Privacy: a very public matter

Proposed changes to the Privacy Act are coming and the ramifications and implications for big and small business are significant and wide-ranging. 

Communications, Digital, Data breach, Public Relations, Strategy

Ray Jordan 29 Feb 2024
3 mins

Proposed changes to the Privacy Act are coming and the ramifications for businesses big and small are significant and wide-ranging. 

The scope and scale of these changes will make privacy a very public issue, initially as businesses embed the processes within their operations to meet the rules, and then, once implemented, as their compliance with the new laws will be put to the test. 

The countdown to bringing the Privacy Act into the digital age is well underway. Already the Government has agreed to 38 of 116 proposals, with the remaining 68 proposals agreed in principle, subject to further engagement with businesses and a comprehensive impact analysis.  

The original intention was for the new Act to be in place by the end of this year, but at this stage it appears more likely it will be some time in 2025. 

In September last year, the Government released its Response to the Privacy Act Review Report, outlining its initial position on the 116 recommendations made by the inquiry. This followed legislation to impose tougher penalties for privacy breaches with additional powers for the Australian Information Commissioner. 

During the remainder of 2024 there will be further consultation with stakeholder groups. This may include removing small business exemption, enhanced consumer rights, and draft legislation seeking public comment.  

Generally speaking, the updates will change the way customer data is managed, requiring businesses to ensure fair and reasonable data practices which comply with new security and data destruction obligations.  

The key aspects of the proposed reforms to the Act include stronger laws to protect children, faster reporting of data breaches, opt-out marketing, the right to be forgotten, and importantly no more exemptions for small business. 

The intention to remove the small business exemption will impose a significant cost burden on them relative to the bigger corporates which have the benefit of scale to amortize their costs.  

The costs include ensuring processes meet the new Privacy law requirements, meeting strict governance to ensure privacy compliance, and maintaining clarity, transparency, and control of personal information in their communication and marketing practices. 

The devil of these changes will be in the detail. And,  with the changes about 12 months off it is timely,  in fact essential, for all businesses, big and small, to begin preparing, and to  start now. 

Even without the detail of the new regulations, a first step is an audit and risk assessment of current practices to identify potential compliance risks in relation to the anticipated changes.  

Staff training will be a key aspect of the transition  – to mitigate the risk of non-compliance.  Staff will need to be well versed in the new privacy regulations, data handling protocols and user rights.   At this point it would also be a good idea to get legal advice to ensure that revised policies and practices align with the evolving legal landscape.  

Big or small, there are a number of considerations for all businesses in preparing for the new laws. For smaller business the costs can be relatively higher. 

  • Compliance costs associated with understanding and complying with stricter privacy laws, may require investing in new technologies, seeking legal advice, and implementing training programs. 
  • More resources may need to be allocated to managing and protecting customer data, to the detriment of product development and marketing. 
  • Revision of data handling practices could  involve implementing new policies and procedures for collecting, storing, and processing customer data. 
  • Increased risk of significant fines for non-compliance resulting in financial loss and reputational damage. 
  • Demonstrating a commitment to protecting customer privacy can enhance trust and reputation for small businesses but failure to comply could equally damage trust and reputation. 
  • There is potential for small businesses to differentiate themselves in the market by communicating prioritised privacy and data protection which would be attractive for customers who value such privacy-aware businesses. 

The road ahead in meeting the requirements of the new regulations will be challenging, but the smart companies have already started. 

For many it will be a significant cultural shift, but given the strict requirements of the new privacy rules and an increasing customer awareness of their right to be protected, adapting is non-negotiable.  

If you are uncertain about what you need to do, or simply don’t have the resources in-house to do it, don’t delay getting the outside help you need.

Ray Jordan More from author

Ray is one of Western Australia’s most highly-regarded corporate communicators and strategists, recognised for his pragmatic and creative approach to major projects across different sectors.

Before moving to corporate communications, he held executive positions in the media – including the role of Deputy Editor of The West Australian – and has a proven ability to craft messages that resonate with both journalists and readers.

Ray’s knowledge of the media and respected corporate counsel at executive and board levels have been demonstrated through his direct involvement in the sale and subsequent partial public float of BankWest, including the communications program for a Scheme of Arrangement for majority shareholder HBOS to acquire the minority shareholding in BankWest.

After a lengthy career in corporate communications and the media, Ray continues to seek challenges and avenues to vent his creativity. He has written about wine for nearly 40 years, including 22 books – the latest of which is The Way It Was, which chronicles the history of Margaret River.

If he’s not writing or tasting wine, he might be found strumming his guitar to Tom Petty or writing travel features, after his regular morning boxing sessions.

More Digital