Small business privacy laws in parliamentary crosshairs

Powered by SC Magazine

Parliamentary Committee calls for abolition of Privacy Act exemptions.

The Australian Parliamentary Cyber-Safety Committee has called for the scrapping of an exemption that exempted small businesses from Australia’s Privacy Act.

In a report tabled yesterday, the committee said it was concerned that small businesses with annual turnovers of $3 million or less were exempt from the Privacy Act 1988.

It recommended that the Government consider dropping small business exemptions and undertake a review of categories of businesses with “significant personal data holdings”.

“A large proportion of the Australian private sector is not subject to any privacy laws,” the committee wrote.

“Such legislation may be insufficient to protect young people from cyber-safety risks occurring as a result of individuals acting in private capacities.”

According to the Office of the Information Commissioner, businesses subject to the Privacy Act are required to:

  • Inform users about the collection of personal information and how the information will be used;
  • Not share personal information without notifying users, and only use personal information in ways users might expect;
  • Allow users to see any information that the business holds about them, if they ask;
  • Keep personal information safe; and
  • Inform users, if they ask, about how the business handles personal information.

Internet Industry Association CEO Peter Coroneos expected a majority of online businesses to comply with most of those requirements – whether or not they were legally obliged to.

“To the end user, the size of a business is not the critical determinant of their propensity to interact with the business; the critical determinant is whether they feel safe,” he said.

“Certainly in the internet space, small businesses have as much to gain from complying, because it speaks to the issue of trust.”

Outside of the online environment, however, the cost of complying with the Privacy Act may be less attractive to small businesses.

Robert Mallett, general manager of the Council of Small Businesses of Australia (COSBOA), said many small businesses lacked both knowledge of privacy regulations and the skills required to comply.

“Added compliance is just making it burdensome for small businesses,” he told iTnews.

Compared to large organisations like Telstra, Apple and Woolworths, small businesses had a “far smaller capacity” to harvest personal information, and thus posed less risk, Mallett said.

Instead of introducing new laws, he urged the Government to focus on “high-risk” areas and policing, noting that existing, unenforced laws made it “grossly uncompetitive” for businesses that chose to comply.

Additionally, Mallett said there was “no empirical evidence” to support the introduction of privacy laws for small businesses.

“I’ve not heard of any complaints of a small business using customer data for the wrong reasons,” he said.

The Office of the Information Commissioner told iTnews that it was unable to provide data about privacy breaches by small businesses, as that did not come under its jurisdiction.

Mandatory or voluntary compliance?

Yesterday’s small business recommendations by the 12-person Joint Select Committee on Cyber-Safety echoed those in an April 2011 report on online privacy by a separate committee that shared two of its members.

The Australian Law Reform Commission (ALRC) also raised the issue in 2008, which found the exemptions “neither necessary nor justifiable” despite the burden compliance would place on businesses.

The Government has not yet formulated a response to that ALRC recommendation.

Although he welcomed parliamentary debate on small business privacy practices, the IIA’s Coroneos said black letter law might not be the solution.

Instead of introducing new legislation, Coroneos recommended that the Government get behind more flexible industry codes of practice.

In 2003, the IIA approached the Privacy Commissioner to register a voluntary Privacy Code of Practice (pdf), designed to target personal information protection and spam.

Those efforts were discontinued due to technical, legal hurdles within the Privacy Act, as well as the introduction of the Spam Act 2003.

“In the internet industry in particular, the environment is always changing. Legislation is not very good at adapting to technological changes,” Coroneos told iTnews.

“I wouldn’t necessarily be arguing for new laws for small businesses; where we need to look is changing the Act to permit the registration of the kind of codes that we were trying to introduce.

“Maybe there’s a middle ground where you might incorporate some of those elements [of the Privacy Act] and not others, and take a granular approach.”

Copyright © . All rights reserved.

Small business privacy laws in parliamentary crosshairs
Top Stories
Content, cost & constant innovation: How Foxtel plans to take on Netflix
Nell Payne inhabits the “brave new world of blue strings and networking”. Just don't ask her to put a TV screen on your microwave.
Sending in the drones
Margins are getting tighter in the industrial services industry, so Transfield Services' Stephen Phillips looks offshore - and to the skies - for the solutions he needs to keep pace.
Westpac fires starting pistol on core banking upgrade
St George readies itself for move to Celeriti.
Sign up to receive iTnews email bulletins
Latest articles on BIT Latest Articles from BIT
Microsoft launches Office for Android preview
May 22, 2015
Microsoft has launched a preview of Office for Android smartphones. Pre-release versions of ...
Microsoft is working on an iOS email chat feature called Flow
May 22, 2015
Microsoft is working on a new chat app, but at the moment we know more about what we DON'T know, ...
Windows 10 free upgrade: Microsoft details who gets what
May 22, 2015
Microsoft was meant to be streamlining its OS with Windows 10, so why is upgrading so confusing? ...
Windows 10 has an edition to suit everyone's needs
May 15, 2015
Microsoft unveils a mind-melting six editions of Windows 10 ahead of its Winter 2015 launch. ...
Firefox 38 FINAL released, debuts new tab-based preferences
May 13, 2015
Mozilla has unveiled the latest version of Firefox 38.0 FINAL for desktop, with Firefox for ...
Latest Comments
Should Optus make a bid for iiNet?

   |   View results