Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Small business privacy laws must be amended: Fed Govt committee

The Joint Select Committee on Cyber-Safety has advised the Federal Government to amend the small business exemptions in the Privacy Act

The Joint Select Committee on Cyber Safety has advised the Federal Government to amend the Privacy Act 1988 to ensure certain small businesses are subject to the requirements of the Act.

In its report on the enquiry into cyber-safety, the committee noted current Australian privacy legislation has exemptions for small businesses with an annual turnover of $3 million, resulting in a large proportion of the private sector not being subject to any privacy laws.

The committee recommended the Federal Government amend the exemptions for small businesses to ensure that those retaining “substantial” quantities of personal information or those which transfer personal information offshore, are subject to the regulations of the Act.

“I have identified in the submission the gaps in privacy laws, with one of the greatest being small business exemption and also the fact that privacy laws do not apply to individuals acting in a private capacity,” the report cited from the submission by the Victorian Privacy Commissioner.

The committee also suggested the Office of the Australian Privacy Commissioner (OAPC) undertake a review of small businesses with “significant data holdings”, and to make relevant recommendations to Government about expanding the categories of small businesses as prescribed in regulations of the Act.

According to the report, Australian organisations which transfer personal information offshore, including small businesses, should ensure the protection of the information at a level “at least equivalent to the protections under Australia’s privacy framework.

“Organisations may not require all the personal information they collect, other than to verify the provider’s identity,” the report reads. “If this information is not kept securely, it can be lost or disclosed to unauthorised persons. It may be transmitted and stored outside Australia, despite national and State/Territory privacy laws.”

“The effectiveness of privacy laws are limited in an online environment. Data is increasingly transmitted and stored globally despite privacy regulation occurring at a state and national jurisdictional level,” the report cited from the submission by the Victorian Privacy Commissioner.

The committee also found the Australian people and industry were divided on the benefits of establishing an office of an online ombudsman to “investigate, advocate and act” on cyber-safety issues.

Those for the creation of ombudsman noted the potential for an investigative function as well as a more transparent reporting location, while those against it reported concerns around duplicating existing facilities, the functions of the office, jurisdictional considerations and the timeliness of procedures.

“... to advocate and act on cyber-safety issues, and would suggest that it could be structured in such a way that enables and promotes engagement with education/academia/research, in addition to police and industry,” the report cited from a submission by the Australian University Cyberbullying Research Alliance.

While the Office of Youth South Australia saw the establishment of an ombudsman office as a step towards addressing the lack of a clear agency to respond to cyber-safety issues and “quite a bit” of public confusion about where to go to seek help.

However, a number of organisations maintained an opposing stance, including the Australia Federal Police (AFP), who “did not see a need for an additional reporting point or investigative structure dedicated to cyber safety. Instead the AFP improved better coordination, longer term evaluation and policy synergies of existing cyber-safety programs.

Several industry groups recently highlighted the need to strengthen the Privacy Act 1988 to make information held by a company available to end users.

Follow Chloe Herrick on Twitter: @chloe_CW

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: APC, Federal Government, Federal Police
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: cyber security, federal government, privacy, security
Latest Blog Posts
Whitepapers
  • Lower Your IT Costs When You Standardize on Oracle Database 11g
    As business operations become more complex, the demand for change in IT increases, along with the associated risks that must be mitigated. Today’s IT professionals are asked to manage more information and deliver it to their users in a timely manner with ever-increasing quality of service. And in today’s economic climate, IT must also reduce budgets and derive greater value out of existing investments.
    Learn more »
  • Backup and Recovery as we Know it is Changing
    Increasing complexity in the data centre, including the rapid deployment of virtual servers, ever-expanding compliance requirements, and increasing amounts of sensitive data on mobile devices has put more strain on backup and recovery. Read on.
    Learn more »
  • Information Security Policies, Standards and Procedure
    As a result of the adjustments in the way business is conducted, ownership of information does not carry the same clear accountability it once did. Physical and behavioural boundaries used to exist around information management but these can be missing in the modern workplace. Clearly thought-out information security policies, standards and procedures addressing internationally supported standards, will go a long way to addressing the risk exposure these changes have created. In this third paper, “Policies, Standards and Procedures,” we discuss guidelines for effective information security management.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments