Breaking Down the Privacy Act Review Report #3: Removal of the Small Business Exemption
By Cameron Abbott, Rob Pulham and Stephanie Mayhew
Currently, most small businesses (with some exceptions) are not covered by the Privacy Act – with the threshold shaping a small business being an annual turnover of $3 million or less. However the Attorney General’s Department recognises that Australians want their privacy protected and that small businesses shouldn’t be excepted from this.
In the long term, proposal 6.1 seeks to remove the small business exemption but only after:
- an impact analysis has been undertaken
- appropriate support is developed
- in consultation with small businesses, the most appropriate way for small business to meet their obligations is determined (propionate to the risk) – e.g. through a code, and
- small businesses are in a position to comply with these obligations.
Proposal 6.2, in the shorter term, seeks to ensure that small businesses comply with the Privacy Act in relation to the collection of biometric information and remove the exemption from the Privacy Act for small businesses that obtain consent to trade in personal information (trading in personal information will mean the Privacy Act applies).Read More