Latest|Risk

Privacy regulations are coming and SMEs must be prepared

secure, cyber-safe
User Image
Vijay Sundaram
May 20, 20243 mins read

Following a series of prominent privacy breaches that exposed the data of numerous Australians in recent years, the Government is taking proactive measures. Policymakers are currently in the process of broadening the scope of The Privacy Act 1988 to encompass millions of SMEs.

With SMEs being brought into the jurisdiction of the Privacy Act, here’s more on what this entails and how SMEs can prepare:

The Privacy Act 1988, then-and-now

The Privacy Act 1988 governs how Australian businesses and government agencies manage personal information. It dictates the procedures for collecting, storing, utilising and disclosing personal data, with the primary objective of safeguarding individuals’ privacy rights. This act is applicable to a majority of private sector enterprises with an annual turnover exceeding AUD$3 million.

However, in the past year, a review led by the Attorney General suggested removing exemptions for businesses with annual turnover below this threshold, including millions of SMEs. This results from an increase in the frequency and severity of privacy breaches. The Australian Cyber Security Centre (ACSC) received over 94,000 reports of cyber crimes during the 2022-23 financial year, translating to one report every six minutes and impacting millions of Australians.

Fail to prepare, prepare to fail

SMEs are not immune to privacy breaches. What is alarming, however, is the limited awareness among SMEs regarding the legislation.

Zoho research found that 46.2 per cent of SMEs know how to respond if they were to experience a privacy breach and only 44.6 per cent have a detailed customer privacy policy. Additionally, 25 per cent would be unable to withstand the financial or reputational repercussions of a privacy breach.

Although it’s impossible for any business to remove the possibility of a data breach, they can take proactive measures to mitigate the risk and minimise the impact if one does occur.

Constructing protection

The research found that 59.4 per cent of SMEs recognise their susceptibility to data breaches but are not proactive in enhancing their data security. Small businesses need to establish a documented data privacy policy that is effectively communicated to their customers and adhered to by their staff. A policy lowers the likelihood of a breach and equips businesses with guidance should they experience one.

SMEs must also be cautious in choosing technology providers. They need to familiarise themselves with the policies of their technology providers and comprehend how these vendors handle data. SMEs should use a browser that adopts a privacy-first approach, providing a secure browsing experience by integrating ad blockers, end-to-end encryption, and features designed to protect data privacy.

It is also imperative that SMEs integrate strategies and protections. For instance, adopting strong encryption protocols ensures the security of sensitive data; regular training sessions for employees promote best practices and mitigate the likelihood of human errors; implementing multi-factor authentication enhances security by adding an additional layer of protection; and regularly updating software and conducting security audits further diminishes risks.

Addressing a security breach

Nearly 350,000 businesses admit to having no understanding of the necessary steps in the event of a breach. Efforts should be made to contain the breach promptly. Affected individuals should be notified and the incident must be reported to the Office of the Australian Information Commissioner (OAIC).

After completing those initial steps, SMEs should conduct an investigation into the breach, identifying vulnerabilities and implementing any necessary security enhancements. By reviewing and revising their privacy policies and procedures, SMEs can improve their ability to mitigate the risk of future breaches.

The technology industry needs to prioritise data privacy, and policymakers should offer support to SME’s to implement protective measures for themselves and their customers. Without this support, SMEs will face increasing risks, stricter regulations, and harsher penalties, leading to unjust and disproportionate impacts.

Recommended by IR
The mums behind Lula Eye Masks bringing calmness to busy women
Start-Ups
The mums behind Lula Eye Masks bringing calmness to busy women
Online platform Mindful Merch offering ‘easy access’ to sustainability
Sustainability
Online platform Mindful Merch offering ‘easy access’ to sustainability
One-stop shop to GET breaking down the barriers to online purchases of local produce
Start-Ups
One-stop shop to GET breaking down the barriers to online purchases of local produce
Yeppoonie Smoothie providing natural, nutritious meal replacements
Start-Ups
Yeppoonie Smoothie providing natural, nutritious meal replacements
Spend With Us shining a light on rural businesses
Start-Ups
Spend With Us shining a light on rural businesses
Author's latest articles
Business intelligence is evolving; here’s how SMEs can benefit
Planning & Management
Business intelligence is evolving; here’s how SMEs can benefit
CRM: Turning relationships and revenue for small businesses
Systems & Software
CRM: Turning relationships and revenue for small businesses
Six sales metrics your small business should analyse in 2024
Sales
Six sales metrics your small business should analyse in 2024
Optimising payment processes: five effective strategies to ensure timely payments
FinTech
Optimising payment processes: five effective strategies to ensure timely payments
Analyse and optimise: driving greater value from your business’s online presence
Digital
Analyse and optimise: driving greater value from your business’s online presence
×
Essential insights delivered straight to your inbox. Sign up now - it's FREE
By submitting your details you confirm you have read our T&Cs and privacy policy.