“Ai Group supports the need to provide the public with confidence that their privacy and their data is being handled safely and responsibly. However, over-regulation has the potential to chill innovation and add costs to business,” Innes Willox, Chief Executive of the national employer association Ai Group said today.
“We are concerned about the proposed removal of the exemption for Small and Medium Enterprises under the Act.
“Any proposal that has the effect of narrowing the current employee records exemption could have far-reaching implications, constraining how employers manage the employment relationship and comply with their workplace law obligations – many of which are increasing under recent IR reforms.
“What may be seen as a modest and targeted modification to the employee exemption may still have profound adverse and unintended consequences on a range of matters, such as employee and community safety.
“We acknowledge that there is support being offered to assist SMEs to comply with new regulations. However, it needs to be recognised that compliance to these rules is an ongoing adaptive process as technology and business practices change.
“Support cannot be regarded a ‘set and forget’ proposition; rather Government and industry must work in partnership for the long term to support privacy considerations without stifling innovation.
“We welcome the Government’s commitment to further consult with industry on this issue and Ai Group is ready to work with the Government to find a balanced resolution.
“Ai Group has long advocated for international regulatory cohesion in digital and privacy rules. We welcome the attempt to align with the rules of our trading partners. However, there is a risk that we make limited facsimiles of external rules, with far reaching consequences in the Australian context, without achieving the benefit of automatic reciprocal coverage.
“Of particular concern is the introduction of a requirement of a Data Protection Officer and a Data Impact Statement and the risk of increasing the regulatory burden on Australian businesses, especially public-facing businesses. Again, we encourage lengthy consultation with a wide range of organisations to avoid regulatory overreach.
“We advocate for the principle of Data Stewardship, which reflects the obligations and responsibilities of businesses of all sizes and industries in managing data collected in the usual course of business or as part of the business model. It reflects both the governance requirements and responsible utilisation of data and covers technological and behavioural strategies. It also addresses the safe disposal of data at the end of its usefulness,” Mr Willox said.
Ai Group’s submission to the Privacy Act Review Discussion Paper March 2023
