The Council of Small Business Organisations Australia (COSBOA) is relieved that onerous new privacy obligations for small businesses have not been rushed through in the Government’s first tranche of laws.
COSBOA CEO Luke Achterstraat said that small businesses were already actively processing data with appropriate care and concern.
“The rapid introduction of complex and expanding obligations would have undermined the viability of small businesses already facing a laundry list of more red tape and regulation.”
The current small business exemption in the Privacy Act – for entities with less than $3 million annual turnover – ensures a degree of nuance between small and micro-businesses compared to expectations of large multinational companies.
“Removing the exemption would have also impacted over 1.1 million sole traders who are self-reliant and do not have internal compliance or legal teams.”
Mr Achterstraat said the costs would have been significant at a time when many small businesses are on the brink.
“More than half of small businesses surveyed recently said they expected operating conditions to only get worse over the next 12 months. There is never a good time to hoist higher costs onto small businesses, but to do so in this environment would be reckless.”
Mr Achterstraat welcomed the commission of a dedicated cost-benefit modelling report but said more transparency was required.
“The failure of government to release its own taxpayer-funded modelling is disappointing, especially considering the time and effort spent by small business in the process.”
“Small business impact statements must be mandatory, and the unique small business experience must be rigorously considered at the Cabinet table.”
“Ultimately the right decision has been made here however, we look forward to working with government on training and awareness programs that provide practical support to small business. With the right tools, resources and guidance the small business sector can continue to develop its privacy and cyber resilience.”