Shopping Cart


No products in the cart.


We're Building the World's BIGGEST Online Community for Small Businesses

Small businesses face big challenges in privacy law overhaul


The Australian government recently made a new law that lets them make businesses share user information, even if it’s protected by secret codes.

If businesses can’t access encrypted data for the government, they have to make tools so the police can get to users’ info.

Starting in 2024, small businesses can’t escape privacy rules. This affects a lot of businesses, and if they don’t follow the rules, they’ll get fined and might damage their reputation if data gets leaked.

For small business owners, making a privacy plan that follows the rules can be hard. That’s why it’s crucial to get help from privacy experts. A privacy plan is like a set of rules inside the company that makes sure they follow the privacy laws. With the right help, businesses can put in good processes to lower risks from data and privacy rules and stick to their business goals.

Hana Lee, qualified data privacy expert and start-up and capital leader at Melbourne law firm, Burch&Co,  urges small businesses to take a proactive approach and start building a fit-for-purpose privacy program to navigate the sweeping reforms in data privacy.  “In 2024, there is not a single business that does not work with or store customer data in some way,” Hana said. “When it comes to privacy considerations, an ounce of prevention is worth a pound of cure. The Privacy Act amendments serve as a motivator to learn about essential privacy protections and take a more mindful approach to storing sensitive customer information.” 

“The removal of the small business exemption to the Privacy Act in 2024 increases compliance demands on small businesses and startups, particularly those reliant on technology and customer data collection. 

With over 92% of businesses to be impacted, those that fail to comply with the Privacy Act will face increased financial penalties, in addition to reputational risk from data breaches.”

In February 2023, the Australian Attorney-General’s Department revealed 116 recommendations derived from insights provided by stakeholders over the previous two years, addressing 30 key themes. While acknowledging the positive impact of Australia’s digital economy on innovation and productivity, the report also voiced concerns about data breaches and privacy issues.

In response to these concerns, the report put forward a comprehensive proposal to modernize privacy laws, adapting them to the demands of the digital age. The objective is to combat identity fraud and scams while ensuring the global competitiveness of Australian businesses.

Out of the 116 recommendations, the government embraced a total of 106 proposals. Among these, 38 are categorized as “agreed,” while 68 are labeled as “agreed in-principle.” It’s essential to note that both classifications hinge on focused and broader consultations before arriving at a final decision. The government aims to enshrine these recommendations into legislation in 2024.

Furthermore, alongside accepting the majority of recommendations, the government took “note” of 10 suggestions but chose not to adopt them. These specific recommendations primarily concern political exemptions and specific protections for deidentified information.

No matter if a business is big or small, having a good privacy plan means they know where they’re not following the rules and have a plan to fix it. While Australia’s privacy laws are getting stricter, there are good examples from other countries that small businesses can follow. Privacy pros know the best ways businesses in countries with strict privacy laws do things and can give custom advice to follow the rules in every part of the business. 

Keep up to date with our stories on LinkedInTwitterFacebook and Instagram.


Leave a Reply