Privacy Commissioner sets out views on use of his new powers when amendments to the Privacy Act come into effect on 12 March 2014
November 25, 2013 |
The Itnews report on a speech by the Privacy Commissioner is a classic example of a sub editor not reading the body of a story before drafting headline which would attract interest the story, titled Privacy Commissioner plans hardline approach to new Act, does not, as represented, constittute a touch talk on Privacy.
The article provides:
Talks tough on Privacy Act amendments.
The powers, given to the regulator as part of the Privacy Amendment (Enhancing Privacy Protection) Bill 2012, for the first time expose businesses to court-backed financial and administrative penalties for serious lapses in privacy protection.
Financial penalties for companies can reach up to $1.1 million under the new laws. The commission has delayed the release of industry guidelines for new privacy principles associated with them.
The Act will offer one set of Australian Privacy Principles (APPs), replacing the current Information Privacy Principles (IPPs) for the public sector and NPPs for the private sector.
Privacy Commissioner Timothy Pilgrim today told attendees at a privacy summit in Sydney the regulator would take its traditional conciliatory approach to breaches but warned it shouldn’t been mistaken for a soft touch.
“The two sets of principles we have are fundamentally very similar to the ones that are coming into place. The private sector has been working with them for over 12 years, the government has been working with them for over 25 years, there’s a common theme so there shouldn’t be a big challenge in complying with them,” he said.
“I also think that businesses have had a long lead in now of 15 months, which is quite long.”
Pilgrim stressed, however, that the commission would always attempt conciliation with organisations first.
He also said he expected the commission to resort to written enforceable undertakings far more frequently than court orders.
Large businesses have traditionally recognised the value of complying with directions from the commission in recognition of the risk that failing to do so could damage their brands, Pilgrim said.
But the commission may need to take a firmer hand with some organisations.
“There will always be some difficult organisations and some intransigent organisations. These laws will reinforce the community’s view that privacy is a serious issue for them,” Pilgrim said.
The Office of the Australian Information Commissioner recently conducted a survey to uncover community attitudes to privacy. Over 60 per cent of respondents indicated they would be prepared to withdraw their loyalty to retailers and other companies that failed to protect their privacy.
That today led Pilgrim to warn businesses the idea that “privacy is dead” was a myth.
He recommended businesses review their information security and ensure they had data breach plan in place before the new laws came into effect, March 12, 2014.
The legislation certainly does give the Privacy Commissioner powers to be “tough”. Talking conciliation first is not by any stretch of an already maleable language a tough approach. The proof will be in what happens post 12 March 2014.