The Australian government just threw a curveball at the approximately 2.3 million small businesses in Australia with a shakeup of the Privacy Act. Previously exempted from the act, retailers with an annual turnover of $3 million or less will now have to stick to a range of privacy measures, mirroring those imposed on larger enterprises.
The privacy paradigm has shifted. Small and medium-sized retailers must now ensure their privacy policies are meticulously crafted and watertight to align with the revised regulatory framework – or risk putting themselves in the legal firing line. Here are three pivotal ways these changes might affect your small retail business.
Resource reshuffling
Compliance costs could represent a serious challenge for retailers that need to invest in restructuring their processes, systems, and workforce to align with the new privacy obligations.
Beyond mere checkbox ticking, retailers will also need to allocate resources for comprehensive training programs that make sure staff understand and have the processes in place to work within the updated privacy obligations.
Resources will need to be funnelled into seeking informed consent, information handling, and putting processes in place around destroying data when it’s no longer needed.
The government must provide best-practice guidance and advice
The good news is that training shouldn’t be the sole responsibility of small retailers: proactive government efforts, akin to the ATO’s educational approach, must become essential in helping small businesses implement best practices.
The bad news is that too often, the government enforces and penalises but does not offer methodologies, processes, or best practices for retailers to be able to comply effectively. As the compliance rules gain traction, we’ll start to get a clearer picture of the government’s plan to help small businesses improve their privacy processes.
For small businesses, the best bet is to proactively educate yourself on the changes and do everything in your power to implement them in line with the law.
Legal consequences are a reality
Smaller retailers have been thrust into a new world of compliance, grappling with obligations that were once exclusive to their larger counterparts. With these obligations come legal consequences and penalties for getting things wrong.
Retailers are particularly at risk due to the nature of their businesses. Even the smallest retailers collect vast amounts of personal and sensitive information within centralised data storage systems, creating a honey pot of data for attackers. Every time a customer gives their personal information over to a retailer, the retailer shoulders a hefty legal responsibility for looking after that information. And with the new exemptions in place, that weight of responsibility has only gotten heavier.
If you’re feeling in over your head, the cost of a short-term legal advisor may far outweigh the cost of fines and legal action should you encounter a security breach or are found to be contravening the regulations.
Ultimately, the latest privacy changes underscore the fact that privacy is a right, not a privilege. Once compromised, customer privacy cannot be reclaimed, making it essential that retailers of all sizes adhere to the new rules in everything they do.
Now is the time to review, refine, and reinforce your privacy policies. Advocate for support in training initiatives, explore cost-effective compliance strategies, and fortify your legal defences. It’s time to get serious about privacy.
Dr Philip Bos is CEO and founder of BlueKee.