The Council of Small Business Organisations Australia (COSBOA) has expressed relief that the new privacy obligations for small businesses have not been rushed through in the Government’s first tranche of laws.
“The rapid introduction of complex and expanding obligations would have undermined the viability of small businesses already facing a laundry list of more red tape and regulation,” COSBOA CEO Luke Achterstraat said.
The change would have removed the current small-business exemption in the Privacy Act, which would affect businesses with less than $3 million annual turnover. COSBOA explained that the exemption ensured a degree of nuance between small and micro-businesses compared to expectations of large multinational companies.
Achterstraat commented, “Removing the exemption would have also impacted over 1.1 million sole traders who are self-reliant and do not have internal compliance or legal teams.”
Achterstraat also noted that despite the delay, small businesses were already actively processing data with appropriate care and concern in fulfilment of their privacy obligations. However, he added that the costs for compliance would have been significant at a time when many small businesses are on the brink.
“More than half of small businesses surveyed recently said they expected operating conditions to only get worse over the next 12 months. There is never a good time to hoist higher costs onto small businesses, but to do so in this environment would be reckless,” he said.
COSBOA also welcomed the commission of a dedicated cost-benefit modelling report but also added that more transparency was required.
“The failure of government to release its own taxpayer-funded modelling is disappointing, especially considering the time and effort spent by small business in the process. Small business impact statements must be mandatory, and the unique small business experience must be rigorously considered at the Cabinet table, ” Achterstraat said.
“Ultimately the right decision has been made here however, we look forward to working with government on training and awareness programs that provide practical support to small business. With the right tools, resources and guidance the small business sector can continue to develop its privacy and cyber resilience,” he concluded.
