Prepare for change: Australia Privacy laws to get an overhaul

The Australian Government has agreed to update its privacy laws, which means it’s never been more important to be proactive with your privacy policies and practices.

With reform imminent, your business should start preparing for the changes now and if you don’t have a privacy policy, now’s the perfect time to get one.

What key changes will impact my business?

1. Removing the small business exemption

This exemption currently allows businesses with an annual turnover of less than
$3 million to avoid complying with the Privacy Act. Once removed, all businesses, big or small will need to comply with the Privacy Act and the Australian Privacy Principles. This means you will legally need to have a privacy policy.

2. Expanding the definition of “personal information”

The definition will be expanded to include inferred information. Several exemptions will also be removed or reduced.

3. Requiring Privacy Impact Assessments to be undertaken for high-risk activities

High risk activities include things like using facial recognition.

4. Granting individuals rights similar to Europe’s GDPR

Some rights under the GDPR include the right to erasure and the right to object.

5. Obtaining consent for cookies and having visible opt-ins for location tracking

If your business uses cookies on its website, you will need users to actively provide consent before enabling services such as Google Analytics.

6. Disclosing how AI or automated decision-making systems make decisions

This will be crucial if your business has started using AI to make content or communicate with customers.

7. Increasing the penalties for breaching the law

This means your business could face harsher consequences for not complying with the privacy act.

What can I do to protect my business?

These changes could start taking effect soon. Acting early is paramount for
protecting your business. The first thing to do is to understand where your business is now. Audit your business’s current practices, processes, and systems for handling information. If you don’t already have one, you’ll also need a privacy policy.

Some other things your business can review include:

  • Data handling processes;
  • Privacy policies;
  • Client or customer consent processes;
  • Cybersecurity protections;
  • De-identification and data destruction policies;
  • Privacy impact and risks; and
  • Employee privacy training.

Is there anything else I should know?

Cherrypicka is closely monitoring these developments and will be updating our
privacy policy docs to make sure they remain legally compliant. We’ll update you as soon as we know more.
If you want learn more about privacy policies, you can read our blog about them here.

Recent Posts