Mixed reaction to improved privacy protection
- 30 November, 2012 11:56
There has been a mixed reaction from the ICT industry to amendments to the Privacy Act with some organisations welcoming the changes while others say more work needs to done on privacy issues.
The Privacy Amendment (Enhancing Privacy Protection) Bill 2012 legislation was passed in Parliament this week and will give privacy commissioner Timothy Pilgrim more powers, including the right to seek civil penalties in the case of serious breaches of privacy.
The legislation also permits the commissioner to conduct assessments of privacy performance for both Australian government agencies and private companies.
The reforms introduce a single set of privacy principles called the Australian Privacy Principles (APPs) and a number of changes to how personal information is handled, including when it can be used for direct marketing and sent overseas.
Communications Alliance CEO John Stanton praised Attorney General Nicola Roxon and her staff for working with the ICT industry to come up with a successful conclusion to resolving what he called the "Australian Link" issue.
This issue is the introduction of provisions restricting the ability of credit card providers to disclose credit eligibility to entities that do not have a presence in Australia.
“The prohibition on disclosure of any credit-related information to organisations that do not have an Australian link would have major impacts for companies with existing offshore call centres and data processing facilities,” Stanton said in a statement.
The Association for Data-driven Marketing & Advertising (ADMA)'s CEO Jodie Sangster also welcomed the amendments but said she was “disappointed” that the opportunity to create a model privacy framework for the digital era had been missed.
"The government, opposition and parliamentary committees have produced a workable set of APPs including one for marketing, introducing positive credit reporting and updating the powers of the privacy commissioner,” Sangster said in a statement.
However, she added that were still important aspects relating to the use of social media and online channels that needed to be negotiated with privacy commissioner Timothy Pilgrim.
“We hope to develop codes and guidelines for digital and online platforms that will promote and enhance consumer protection and privacy whilst making privacy issues more manageable for business,” Sangster said.
ADMA had lobbied for amendments to the Bill on behalf of the Australian marketing and advertising industry.
- Removing the prohibition on direct marketing
- Reducing the requirement to include opt-out notices on all marketing communications
- Limiting the obligation to allow customers to engage under a pseudonym
- Re-configuring the requirement on transfer of data.
She added that that while this week's developments removed some of the uncertainty around changes to privacy laws, the government's intentions for mandatory data breach notification and a civil right to privacy were “still unknown.”
“Businesses have enough to deal with in ensuring they are complying with the new privacy law in 2013,” Sangster said.
“It would be beneficial to allow businesses to deal with the latest privacy changes before imposing yet more laws.”
Middletons partner Cameron Abbott who specialises in ICT law, advised that organisations that collect or hold information in Australia will need to change their practices to comply with the Privacy Bill before commencement in 15 months’ time. He also said that the APPs replace the existing National Privacy Principles and Information Privacy Principles governing the collection, use, disclosure and maintenance of personal information by both public and private sector organisations.
For example, there have been changes with APP 1 which covers open and transparent management of personal information.
“APP 1 contains new obligations regarding data transparency, and specifies the information that must be included by organisations in their privacy policies,” he said in a statement.
Turning to APP 5, which covers notification of the collection of personal information, he said that existing collection of personal information notification requirements will be expanded.
“Organisations will be required to disclose the circumstances in which they collected the information if not directly from the individual, whether they are likely to disclose the information overseas, and the location of any likely overseas disclosure."
Lastly, Abbott examined APP 8, which covers cross-border disclosure of personal information. Under this principle, organisations must take reasonable steps to ensure that the recipient of the information does not breach the APPs. “Importantly, although organisations that meet this requirement will be permitted to disclose information lawfully, they may still be held liable for any breach of the APPs by the recipient and be penalised,” he said.
This article and the comments within it should not be construed as legal advice
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Privacy Amendment Bill passed, gives commissioner far-reaching powers
- Privacy Act reforms — the implications for the digital environment
- Data breach liability should lie with companies: Survey
- Privacy bill given the go-ahead
- Twitter: @HamishBarwick
- Twitter: @ComputerworldAU
- LinkedIn: Computerworld Australia
Why IT projects really fail
Queensland government to provide 200 services online by 2015
Call Centers Suffer From Big Data Overload
CIO 100: Carsales wins top gong for innovation
How to secure passwords and other critical numbers
Advancing Customer Intelligence Capabilities in Asia-Pacific
Many Asia-Pacific organisations lack or are hindered in their ability to integrate, analyse, and extract insights from multiple internal and external databases. When it comes to big data, Asia-Pacific organisations lag behind the U.S. and Europe in data warehouse, business intelligence, and analytics investments. But don’t expect that to last. Download to find out the big shifts in marketing strategies to improve behavioural targeting and personalisation.
Challenges & Opportunities for Government Data Management in Australia
From almost every angle, the message for Australian government bodies is as clear as it is for their private sector counterparts: do more with less. Effective data management policies are often the best ‘unrealised’ opportunities to directly address these high-level challenges, especially when it comes to government data custodianship.
Benefits of Web Self-Service
According to Forrester, 72 per cent of customers prefer using a company’s website to answer their questions. But only 52.4 per cent actually find the information they need online. Customers want to solve their issues quickly and easily, and providing the right solutions means greater customer retention and revenue streams - but this is sometimes not the case. Download to find out more.