Ahead of large-scale parliamentary changes that will see many businesses face increased fines and penalties for breaches, the report found that only 35% of small businesses surveyed have a defined, documented and enforced policy regarding personal data collected, used and disclosed through their business.
Presently, only businesses with a turnover of more than $3million, and select other organisations, must be compliant. However, all businesses as a matter of best practice have a duty to protect their businesses and the data of those using it. Those that don’t could be more susceptible to breaches, which are increasing in both regularity and severity.
“Data privacy is one of the defining issues for the business community today. Unfortunately, confusion and uncertainty reign supreme among Australia’s small businesses,” said Vijay Sundaram, chief strategy officer at Zoho.
“Many of those who must be compliant with proposed regulatory changes are desperately unprepared, while the vast majority — whether the Privacy Act applies to them or not — are very vulnerable to a breach that could have significant consequences.”
Mr Sundaram said it is easy for small businesses to overlook their responsibilities when it comes to data privacy, but the threat and the potential cost is real.
He said: “Small businesses cannot be expected to become privacy and cyber-security experts, so the technology industry and policymakers must make awareness, education and action among these businesses a top priority. Otherwise, with regulation becoming more stringent, penalties more severe and attacks more prevalent and damaging, small businesses will be unfairly and disproportionately impacted. For them, a breach could be catastrophic.”
Third-party “cookies” have in many ways come to define the debate around data privacy. However, many small businesses are unaware and ambivalent about their use. One in three (33%) are entirely unaware that tracking occurs via cookies in their business in the first place, and a further 32% are aware that it happens but do not communicate it to their customers.
Slightly fewer than half (43%) are either uncomfortable or very uncomfortable with their customers’ data being used by companies they had no direct relationship with, 32% were ambivalent while 25% are either comfortable or very comfortable with their customers’ data being accessed.
“Australia is a nation of entrepreneurs, and while running a small business should be celebrated and encouraged, there are critical data requirements,” Mr Sundaram continued. “Operating a business — no matter the industry — in a COVID-normal world will be dependent on collecting more data — for health and safety measures and as a competitive advantage — than ever before. The reforms are designed to protect, but they must allow adequate time to, first, educate small businesses about their requirements and then ensure that they’re compliant.”
Almost half (44%) of the businesses allow tracking on their website to share content on social media sites — some of which have been involved in well-documented privacy breaches. Almost a quarter (21%) use third parties to track advertising activity. Google (30%) and Facebook (25%) are the dominant platforms, garnering over half of all small business advertising activity.
Support needed for education, retail
Few industries have changed more drastically in the wake of the pandemic than education, with millions of students participating in remote education. Not only do the majority of education providers not have a defined, documented and enforced policy, but they are also three times more likely to say technology vendors had done a bad or unsatisfactory job of explaining data tracking (39%) than those who had done a good job (14%).
“We use multi-factor authentication, secure blockchain signed documents, password protection and generator tools, so we’re comfortable that we have the systems in place to provide the safety and security that our clients deserve. However, hackers are becoming more aggressive and sophisticated, so we have to be smarter and more diligent in safeguarding our business. The safety of our clients and the reputation of our business depends on it.”