Mixed reaction to improved privacy protection
- 30 November, 2012 11:56
There has been a mixed reaction from the ICT industry to amendments to the Privacy Act with some organisations welcoming the changes while others say more work needs to done on privacy issues.
The Privacy Amendment (Enhancing Privacy Protection) Bill 2012 legislation was passed in Parliament this week and will give privacy commissioner Timothy Pilgrim more powers, including the right to seek civil penalties in the case of serious breaches of privacy.
The legislation also permits the commissioner to conduct assessments of privacy performance for both Australian government agencies and private companies.
The reforms introduce a single set of privacy principles called the Australian Privacy Principles (APPs) and a number of changes to how personal information is handled, including when it can be used for direct marketing and sent overseas.
Communications Alliance CEO John Stanton praised Attorney General Nicola Roxon and her staff for working with the ICT industry to come up with a successful conclusion to resolving what he called the "Australian Link" issue.
This issue is the introduction of provisions restricting the ability of credit card providers to disclose credit eligibility to entities that do not have a presence in Australia.
“The prohibition on disclosure of any credit-related information to organisations that do not have an Australian link would have major impacts for companies with existing offshore call centres and data processing facilities,” Stanton said in a statement.
The Association for Data-driven Marketing & Advertising (ADMA)'s CEO Jodie Sangster also welcomed the amendments but said she was “disappointed” that the opportunity to create a model privacy framework for the digital era had been missed.
"The government, opposition and parliamentary committees have produced a workable set of APPs including one for marketing, introducing positive credit reporting and updating the powers of the privacy commissioner,” Sangster said in a statement.
However, she added that were still important aspects relating to the use of social media and online channels that needed to be negotiated with privacy commissioner Timothy Pilgrim.
“We hope to develop codes and guidelines for digital and online platforms that will promote and enhance consumer protection and privacy whilst making privacy issues more manageable for business,” Sangster said.
ADMA had lobbied for amendments to the Bill on behalf of the Australian marketing and advertising industry.
- Removing the prohibition on direct marketing
- Reducing the requirement to include opt-out notices on all marketing communications
- Limiting the obligation to allow customers to engage under a pseudonym
- Re-configuring the requirement on transfer of data.
She added that that while this week's developments removed some of the uncertainty around changes to privacy laws, the government's intentions for mandatory data breach notification and a civil right to privacy were “still unknown.”
“Businesses have enough to deal with in ensuring they are complying with the new privacy law in 2013,” Sangster said.
“It would be beneficial to allow businesses to deal with the latest privacy changes before imposing yet more laws.”
Middletons partner Cameron Abbott who specialises in ICT law, advised that organisations that collect or hold information in Australia will need to change their practices to comply with the Privacy Bill before commencement in 15 months’ time. He also said that the APPs replace the existing National Privacy Principles and Information Privacy Principles governing the collection, use, disclosure and maintenance of personal information by both public and private sector organisations.
For example, there have been changes with APP 1 which covers open and transparent management of personal information.
“APP 1 contains new obligations regarding data transparency, and specifies the information that must be included by organisations in their privacy policies,” he said in a statement.
Turning to APP 5, which covers notification of the collection of personal information, he said that existing collection of personal information notification requirements will be expanded.
“Organisations will be required to disclose the circumstances in which they collected the information if not directly from the individual, whether they are likely to disclose the information overseas, and the location of any likely overseas disclosure."
Lastly, Abbott examined APP 8, which covers cross-border disclosure of personal information. Under this principle, organisations must take reasonable steps to ensure that the recipient of the information does not breach the APPs. “Importantly, although organisations that meet this requirement will be permitted to disclose information lawfully, they may still be held liable for any breach of the APPs by the recipient and be penalised,” he said.
This article and the comments within it should not be construed as legal advice
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Privacy Amendment Bill passed, gives commissioner far-reaching powers
- Privacy Act reforms — the implications for the digital environment
- Data breach liability should lie with companies: Survey
- Privacy bill given the go-ahead
- Twitter: @HamishBarwick
- Twitter: @ComputerworldAU
- LinkedIn: Computerworld Australia
Ruggedized scientific calculator perfect for extreme math
How to Switch From iPhone 5S to BlackBerry Z30 (and Why)
How to Switch From iPhone 5S to BlackBerry Z30 (and Why)
CIOs to Become In-House Brokers -- and That's a Good Thing
The future of computing
The Future of IT: From Chaos to Service Automation
Technology has become the heart and soul of every business, but IT workload and system complexity become more challenging. This whitepaper details the future of IT, the major challenges facing CIOs, and the three ways to transform IT so CIOs can lead the way.
Migrating from BlackBerry? See Our Trusted Method.
Are your business leaders demanding a migration plan from BlackBerry? Let the mobile experts at Good help you migrate without migraines. Our Professional Services team has deep experience supporting Fortune 500 organizations through the transition; read this sample planning chart and see our trusted method.
All Flash and Databases - Storage Switzerland
This webcast explores how All-Flash enterprise storage compares to traditional disk-centric arrays. Learn how to best leverage Flash so databases thrive and limitations of I/O disappear, while exploring the pitfalls and peculiarities of Flash, and how to optimise its performance as a storage solution to ensure reliance, predictability and cost savings for a variety of enterprise workloads.