Privacy Exemptions for Small Business

Date: Aug 02, 2011
Document Type: Newsletter

Recent events regarding the abuse of privacy in the UK, namely the News of the World scandal and its subsequent closure, have prompted a wider debate about privacy and privacy legislation in Australia. To date, The Privacy Act exempts businesses with an annual turnover of $3 million or less. Telecommunications service providers, however, do have obligations under the Telecommunications Act, with regards to the use and disclosure of information, but this does not address issues such as collection and storage of personal information. In general, small businesses, are exempt.

The Australian Law Reform Commission, for some time, has called for the regulation information handling by Telecommunications Service providers, stating that

“The risks to privacy posed by small businesses are determined by the amount and nature of personal information held, the nature of the business and the way personal information is handled by the business, rather than by their size alone. The ALRC notes that the telecommunications industry is increasingly handling large amounts of personal information. It is appropriate that the handling of personal information by these organisations is regulated by the Privacy Act.”

For further information on the ALRC stance, visit

In June 2011, the Joint Select Committee on Cyber-Safety called for an amendment to the Privacy Act 1988, including small businesses under the requirements of the Act. Many other voices have added their weight to this request, to ensure that small businesses who hold substantial amounts of personal information about clients and also often transfer this information offshore are held accountable under The Privacy Act. A government review of small business with significant information holdings was also demanded, with the view to amending current legislation.

As well as concerns about online information and cyber-safety, there are growing concerns with regards to privacy in the public sector.

Current Exemptions for Small Business

Under the Privacy Act 1988 most small businesses are exempt from compliance with a set of 10 standards known as the National Privacy Principles (NPPs). The definition of a small business is a business with an annual turnover of $3m or less. Some categories of business do have obligations, such as, those that provide a health service or hold health information, trade in personal information, trade information for a service or benefit, provide a service in order to gain information, are contracted service providers for the Commonwealth government, or are a reporting identity under the Anti-money Laundering and Counter-terrorism Financing Act 2006.

The Act also contains an Employee Records exemption for information directly related to a current or former employment relationship. These records might contain information on health, engagement, training, resignation, terms of employment, personal and emergency details, performance and conduct, and taxation, banking or superannuation affairs.

Contact your solicitor for up-to-date information of your compliance exemptions and obligations under the Privacy Act 1988.

Applying for Business Loans
Date: Sep 02, 2010
Australian Consumer Law
Date: Apr 01, 2011
Being Sued
Date: Nov 02, 2010
Closing your Company
Date: Feb 02, 2010
Consideration in contract law
Date: Jun 10, 2015
Contract: the rules of the game
Date: Jun 15, 2015
Goods Shipping and the Law
Date: Oct 01, 2012
Insurance Basics
Date: Feb 03, 2011
PPSA Protection and Perfection
Date: May 25, 2015
Security for Costs
Date: Aug 08, 2010
Social Media and your Employees
Date: Apr 03, 2010
Social Networking in Business
Date: Jul 05, 2011
Tax Time Record Keeping
Date: Aug 03, 2010
Trusts and family law disputes
Date: Jul 06, 2015
What is a guarantee?
Date: Nov 10, 2014
What is consideration?
Date: Sep 14, 2014
When should a warning be given?
Date: Sep 14, 2014
Why Choose Bankruptcy?
Date: Dec 14, 2007
Working with Contracts
Date: Mar 02, 2011
Back to Publication List