian Cyber Security Centre’s website, which has in-depth advice on what small businesses should be doing to secure personal customer data.

Mr Pal said that small businesses first need to think about what data they have and where it’s stored.

They then start to look at who can access that data and to what degree access controls are actually in place.

“For example, is there multi-factor authentication, is the data stored securely? Is it encrypted and secure? Is it backed up? If I have a ransomware-type attack will I lose all my data?” said Mr Pal.

Businesses should also be asking their IT providers questions about what mechanisms are in place to keep data secure.

Where IT providers are unable to provide satisfactory responses to these questions, Mr Pal said businesses may want to consider changing providers.

Mr Pal said accountants can play an important role in guiding their SME clients through the process of preparing for these changes, particularly where they’ve had to adapt themselves.

“Once the accounting firm has gone through the necessary steps to prepare themselves, they can then use their own business as a case study and give advice to clients. They can turn it into a service offering of sorts,” he said.

About the author

author image

Miranda Brownlee is the news editor of Accounting Times, an online publication delivering analysis and insight to Australian accounting professionals. She was previously the deputy editor of SMSF Adviser and has broad business and financial services reporting experience, having written for titles including Investor Daily, ifa and Accountants Daily. You can email Miranda on: [email protected]

Subscribe

Join our subscribers get exclusive access to freebies and the latest news

Subscribe now!
NEED TO KNOW