More than 45% of small businesses are unaware of the new privacy laws coming into effect from today and even fewer have made any changes to their business.
A survey conducted by SmartCompany with over 200 respondents found small businesses are largely unprepared for the new laws, which could see businesses cop a $1.7 million penalty.
The legislation, which was first passed by parliament 15 months ago, aims to bring Australia’s privacy laws into line with the current technological environment.
The laws will make it more difficult for businesses to collect information about consumers without their knowledge and will also give consumers more control over their ability to opt-out of marketing communications.
SmartCompany asked businesses if they’d made any changes to address the change in legislation, but 90.1% of respondents said they hadn’t.
Of the 9.9% that had made changes, the majority had only spent a small amount of money updating their technology and internal policies.
More than 63% of businesses surveyed had spent less than $500 making changes, however one company had spent between $10,000 and $50,000.
One firm also stated it would be conducting surprise privacy audits in each of its locations around Australia at least once a year.
Of the respondents only 25.8% believed the privacy law changes would impact their business, however Holding Redlich general counsel Lyn Nicholson previously told SmartCompany companies which deal business-to-business are often unaware the laws will apply to them.
“Even if you’re predominantly B2B, some of the changes will impact you,” Nicholson says.
Under the new laws businesses must notify individuals when information about them is collected, how it’s intended to be used and where it is stored.
There are also new requirements regarding data going overseas, as Australian companies will now be responsible if there is a privacy breach offshore and data is leaked.
Of the businesses which recognised the privacy law changes would impact their company, some recognised the laws would impact how they stored their data and their ability to disseminate information, but many were unsure of how they would be affected.
“Possibly. I don’t know enough about it. I have a micro-business,” one respondent said.
While many others also said they weren’t sure, but were looking into the changes.
The laws will apply to businesses turning over more than $3 million a year and collect personal data.
Other small businesses which are health services providers, are related to a larger business, trade in personal information or contract to the Commonwealth will also need to comply.
However, some small businesses which aren’t obliged to abide by the legislation also intend to adopt the policies.
“It’s not mandated as we are a small business, but over time we will try to adapt some into our policies, as they represent good practices anyway,” one respondent says.
Another small business surveyed said the new laws were “common sense” however others complained they just add more red tape and “ridiculous regulation that gums business up and makes people furious”.
“It is quite onerous and the whole privacy thing is getting out of hand. Seriously, most people don’t care, they know their information is being collected and used and don’t care,” another respondent says.