Government must release its analysis of privacy act impact on small businesses, says COSBOA

The peak small business body has demanded Labor provide the cost-benefit analysis conducted as part of milestone changes being considered to the Privacy Act.

Sarah Ison

@@sarsison

2 min read

6:53PMAugust 14, 2024

Council of Small Business Organisations Australia chief executive Luke Achterstraat. Picture: NewsWire / Martin Ollman

The peak small business body has demanded Labor provide the cost-benefit analysis conducted as part of milestone changes being considered to the Privacy Act, with questions remaining over whether a small business exemption will be part of the reforms.

In a letter to Attorney-General Mark Dreyfus, the Council of Small Business Organisations called for the public release of the cost-benefit analysis – which was commissioned to canvas the impact of a small business exemption from privacy regulations being removed – before the government lands on a final position on the long-awaited privacy reforms.

“COSBOA urgently requests that the privacy review taskforce provides access to the CBA as soon as possible so that COSBOA and other interested stakeholders may understand the rationale and methodology behind the government’s position,” the letter, sent last week and seen by The Australian, said.

The letter said that while consulting firm ACIL Allen had completed the analysis, Labor was preventing the data from being made public.

“This lack of transparency is particularly disappointing after many small businesses sacrificed significant amounts of time and expense to provide input … and they deserve the courtesy of being able to read the CBA,” the letter, signed by COSBOA chief executive, Luke Achterstraat, said. “Changes to the act are likely to have a significant impact. Access to the CBA is a key factor in a transparent and effective impact assessment process to ensure additional compliance burdens are not unnecessarily placed on small businesses.”

Small businesses between 'a rock and a hard place'

The letter pointed to a proposal in the Privacy Review Report, which stated that the removal of the small business exemption be done only after an impact analysis had been undertaken. “This would inform what support small business would need to adjust their privacy practices to facilitate compliance with the act,” the report said.

Mr Achterstraat said COSBOA “didn’t understand” how the government could satisfy such a condition “without the release of the CBA for review by the small business stakeholders it impacts”.

A spokesman for Mr Dreyfus said the public expected that personal information collected by businesses would be protected “no matter the size”.

“Any legislative reforms the government decides to take forward which will have an impact on business will be accompanied by a published impact analysis,” the spokesman said. “The Attorney-General looks forward to continuing to work with stakeholders to ensure that small businesses are well-equipped to protect the personal information they hold and use.”

Mr Dreyfus flagged earlier this year that he would bring forward legislation to overhaul the Privacy Act sometime in August to protect Australians from risks including “doxxing” and from their personal information being used maliciously.

The flagged changes follow multiple cyber breaches since Labor came to government, including those impacting millions of Medicare and Optus customers.