Businesses with an annual turnover of up to $3 million will face new data privacy obligations following the government's response to the landmark review of the Privacy Act announced today.
The government has agreed or agreed-in principle with a majority of the review's 116 proposals released in February.
This includes the proposal to remove the exemption to the Privacy Act that is currently afforded to approximately 2.3 million small businesses with an annual turnover of $3 million or less.
Currently, businesses under that turnover threshold have no obligation to keep personal information secure, or to notify affected people if there is a data breach.
The government said that it will consult with small businesses on the impact that the exemption removal will have.
This will inform consideration of what privacy obligations should be modified for small businesses to ease the regulatory burden and what support they will need to adjust their privacy practices.
The government also agreed in-principle to an expanded definition of personal information to include IP addresses, cookies and device identifiers.
It will also include where an individual may be "reasonably identifiable" even if their identity is not known.
Other key reforms agree to by the government include:
- Requiring entities to seek informed consent about the handling of personal information;
- Establishing stronger protections for children, including the introduction of a Children’s Online Privacy Code;
- Making entities accountable for handling individuals’ information and enhancing requirements to keep information secure, including destroying data when it is no longer needed; and
- Providing entities with greater clarity on how to protect individuals’ privacy, and simplifying their obligations when handling personal information on behalf of another entity.
Tech Council of Australia supports government response
Tech Council of Australia's CEO Kate Pounder welcomed the government's response to the Privacy Act review.
“We were pleased to see that many proposals put forward by the TCA have been accepted by the Government,” Pounder said.
“The Tech Council of Australia has consistently supported the need to modernise Australia’s outdated privacy laws to better reflect our increasingly interconnected and global digital economy.”
“We see privacy reform as a key pillar of a credible response to improve Australia’s ability to safely and responsibly develop and adopt AI, to improve cyber security resilience and to enable the continued growth of the tech sector.”
“We welcome the Government’s decision to release the final review report and consult further before developing legislation.”
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
