Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Small business privacy laws must be amended: Fed Govt committee

The Joint Select Committee on Cyber-Safety has advised the Federal Government to amend the small business exemptions in the Privacy Act

The Joint Select Committee on Cyber Safety has advised the Federal Government to amend the Privacy Act 1988 to ensure certain small businesses are subject to the requirements of the Act.

In its report on the enquiry into cyber-safety, the committee noted current Australian privacy legislation has exemptions for small businesses with an annual turnover of $3 million, resulting in a large proportion of the private sector not being subject to any privacy laws.

The committee recommended the Federal Government amend the exemptions for small businesses to ensure that those retaining “substantial” quantities of personal information or those which transfer personal information offshore, are subject to the regulations of the Act.

“I have identified in the submission the gaps in privacy laws, with one of the greatest being small business exemption and also the fact that privacy laws do not apply to individuals acting in a private capacity,” the report cited from the submission by the Victorian Privacy Commissioner.

The committee also suggested the Office of the Australian Privacy Commissioner (OAPC) undertake a review of small businesses with “significant data holdings”, and to make relevant recommendations to Government about expanding the categories of small businesses as prescribed in regulations of the Act.

According to the report, Australian organisations which transfer personal information offshore, including small businesses, should ensure the protection of the information at a level “at least equivalent to the protections under Australia’s privacy framework.

“Organisations may not require all the personal information they collect, other than to verify the provider’s identity,” the report reads. “If this information is not kept securely, it can be lost or disclosed to unauthorised persons. It may be transmitted and stored outside Australia, despite national and State/Territory privacy laws.”

“The effectiveness of privacy laws are limited in an online environment. Data is increasingly transmitted and stored globally despite privacy regulation occurring at a state and national jurisdictional level,” the report cited from the submission by the Victorian Privacy Commissioner.

The committee also found the Australian people and industry were divided on the benefits of establishing an office of an online ombudsman to “investigate, advocate and act” on cyber-safety issues.

Those for the creation of ombudsman noted the potential for an investigative function as well as a more transparent reporting location, while those against it reported concerns around duplicating existing facilities, the functions of the office, jurisdictional considerations and the timeliness of procedures.

“... to advocate and act on cyber-safety issues, and would suggest that it could be structured in such a way that enables and promotes engagement with education/academia/research, in addition to police and industry,” the report cited from a submission by the Australian University Cyberbullying Research Alliance.

While the Office of Youth South Australia saw the establishment of an ombudsman office as a step towards addressing the lack of a clear agency to respond to cyber-safety issues and “quite a bit” of public confusion about where to go to seek help.

However, a number of organisations maintained an opposing stance, including the Australia Federal Police (AFP), who “did not see a need for an additional reporting point or investigative structure dedicated to cyber safety. Instead the AFP improved better coordination, longer term evaluation and policy synergies of existing cyber-safety programs.

Several industry groups recently highlighted the need to strengthen the Privacy Act 1988 to make information held by a company available to end users.

Follow Chloe Herrick on Twitter: @chloe_CW

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: APC, Federal Government, Federal Police
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: cyber security, federal government, privacy, security
Latest Blog Posts
Whitepapers
  • Essar Group - Essar Group executives enjoy printing on the move
    Essar Group’s senior management are constantly on the road. So it’s not surprising that the company has become a heavy user of mobile computing solutions to enable them to get their job done. The mobility and productivity of executives; enable them to easily print documents from any company location to any company printer using their smartphone. Read more.
    Learn more »
  • Lost USB keys have 66% chance of malware
    Sophos studied 50 USB keys bought at RailCorp's 2011 Lost Property auction in Sydney. The study revealed that two-thirds were infected by malware, and quickly uncovered information about many of the former owners of the devices, their family, friends and colleagues. Disturbingly, none of the owners had used any sort of encryption to secure their files against unauthorised snoopers.
    Learn more »
  • HP ePrint Enterprise mobile printing solution
    The merger of mobile devices and cloud services has become one of the most significant enablers of business productivity and innovation in the past decade. We now hold the power of communicating and computing in the palms of our hands, nearly anywhere business or life takes us. However, one key business process has eluded the mobility movement: printing. Even the most technically enabled business travelers find themselves hunting down print services while on the road and interrupting IT managers when visiting a branch office simply to print a document. But finally, a truly mobile print experience is available—helping enterprises to drive business productivity further. Read more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments