Changes to the Australian Privacy Act: Implications for Small Business

Introduction

The Australian government has been seeking to reform the Australian Privacy Act to increase its relevance to the rapidly evolving technology landscape (especially with AI).  

One of the recommendations from a review published in February 2023 was to remove the existing exemptions for Small Business (businesses under $3m revenue). 

Whilst this recommendation hasn’t been adopted yet, it’s anticipated that it will be in time. Australian Small Business should prepare for the coming changes and be aware of what constitutes compliance with the Privacy Act. 

Non-compliance could carry serious financial penalties in addition to reputational harm. 

Compliance 

To ensure compliance with the Australian Privacy Act 1988, you should follow these key steps: 

1. Understand the APPs: Familiarise yourself with the 13 Australian Privacy Principles (APPs) that govern the collection, use, and management of personal information. 
2. Conduct a Privacy Audit: Assess your current practices regarding personal information handling. Identify what data you collect, how it’s used, and where it’s stored. 
3. Develop a Privacy Policy: Create a clear and accessible privacy policy that explains how personal information is collected, used, and disclosed. Make sure it complies with the APPs. 
4. Ensure that you obtain informed consent from individuals before collecting their personal information, especially for sensitive data. 
5. Implement Data Security Measures: Implement appropriate security measures to protect personal information from unauthorised access, loss, or misuse. 
6. Facilitate Access and Correction: Establish processes for individuals to access their personal information and request corrections if it’s inaccurate. 
7. Train Staff: Provide training for employees on privacy practices, including the importance of protecting personal information and understanding their obligations under the Act. 
8. Manage Data Breaches: Develop a data breach response plan. Be prepared to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if a data breach occurs. 
9. Review and Update Practices: Regularly review your privacy practices and policies to ensure ongoing compliance and adjust as needed. 
10. Engage Legal Advice: Consider consulting with legal professionals who specialize in privacy law to ensure that your practices meet all legal requirements. 

By following these steps, you can create a robust framework for compliance with the Australian Privacy Act. 

How CIBIS can help 

CIBIS is certified in ISO27001, the international standard for managing information security. We put security and privacy at the forefront of everything we do, and this philosophy is applied to all our solutions for small business including: 

• Formlify: Formlify is an intelligent, purpose-built form-builder which is cost-effective to buy and easy to use. It’s perfect for small business who want to capture data both internally (from employees) and externally (from customers). Formlify is cloud based and managed by CIBIS so you don’t need to worry about data security. 
• Xpect: Xpect offers small businesses a contemporary cloud-based 'mini-ERP' solution without the complexity of a global ERP. It’s ideal for retail businesses who want to sell online with e-commerce out of the box and integration with PayPal, ebay, Shopify and payment providers. Xpect provides whole of business ERP functionality without the time and expense of a global ERP implementation. 

Please contact us to find out more.