We are living in the era of “Big Data”. Personal information is the new currency. Customer and user data comprise a valuable asset for business and government. Government access to personal information is ultimately about power and control. For business, the value of personal information lies in the potential for maximising efficiencies, improving productivity and increasing sales.

In March 2014 significant changes to Australia’s privacy laws came into effect to address this phenomenon, at least as regards business users of personal information. The changes introduced a new set of 13 privacy rules called the Australian Privacy Principles (“APPs”).

Basically, the APPs comprise more detailed rules to be followed by credit providers who gather, store and exchange personal information about their customers. These credit providers (a greatly expanded group, now including for example utilities that offer credit terms), must be more open and diligent about managing the personal information of individuals. In that regard a publicly available (online) privacy policy is essential.

At first glance, the new privacy laws do not apply to small business. Those businesses with an annual turnover of $3 million or less are generally not required to comply with the APPs. This seems a generous threshold directed at firms who, arguably are really not in the business of collecting personal information.

However, a “small business” can be caught up in the APP web if it provides services to a big customer, or to government. Because of the legal relations (contracts) the small business enters into with that other party it almost certainly will become obligated to comply with the counterparty’s APP obligations. By extension, the new APPs apply also to small offshoots of overseas multinational enterprises, even though their local turnovers maybe tiny.

However, these exceptions should not matter to small businesses of any reasonable size, for the rationale given above- the era of big data. This phenomenon obliges us all to be mindful of how we deal with information that can identify other individuals. It can be good customer relations, and reassuring to prospective customers for a firm to set out on its website, for example, how it treat the personal information of not just existing customers, but the site’s visitors.

There is a growing expectation amongst people generally that they should be told, and feel reassured, about how their personal information is being dealt with. Businesses (and government) of all sizes will benefit from an increase in consumer trust and confidence, when a business firm demonstrates that it is serious about managing personal information. This standard increasingly applies to all but the most informal micro business, and represents good public policy for all but the most indifferent business person.