One in three small to medium businesses are oblivious to privacy changes which take effect today and could face fines of up to $1.7 million.
That's according to the latest SME research from financial services and research firm Core Data, which has found one in three business are unaware of the impacts of changes to the Privacy Act, which relates to how businesses cap capture, handle, use and process personal information.
The changes to the Privacy Act also affect how SMEs use personal information for direct marketing and the disclosure of personal information to people overseas.
The new research, which surveyed a range of SMEs that may be impacted by the Privacy Act, found 37 per cent of respondents are not aware of changes to the Privacy Act or their potential impact.
On the flipside, 40 per cent believe the changes to the Privacy Act won't impact their business.
Core Data managing director, A/NZ, Mark Cleaver, said he was concerned that 16 per cent of respondents said they won't be making any adjustments in response to changes to the Privacy Act.
"These findings reinforce the need for SMEs to receive adequate education and work to stay abreast of all changes to relevant legislation and regulations," he said.
"The Federal Government has launched a Privacy Checklist for Small Business which details what sort of businesses need to comply with the Privacy Act.
"All SMEs should complete this checklist. If you are still unsure if your business needs to comply, you may need to seek advice from a lawyer."
Thirty-six per cent of the IT and media industry were found to have already made changes or were in the process of making changes in relation to the Privacy Act according to CoreData research.
The financial and insurance services sectors also came in at 36 per cent.
The research by Bibby and CoreData was carried out from February 3-14, with a total of 859 responses collected.
The survey was conducted on a range of businesses with annual turnover of less than $200,000 to over $50,000 million,
The research reveals a higher proportion of medium-sized businesses are aware of changes to the Privacy Act.
Two in five respondents from micro businesses or those with 1-4 employees, are unaware of the changes to the Privacy Act.
This compares to 35 per cent of medium-size businesses, or those with 20-199 employees.
The Privacy Act 1988, currently protects personal information handled by large businesses and health service providers of any size.
It may apply to a small business if it has an annual turnover of $3 million or less and either: trades in personal information; is related to an entity which is captured by the legislation; provides services under a Commonwealth contract; runs a residential tenancy database; is related to a larger business; or is a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act.