A year on, commissioner “pleased” with Australian Privacy Principles momentum

Privacy commissioner Timothy Pilgrim is “pleased” with the rate at which Australian businesses have embraced the overhauled Privacy Act 1988 in the year since significant changes to the legislation were introduced.

Backed by fines of up to $1.7m, the changes were introduced on 12 March 2014 to standardise privacy controls across public and private sector organisations that had previously been held to different standards in protecting private information.

The new guidelines – which are based around 13 consolidated Australian Privacy Principles (APPs) – had broad support from business and privacy leaders, although days before the cutover many businesses were still said to be unprepared for the new policies.

The intervening year had been a busy one for the Office of the Australian Information Commissioner (OAIC), whose review of the first year of enforcement found that the OAIC had received 4016 privacy complaints during the past year, with 104 voluntary data breach notifications and 13 privacy assessments undertaken.

Much of the OAIC's enforcement effort has been focused on auditing organisations' privacy policies; the organisation is undertaking a targeted assessment program that will expand this year to include evaluation of APP compliance.

“I've been particularly pleased with how organisations and agencies have responded positively to the challenge of implementation,” Pilgrim said in a statement.

“It is more effective, and ultimately cheaper, to embed privacy in day-to-day processes than it is to respond to issues such as data breaches as they arise.”

With some 14,064 enquiries about privacy policies received by the OAIC in the first year of the new policies, Pilgrim indicated that the OAIC would this year be focused on working with organisations to build “a culture of privacy” that helps them be “proactive in meeting their compliance requirements.”

This included a campaign to raise awareness of privacy requirements and policies during Privacy Awareness Week (PAW), which will run from May 3 to 9 this year and will see the OAIC release a privacy management framework drawing on its experiences to date.

Read more: Companies failing to maintain payment-card protections after PCI DSS certification

PAW is an initiative of the Asia Pacific Privacy Authorities (APPA) forum.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Tags Australian GovernmentTimothy PilgrimCyber Security StrategyAustralian Privacy PrinciplesCSO AustraliaAustralian Privacy Principles (APPs)Australian Information Commissioner (OAIC)Privacy Awareness Week (PAW)voluntary data breach

Show Comments