privacy keyboard button

Data privacy statistics

Small businesses falling short in data privacy obligations

The vast majority of Australia’s 2.4 million small businesses are inadequately prepared for sweeping changes to the Commonwealth Privacy Act, according to new research from leading global technology platform, Zoho, which found that only one-third of small businesses currently have a defined and documented data privacy policy.

The research found that one in every four businesses (27 per cent) either do not have a data privacy policy or are unsure if they do. The remaining 38 per cent have an informal policy, an unenforced policy, or have not read their policy.

“Data privacy is one of the defining issues for the business community today. Unfortunately, confusion and uncertainty reign supreme amongst Australia’s small businesses,” said Vijay Sundaram, Zoho’s Chief Strategy Officer.

“Many of those who must comply with proposed legislative changes are woefully unprepared, while the vast majority – whether the Privacy Act applies to them or not – are highly exposed to a breach with serious implications.

“It’s still too easy for small businesses to overlook their responsibilities when it comes to data privacy, but the threat and the potential cost is real.”

He added that the technology sector and regulators must prioritise awareness, among small businesses.

“Small businesses cannot be expected to become privacy and cybersecurity experts, so the technology industry and policymakers must make awareness, education and action amongst these businesses a top priority.

“Otherwise, with regulation becoming more stringent, penalties more severe and attacks more prevalent and damaging, small businesses will be unfairly and disproportionately impacted. For them, a breach could be catastrophic,” Mr Sundaram said.

Credit: Zoho

What is the Commonwealth legislation for privacy?

As per the Office of Australian information Centre (OAIC), the Privacy Act was enacted to promote and safeguard individuals’ privacy and to govern how Australian Government agencies and organisations with annual revenues of more than $3 million, as well as some other organisations, handle personal information.

What are the suggested changes to the legislation?

Currently, the majority of Australian businesses are exempt from compliance with the Privacy Act because of the small business exemption. The small business exemption is a monetary threshold that exempts businesses with annual revenue of less than $3 million from the Privacy Act. The OAIC has proposed that the exception be repealed as part of Australia’s various privacy reforms.

Employers who handle employee records are also exempt from the Privacy Act. The OAIC has proposed that this exception be also deleted.

Third-party persistent cookies

Third-party persistent cookies, often known as tracking cookies, are saved in the memory of your device and have an expiration date.

Third-party persistent cookies, on the other hand, are accessed on websites that did not create them. This enables the cookie’s creator to gather and receive data whenever the user visits a page containing a resource that belongs to them.

Credit: Zoho

Slightly less than half (43%) are either uncomfortable or very uncomfortable with their customers’ data being used by companies with which they have no direct contact, 32% are ambivalent, and 25% are either comfortable or very comfortable with their customers’ data being accessed.

The fact that one in three were unsure highlights the importance of education and awareness. This, however, is lacking.

Only 20% of small businesses say third-party providers have done a good job of clarifying how their data is utilised. In comparison, 31% say suppliers have done a poor or inadequate job, and another 31% haven’t even explored the topic, indicating that basic awareness is lacking.

“Australia is a nation of entrepreneurs, and while running a small business should be celebrated and encouraged, there are critical data requirements,” Sundaram continued.

“Operating a business – no matter the industry – in a COVID-19 -the normal world will be dependent on collecting more data – for health and safety measures and as a competitive advantage – than ever before.

“The reforms are designed to protect, but they must allow adequate time to, first, educate small businesses about their requirements and then ensure that they’re compliant.”

Almost half (44%) of the businesses allow tracking on their website to share content on social media sites – some of which have been involved in well-documented privacy breaches. Almost a quarter (21%) use third parties to track advertising activity.

Google (30%) and Facebook (25%) are the dominant platforms, garnering over half of all small business advertising activity.

Support needed for education, retail

According to the Office of the Australian Information Commissioner (OAIC), the three most common industries to experience and report a data breach are financial services, healthcare and education.

While almost half of the financial services and healthcare bodies have strong policies and practices, only 22% of educational institutions have a defined, documented and enforced data privacy policy.

Credit: Zoho

Few industries have changed more drastically in the wake of the pandemic than education, with millions of students participating in remote education. Not only do the majority of education providers not have a defined, documented and enforced policy, but they are also three times more likely to say technology vendors had done a bad or unsatisfactory job of explaining data tracking (39%) than those who had done a good job (14%).

With lockdowns closing highstreets for prolonged periods, eCommerce sales have reached new heights over the last 18 months. Despite their reliance on online channels, fewer than one in three retailers (31%) have a defined, documented and enforced data privacy policy; a grave figure as the busy retail season approaches.

