Mixed reaction to improved privacy protection
- 30 November, 2012 11:56
There has been a mixed reaction from the ICT industry to amendments to the Privacy Act with some organisations welcoming the changes while others say more work needs to done on privacy issues.
The Privacy Amendment (Enhancing Privacy Protection) Bill 2012 legislation was passed in Parliament this week and will give privacy commissioner Timothy Pilgrim more powers, including the right to seek civil penalties in the case of serious breaches of privacy.
The legislation also permits the commissioner to conduct assessments of privacy performance for both Australian government agencies and private companies.
The reforms introduce a single set of privacy principles called the Australian Privacy Principles (APPs) and a number of changes to how personal information is handled, including when it can be used for direct marketing and sent overseas.
Communications Alliance CEO John Stanton praised Attorney General Nicola Roxon and her staff for working with the ICT industry to come up with a successful conclusion to resolving what he called the "Australian Link" issue.
This issue is the introduction of provisions restricting the ability of credit card providers to disclose credit eligibility to entities that do not have a presence in Australia.
“The prohibition on disclosure of any credit-related information to organisations that do not have an Australian link would have major impacts for companies with existing offshore call centres and data processing facilities,” Stanton said in a statement.
The Association for Data-driven Marketing & Advertising (ADMA)'s CEO Jodie Sangster also welcomed the amendments but said she was “disappointed” that the opportunity to create a model privacy framework for the digital era had been missed.
"The government, opposition and parliamentary committees have produced a workable set of APPs including one for marketing, introducing positive credit reporting and updating the powers of the privacy commissioner,” Sangster said in a statement.
However, she added that were still important aspects relating to the use of social media and online channels that needed to be negotiated with privacy commissioner Timothy Pilgrim.
“We hope to develop codes and guidelines for digital and online platforms that will promote and enhance consumer protection and privacy whilst making privacy issues more manageable for business,” Sangster said.
ADMA had lobbied for amendments to the Bill on behalf of the Australian marketing and advertising industry.
- Removing the prohibition on direct marketing
- Reducing the requirement to include opt-out notices on all marketing communications
- Limiting the obligation to allow customers to engage under a pseudonym
- Re-configuring the requirement on transfer of data.
She added that that while this week's developments removed some of the uncertainty around changes to privacy laws, the government's intentions for mandatory data breach notification and a civil right to privacy were “still unknown.”
“Businesses have enough to deal with in ensuring they are complying with the new privacy law in 2013,” Sangster said.
“It would be beneficial to allow businesses to deal with the latest privacy changes before imposing yet more laws.”
Middletons partner Cameron Abbott who specialises in ICT law, advised that organisations that collect or hold information in Australia will need to change their practices to comply with the Privacy Bill before commencement in 15 months’ time. He also said that the APPs replace the existing National Privacy Principles and Information Privacy Principles governing the collection, use, disclosure and maintenance of personal information by both public and private sector organisations.
For example, there have been changes with APP 1 which covers open and transparent management of personal information.
“APP 1 contains new obligations regarding data transparency, and specifies the information that must be included by organisations in their privacy policies,” he said in a statement.
Turning to APP 5, which covers notification of the collection of personal information, he said that existing collection of personal information notification requirements will be expanded.
“Organisations will be required to disclose the circumstances in which they collected the information if not directly from the individual, whether they are likely to disclose the information overseas, and the location of any likely overseas disclosure."
Lastly, Abbott examined APP 8, which covers cross-border disclosure of personal information. Under this principle, organisations must take reasonable steps to ensure that the recipient of the information does not breach the APPs. “Importantly, although organisations that meet this requirement will be permitted to disclose information lawfully, they may still be held liable for any breach of the APPs by the recipient and be penalised,” he said.
This article and the comments within it should not be construed as legal advice
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Privacy Amendment Bill passed, gives commissioner far-reaching powers
- Privacy Act reforms — the implications for the digital environment
- Data breach liability should lie with companies: Survey
- Privacy bill given the go-ahead
- Twitter: @HamishBarwick
- Twitter: @ComputerworldAU
- LinkedIn: Computerworld Australia
- Delta Takes Off with HP Quality Software
- Reference Architectures for Virtualisation
- IBM WebSphere MQ: The Right Information in the Right Place and Time
- IDC Research: Leveraging the Benefits of Cloud Computing with Specialised Security
- Endpoint Security Performance in Desktop Virtualisation Environments
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Spiceworks' free management software gets integrated MDM
Devising a Server Protection Strategy with Trend Micro
With so many Information Technology solutions available to choose from today, many organizations put their trust in the experience, insight and advice of Gartner, and their industry-leading analysts. Trend Micro’s portfolio of solutions meets and exceeds Gartner’s recommendations on how to devise a server protection strategy. Precisely how Trend Micro does it is detailed in this whitepaper. Read now.
ESG Whitepaper: Integrated Computing Platform Survey
Data centres, servers, storage and more are being combined for simplified management and cost savings. In this survey, ESG looks at the current and future trends surrounding today’s integrated computing solutions. Download to find out how organisations are more likely to see commit IT budgets to the purchase of integrated solutions. Read more.
The Power of Cloud
Although cloud is widely recognized as a technology game changer, its potential for driving business innovation remains virtually untapped. To take advantage of cloud’s potential to transform internal operations, customer relationships and industry value chains, organisations need to determine how best to employ cloud-enabled business models that promote sustainable competitive advantage. Learn more about driving business model innovation.