The importance of data protection for Australian SMEs


A breach of data can be devastating for your business. It’s not just the loss of data itself that’s detrimental, but the breakdown of customer trust and loss of reputation.


We only need to look at the recent Census debacle and leaked documents in Panama of high profile world figures to understand that a person’s personal data is highly sensitive and if a business doesn’t manage this properly, the fallout can be disastrous.


As Australian SMEs continue to embrace the myriad of benefits technology brings, data protection has become a critical issue to consider.


A 2016 study from the Australian Information Security Tracker revealed:

  • 61% of large companies use security software compared to 44% of small companies and 45% of medium companies.
  • 55% of large companies use hard drive encryption compared to 30% of medium-sized companies and 24% of small companies.
  • 52% of large companies are more than twice as likely to have network security systems in place as small companies (24%) and medium-sized companies (18%).
  • 45% of large organisations are three times more likely than SMEs (15%) to invest in external services for disposing of confidential information, with improved safety and security cited as the most common reason.
  • 82% of large organisations and 63% of SMEs claim to be auditing their organisation’s information security procedures or protocols at least once a year; a staggering one-quarter of small business owners claim to be rarely or never doing this.


It’s not just big business that should be taking data protection responsibilities seriously; SMEs also need safety guards in place and be able to take reasonable steps to protect the information they collect.  This includes misuse, interference, loss, unauthorised access, modification, the disclosure of any data or information stored by your business. SMEs need to be careful because they face the same vulnerabilities but don’t necessarily have the budget to implement high-level security.


As a business owner, you may be witnessing a change in consumer behaviour with your customers being increasingly concerned with data their protection and the due diligence your business takes to protect their information. Customers are becoming increasingly aware of issues surrounding surveillance, spam, fraud, privacy.


Data Protection: 5 tips for protecting your business


  1. Stay informed

Keep up to date with current Australian laws and legislation around data security.

Privacy Act

Spam Act

Telecommunications Act


  1. Implement a security plan

SMEs should have formal security policies in place including an IT policy.  All employees must read, understand and sign your data security & IT policy. The business should also have an emergency plan if/when something does go wrong. Educate your people.


  1. Limit access

SMEs should limit the access of certain data and information to authorised people. Data can be graded according to levels of sensitivity to make sure that only specific eyes see the most private information.


  1. Retention policy

How long do you keep client documents for before they’re destroyed? Under the privacy act, businesses are required to destroy or de-identify personal information that is no longer needed.


  1. Continually review your data security policies

Don’t set and forget. As technology continues to evolve rapidly, so will Australian laws and legislation. It’s your responsibility to know what’s going on, and that you are doing everything reasonable to protect the data and information of the people you engage with.


New technology may be efficient, but SMEs need to understand the risks and implement sufficient security safeguards. Privacy and safety of personal information have become an expectation, so don’t risk losing crucial business, customer trust and reputation. It will be nearly impossible to recover.


The Office of Australian Information Commissioner has some great resources for businesses.

leave a comment