Counting the cost of privacy

WHILE privacy is growing as an issue of a size likened to Y2K or the GST, many small business owners can breathe a sigh of relief.

Small businesses that turn over less than $3 million will be exempted from the Privacy Act unless they are:

p a health service provider that holds health records;

p in the information collection and dissemination business;

p a contracted service provider for a Commonwealth contract; or

p related to a business with a turnover of more than $3 million.

The business also must prove it is providing a benefit, service or advantage by collecting personal information.

Health service providers have to comply with the Privacy Act from December 21 this year whether they turnover less than $3 million or not.

Those small businesses not covered by the exemption, but not providing health services, have until December 21 2002 to comply with the Privacy Act.

Privacy Commissioner Malcolm Crompton said exempted small businesses would only come under the Privacy Act if they were planning to sell their database.

“A small business, through the act of selling data, would become regulated,” he said.

Mr Crompton said the extra time given to most small businesses affected by the Act was recognition of the effect the Act would have.

The Privacy Commission suggests small businesses could benefit from complying with the legislation – whether they are exempt or not – through improved consumer confidence and trust. To comply with the Act, businesses need to undertake a privacy audit, appoint a privacy officer and develop a privacy plan.

The cost of holding a privacy audit has proved a disincentive to many small businesses, but auditing companies such as etick have brought out affordable audit packages.

etick executive director Mark Sumich said his company charged around $5,000 to audit a business.

etick audits in WA are carried out by the Internet Business Corporation.

Deacons Lawyers partner Mark Fitzgerald said the Privacy Act would prove problematic for many businesses because there was no body of law to support it.

“The Privacy Commissioner has published a series of guidelines to support the 10 National Privacy Principles,” he said.

“These guidelines are not law but provide some insight into how the commissioner thinks he ‘might’ interpret the NPPs in the future and the guidelines use very broad language.”

Add your comment

BNIQ sponsored byECU School of Business and Law


6th-Australian Institute of Management WA20,000
7th-Murdoch University16,584
8th-South Regional TAFE10,549
9th-Central Regional TAFE10,000
10th-The University of Notre Dame Australia6,708
47 tertiary education & training providers ranked by total number of students in WA

Number of Employees

BNiQ Disclaimer