INTHEBLACK November 2023 - Magazine - Page 17
Green’s advice for smaller accounting firms
and their small business clients is, the sooner
you start preparing, the better.
“The removal of the small business exemption
is one of the recommendations [of the review].
This may see many smaller professional
services firms having to meet the revised higher
standards for privacy protection,” he says.
“While the reforms don’t have a specific
timeframe, this should not stop firms from
taking action now, as the legislation is lagging
the risk, which is in the here and now.
“Firms should declutter their existing data
and take steps to remove unnecessary personal
and sensitive information – such as those
items retained for one-off identity-verification
exercises. They should also review processes for
future handling of personal and sensitive data.”
The risks of storing a client’s information
indefinitely – just in case it may be useful in
the future – far outweigh the rewards. This
could also expose companies to legal action in
the event of a data breach. Current legislation
already requires that personal information not
be retained beyond the period for which it was
collected, unless another legal obligation applies.
BEST PRACTICE OPPORTUNITY
Dr Bruce Baer Arnold, associate professor
of business, government and law at the
University of Canberra, advises companies
to follow “best practice” in dealing with
client data. This is to protect their own
interests, in addition to their clients’.
“Best practice means, firstly, you don’t
collect information just because you can
collect information,” says Arnold.
“Secondly, the information that you’ve got is
stored securely and only used properly. Thirdly,
don’t keep it forever.”
Change on a large scale will mean an
increased cost for many companies, but Arnold
says there is some good news. “Strengthening
your cybersecurity processes, your data
management processes, should be assisting you
to strengthen your overall processes.”
Organisations such as the Business Council of
Australia are calling for caution and care when
planning and implementing the reform. In its
submission as part of the Privacy Act review,
the Council raises concerns around potential
barriers to Australia becoming a leading digital
economy and its international competitiveness.
Submissions made include detailed advice for
small businesses should the small business
exemption be scrapped.
Others, such as the Digital Industry Group Inc.
(DIGI), an association that advocates for members
including Google, Meta and Apple, are broadly
optimistic. DIGI’s managing director, Sunita Bose,
says the changes to privacy should be welcomed,
despite any challenges they may present.
“While the implementation of new data
systems and customer service channels
will be time-consuming for companies that
don’t already honour personal information
access and erasure requests, these kinds
of consumer protections could give
Australians more confidence in engaging
with service providers,” Bose says.
Arnold and Given agree that consumers and
consumer confidence will be the big winners.
This will benefit companies that adapt quickly
and embrace new, safer ways of operating.
LISTEN
to an INTHEBLACK
podcast on bad
data, big data and
the future of data
READ
an INTHEBLACK
article on data as
the new “trans fat”
READ
an INTHEBLACK
article on ESG
and data security
READ
an INTHEBLACK
article on 13 ways
to improve
digital privacy
intheblack.cpaaustralia.com.au 17
