How can we help?

Navigating Australia’s Privacy Act as a Family Business Owner

In response to the recent 2023 changes to the Australian Privacy Act, Peter Gatt at Majestic Computer Technology explores what these changes mean for your business and the family business community.

18 April, 2024
Legal, Partners, Article, Family Business, Family Business Owners
image description
image description
image description

In response to the recent 2023 changes to the Australian Privacy Act, Peter Gatt at Majestic Computer Technology explores what these changes mean for your business and the family business community.

Why would an IT company like Majestic be interested in the Australian Privacy Act? Because we provide advisory services to businesses and help them comply with the law. We ensure your clients/customer data is handled responsibly and in compliance with the privacy act.

Your Role in Safeguarding Privacy

In Australia, most people know about the laws that protect their personal information. But, surprisingly, 89% of businesses remain uncertain about their compliance status.

Family businesses are the backbone of Australia's business community, representing over 70% of all businesses and employing over half of the workforce. As such, it is an imperative for you to be on the front foot in protecting the community your business serves.

There have been recent changes to the Australian Privacy act, bringing it in line with global standards. It now reflects the global nature of data privacy and the importance of international cooperation.

Let's explore what the Australian Privacy Act, and the recent 2023 changes mean for your business and the family business community.

What is the Privacy Act?

Simply put, the Privacy Act is the foundation of Australian privacy law.

Its goal is to protect personal information from being misused or shared without permission.

Personal information includes things like names, addresses, phone numbers, emails, and even health records. The law also gives people the right to see and correct information that companies have about them, and to complain if something goes wrong.

What You Need to Know as a Family Business

Here's what you need to know about the Privacy Act:

  • It Applies to Almost Everyone: Since its review in February 2023, the Privacy Act now applies to almost all Australian businesses. The small business exemption (which used to apply to businesses with an annual turnover of less than $3 million) has been abolished. So, whether you're a small to medium family business or big corporation, the Privacy Act applies to you.
  • The 13 Australian Privacy Principles (APPs): These principles are the key to following the rules. They explain how you should handle personal information - from collecting it and using it, to storing it, sharing it, and keeping it safe. Make sure you know these principles - they're your guide to managing data responsibly.
  • Create a Privacy Policy: Every business under the Privacy Act must have a clear and easy-to-understand privacy policy. This document explains how your business handles personal information. It's not just legal stuff - it shows that you're being transparent. Make sure your policy explains how customers can see and correct their information, and how they can complain if they need to.

What does this mean for a Family Business and Individuals alike.

Acceptance and Agreements 

The Attorney-General gave the thumbs up to 38 of the proposed changes and is considering another 68. The main goal here is to make the law more relevant and effective. It’s a big moment, really—a wake-up call for any family business to take data privacy seriously and protect customer information.

Key Changes Coming Up

  1. Expanding the Definition of “Personal Information”: The new definition will include technical data like IP addresses, cookies, and device identifiers, not just the usual stuff. This means that even data that seems harmless will be protected.
  2. Mid-Tier Penalties: If privacy is compromised but the harm is minor, a new mid-tier penalty will be introduced. It’s a balanced approach, emphasising accountability without being too harsh.
  3. Civil Penalties for Administrative Breaches: Even small breaches won’t be ignored. Proposed civil penalties will hold entities accountable for administrative mistakes, underlining the importance of careful data handling.
  4. Protecting Minors: The updated Act will stop the use of personal information from individuals under 18 for targeted ads and content. It’s a step towards prioritising the privacy rights of our younger population.
  5. Timely Reporting of Data Breaches: Entities will have to report eligible data breaches within 72 hours. Quick action like this ensures transparency and gives affected individuals the power to act.

Beyond compliance, the Privacy Act presents a unique chance for all business types to build trust. By respecting customer privacy and safeguarding their information, you not only comply with the law but also enhance your reputation. In a competitive landscape, standing out as a privacy-conscious organisation can set you apart.

Remember, privacy isn’t just a legal obligation; it’s a commitment to your customers —one that resonates far beyond the fine print.

Where to from here?

Start by conducting a review of your systems and data. Document what you hold and where it is held and investigate whether you really need to hold that data. Your IT provider should already be speaking with you about planning and steps that need to be taken for compliance.

If you’re still not sure, feel free to reach out to us at Majestic for guidance.

By Peter Gatt, Business Development Manager – Majestic Computer Technology

Majestic Computer Technology is an Australian Family Business that has been successfully building and delivering IT solutions in Australia for decades. Established in 1992, Majestic provides advisory, outsourced IT and business automation services to various small and medium-sized clients across multiple industries, including manufacturing, professional services, construction and engineering, health, life sciences and NFP sector.