The Australian Small Business and Family Enterprise Ombudsman has praised the Albanese Labor government’s move to enhance privacy protections, calling it “right-sized” and “fit-for-purpose.” These measures are part of a broader effort to strengthen privacy laws in Australia, with the government agreeing to implement 38 out of 116 recommendations made by the Privacy Act Review Report. The new laws will have a significant impact, affecting around 2.3 million small businesses. Under these reforms, small businesses with a turnover under $3 million will need to safeguard customer information and inform customers in the event of a data breach. Currently, these businesses are exempt from these obligations. The government plans to provide clear guidance to small businesses on how they can meet their privacy obligations. Attorney-General Mark Dreyfus has stated that the small business exemption will only be removed after conducting an “impact analysis” and a transitional period will be provided to allow small businesses to prepare for the changes. The Albanese government has also agreed in principle to other reforms such as adopting a “fair and reasonable” test for data collection, expanding the definition of personal information to include data that could identify customers, considering the prohibition of targeted marketing based on sensitive information, and allowing Australians to sue small businesses for serious privacy breaches. However, the reforms have faced criticism from the national employer association Ai Group, which argues that they will add additional costs to small businesses and may have unintended consequences on employee relations. The Ai Group supports the need for privacy and data protection but warns against overregulation that could stifle innovation and burden businesses. The privacy reforms are expected to be introduced into Parliament in 2024.