It’s free to join the Victorian Chamber Community!

Sign up and receive the latest business news and updates, opportunities to network and shape Advocacy from Victoria’s largest and most influential partner.

It’s free to join the Victorian Chamber Community!

Privacy Act changes to impact business

05 October 2023

All Australian businesses are set to be impacted by the Federal Government’s commitment to stronger data privacy protections in its response to the review of the Privacy Act.


The review, held after several high-profile data breaches last year, considered how to respond to the breaches and strengthen the Privacy Act 1988, which was created well before the technological advancements of the 21st century.

The Federal Government has responded and agreed in-principle with many of the proposals, one of which includes reversing the exemption of small businesses from the Privacy Act.

Currently, most small businesses with an annual turnover of $3 million or less are exempted from the Act.

The review notes that, previously, “most small businesses posed a low risk to privacy and that compliance costs would disproportionately and unreasonably burden small businesses”.

“However, feedback provided to the Review is very clear – the community expects that if they provide their personal information to a small business it will be kept safe and not used in harmful ways.”

Therefore, the Federal Government agreed in-principle that the small business exemption should be removed due to the privacy risks in the digital environment.

Individuals who suffer loss or damage because of an interference with their privacy would also be able to seek compensation for breaches of the Act.

Acknowledging the significance of these proposed changes, the Federal Government agreed further consultation is needed to assess the regulatory burden for business and determine what support would be required to meet compliance obligations.

The Victorian Chamber has previously stated that it believes businesses must ensure the community can trust them with their personal information but legislation changes must balance the need for greater data protection without adversely burdening business.

The Australian Chamber of Commerce and Industry (ACCI) has been advocating on this matter and said it “is concerned about the increase in the compliance burden of small businesses with the exemption removal, [but] we are supportive of the department recommending that an impact analysis, appropriate transition period and support package should be consulted on first for small businesses to cope with this massive change.”

The Federal Government said it will also consider appropriate transition periods as part of any legislation update, with a final report due in 2024 addressing next steps.

Other proposals

As part of the review the Federal Government also agreed in-principle to other proposals, including:

  • giving individuals greater control over their privacy by requiring entities to seek informed consent about the handling of personal information
  • establishing stronger protections for children, including the introduction of a Children’s Online Privacy Code
  • making entities accountable for handling individuals’ information and enhancing requirements to keep information secure, including destroying data when it is no longer needed
  • providing entities with greater clarity on how to protect individuals’ privacy and simplifying their obligations when handling personal information on behalf of another entity.

The Victorian Chamber also previously noted that the review would propose changes to employee records.

Employee records of current or former private sector employees are exempt from the Privacy Act. The review said the original rationale for this exemption was that employee privacy was better regulated through workplace relations laws.

The Federal Government said that it is likely that this proposal will be conducted as a standalone consultation stream due to the technical nature of the overlap with workplace relations legislation.

“The Government agrees in-principle that further consultation should be undertaken with employer and employee representatives on how enhanced privacy protections for private sector employees may be implemented in legislation. This should include consideration on how privacy and workplace relations laws should interact. Implementation of reforms to the employee records exemption should consider the impact and timing of new privacy obligations on small businesses.”

The full proposals can be read via the Government response to the Privacy Act Review Report.

Memberships for wherever you are in business

Hard times. Good times. Crunch time. Growth time. We’re here to support you at all those pivotal times in your business life. We’ve now tailored our range of memberships to fit wherever you are in business – today and well into the future.

Memberships for wherever you are in business

Restricted Page

You are being redirected to our login page!