“The nature of our business means that we handle incredibly personal, private information. We’re required to obtain 100 points of identification – including a passport, driver’s licence, date of birth – from every client and store information in an incredibly discreet, circumspect and sensitive way.

“We have to demonstrate to the regulator that we can keep our client’s data safe, and a strictly enforced privacy policy that we communicate to our clients,” said Ray Trevisan, Fund manager/Director at OTG Capital.

“We use multi-factor authentication, secure blockchain signed documents, password protection and generator tools, so we’re comfortable that we have the systems in place to provide the safety and security that our clients deserve.

“However, hackers are becoming more aggressive and sophisticated, so we have to be smarter and more diligent in safeguarding our business. The safety of our clients and the reputation of our business depends on it.”

Source: SMEs falling short in data privacy obligations: Zoho Report. (2021). Retrieved October 2021 from Dynamic Business

E-invoicing an easier way to invoice

What you need to know about e-invoicing

Most Australian businesses use invoices in some form, either sending them to their customers or to receive bills.

The way they do so, though, can soon change with e-invoicing, the latest government initiative to improve digitisation by equipping small businesses with a new tool to streamline their operations.

E-invoicing is a way to exchange invoices with other businesses that removes the hard parts and makes the whole process faster, more secure and more efficient.

Businesses that adopt e-invoicing can save, too. Each time an e-invoice replaces a paper or PDF invoice, it can save a business up to $20. This can add up fast for the 89 per cent of Australian small businesses (and their bookkeepers) still processing paper or PDF invoices manually.

We know it’s a challenging time for many small businesses right now without adding more to the mix. Since e-invoicing is just starting to roll out in Australia, you won’t see any big changes yet.

Instead, now is the time to register so you can easily get started when it’s ready for wider use – and don’t worry, it only takes a few minutes. With more big businesses and government departments getting on board, take a moment to get familiar with e-invoicing and prepare for the future.

So, what exactly is e-invoicing and how is it different to what I already do?

E-invoicing is a new addition to the toolkit of how Australian small businesses send and receive invoices and bills. Normally, invoices are created in accounting software or manually in a word processor and sent via insecure email or printed and posted. Businesses, or their advisors, then enter the data into their system, manually or with the help of automation tools like Hubdoc, before making payment. E-invoicing, on the other hand, is a way for businesses to exchange invoices directly between accounting systems, removing manual data entry.

What are the benefits of e-invoicing?

E-invoicing promises to make life easier for small business owners and bookkeepers who spend time managing invoices and bills. And since most small businesses trade with each other, they’ll feel the effects fast. For businesses that work with larger organisations or government agencies, they will find it easier to handle the payments process.

Other benefits also include:

  • Speedy payment times: Paying invoices is faster since they arrive as a pre-populated bill, ready to be approved. This reduces the need to manually extract information saving on the admin time. Plus, some government agencies are already committing to faster payment times.
  • Reduced errors: Less manual input reduces the risk of errors being made as well as minimise the likelihood of invoices getting lost in transit.
  • Increased efficiency and accuracy: Standard fields ensure all data is exchanged from ‘machine to machine’. This means invoices pass through fewer hands to get to their destination, so there’s less chance of human error or something going wrong.
  • Greater security: Invoices are exchanged through a secure e-invoicing network, with no human intervention, reducing the risk of fraud. This gives you peace of mind that an invoice will reach the right customer safely.
  • Cash flow visibility: Sending and receiving e-invoices gives a more accurate, complete and timely picture of your cash flow. With all your invoices and bills stored in a single ledger, you can see how your business is performing at any given time and use this to make informed decisions.

What if I already manage invoices electronically, such as in Xero?

E-invoicing differs from other ways of sending invoices as it is software-to-software using the secure, global Peppol network. Think of this as a custom-built way of exchanging invoices when compared to email or the post.

If you already use Xero, sending e-invoices won’t be too different from your usual process. Rather than pushing a button and generating an email, it’ll instead send the e-invoice straight to the recipient’s e-invoicing compatible accounting software (this means it can also access the Peppol network). It will, however, make it easier to know if something’s gone wrong – like if it can’t be delivered to the recipient.

What will change is how you receive invoices. Incoming e-invoices show up automatically in Xero as a draft bill to be approved – no more digging through emails and entering details one-by-one. This will all be included within your Xero subscription.

Can I start using e-invoicing right away?

E-invoicing is a little like sending an email. For it to work, both parties need to be signed up to a provider and connected to the internet. Instead of an email address, however, you will use your ABN. Yes, the same one that’s on all your invoices already. Since it’s early days for e-invoicing, you’ll need to wait until other businesses register to the Peppol network before being able to send or receive invoices with your usual business contacts.

