Increase in public sector privacy complaints in Victoria
October 12, 2011 |
The Office of the Privacy Commissioner tabled its annual report yesterday. Privacy complaints rose 27% in 2011. The annual report is found here. The office’s media release says:
Privacy complaints made under the Victorian Information Privacy Act 2000 rose 27% in 2010-11 during which Privacy Victoria received 2,575 enquiries, including 345 that could potentially become a formal complaint. Of those 345 enquiries, 21% (73) were made into complaints after the complainant had unsuccessfully attempted to resolve the matter direct with the organisation complained of. This is the highest number of new complaints received in a reporting period since the establishment of the office in 2001.
Alleged inappropriate use and disclosure of personal information (48 complaints) remains the greatest area of concern for complainants, with data security (38 complaints) being the second most common. The number of complaints alleging non-compliance with Information Privacy Principle (IPP) 1 (Collection; 21 complaints) and IPP 3 (Data quality; 34 complaints) rose significantly from those in previous years. As many complainants alleged infringements with multiple IPPs, a total of 143 breaches of the IPPs were contained within complaints.
Of the 32 complaints referred to conciliation, 25 were successfully resolved (a 78% success rate). Common outcomes achieved in successfully conciliated complaints included: apologies; reviews of, or changes to, an organisation’s privacy policies or information handling practices; privacy training for an organisation’s staff; reimbursement of expenses; and financial compensation.
During 2010-11, seven notifications were received from organisations seeking the assistance of Privacy Victoria staff following a significant privacy breach. De-identified examples of public sector breach notifications, complaints and enquiries are given in the Report.
Privacy Commissioner Helen Versey says “Technology today means that small mistakes can result in massive data breaches. Privacy needs to be part of every organisation’s risk management strategy. Most importantly, the organisations which are most successful in embracing the Privacy Principles are those where there is leadership from the top and where sufficient resources are given to privacy and privacy awareness within the organisation.”