Tell me, why should I register now?

Each business that joins the network means you’re one step closer to accessing the many benefits of e-invoicing. Register now and join the growing number of Xero customers that are already connected. Once your suppliers are on board, you can sit back and watch the bills roll in.

What if I work with government agencies?

Australian businesses that work with certain government agencies can get started right away. Why’s that? Some departments of the Australian government are already using e-invoicing and have committed to paying invoices within five days – much faster than the current average payment times of 23.3 days. The largest federal government agencies can already receive invoices electronically (the smaller ones need to transition by 1 July 2022) and government agencies in New South Wales (NSW) must make the switch by 1 January 2022. So, reach out to your government customers to see whether they’re ready to receive e-invoices.

How do I sign up for e-invoicing?

Registering for e-invoicing is quick, easy and free within Xero – you can do it in just a few minutes. The one registration is required to make sure your incoming e-invoices are delivered to Xero as a draft bill.

Is there anything else I should know?

Xero is working with government agencies and large companies to bring important partners onto the network and improve the benefits for small businesses. Expect to see some familiar names being able to send monthly accounts via e-invoice soon, straight into your draft bills in Xero.

Take a moment now to familiarise yourself with e-invoicing and set your business up so you’re ready to go as the network grows.

Get onto Xero

Xero is Australia’s most popular cloud-based bookkeeping and accounting software. Transform your business with real-time financial reports by making the switch to Xero. Join the Xero tribe today!

Source: Xero

ticking clock

Director identification numbers

Preparing for director IDs

If you want to become a director or are already one, you’ll need a director ID.

Director identification numbers (director ID) are a new requirement for all company directors, designed to help combat illegal activity by making it easier to trace directors’ relationships with companies.

Company directors have been given 12 months to apply for an ID.

A director ID is a unique identifier you need to apply for once and will keep forever. It will help prevent the use of false or fraudulent director identities.

Australian company directors have one year to apply for their unique director identification number before fines of over $1.1 million are issued for non-compliance.

All directors of a company, registered Australian body, registered foreign company or Aboriginal and Torres Strait Islander corporation will need a director ID.

How to apply for your director ID

Directors can apply for a director ID from November 2021 on the new Australian Business Registry Services (ABRS), a single platform administered by the Commissioner of Taxation that brings together ASIC’s 31 business registers and the Australian Business Register.

The fastest way to get a director ID is to apply online. It’s free to apply and you only need to apply once. Directors must apply for a director ID themselves and will be required to produce myGovID along with two identity documents from a list, including their bank account details, super account details, ATO notice of assessment, dividend statement, Centrelink payment summary and PAYG payment summary.

While existing directors will have a year to apply for their director ID, new directors appointed between 1 November 2021 and 4 April 2022 will have just 28 days after appointment to apply for their director ID.

New directors who are appointed from 5 April 2022 will be required to apply for their director ID before appointment.

The director ID will be attached to a director permanently, even if you cease to be a director, change your name, or move interstate or overseas.

Once you have obtained your director ID, there are important steps you can take to help you use, view and update your details.

How we help you

Looking for a Xero Certified Bookkeeper for your business? Are you drowning in paperwork? Cash flow problems keeping you awake at night? Learn how Notch Above Bookkeeping can solve all these problems here or call our business bookkeeping team Australia-wide on 1300 015 130.

green payroll binder

Stapled super funds

Extra ‘super’ step when hiring new employees

Most new employees are eligible to choose the super fund into which employers pay their super guarantee contributions.

Currently, when a new employee doesn’t choose their own super fund, the employer must pay super contributions into their default fund.

From 1 November, if any new employees start, the employer may have an extra step to comply with the choice of fund rules.

If a new employee doesn’t choose a super fund, the employer may need to request their ‘stapled super fund’ details from the ATO.

A stapled super fund is an existing super account that is linked, or ‘stapled’, to an individual employee so that it follows them as they change jobs.

The change aims to reduce account fees by stopping new super accounts from being opened each time they start a new job.

From 1 November, employers will be able to request stapled super fund details for new employees using Online services for business.

What employers can do now

To make sure you’re ready when the time comes, check and update the access levels of your authorised representatives using Online services on behalf of your business. This will also protect the personal information of your employees.

Please contact Notch Above’s Business Bookkeepers Australia-wide on 1300 015 130 if you have any queries about stapled super funds prior to 1 November. We are Xero Platinum Certified bookkeepers operating via Xero cloud bookkeeping.

Source: ATO