Privacy Commissioner to launch privacy guidance next week.
February 13, 2014 |
Itnews in Commissioner to launch privacy guidance next week reports that the Privacy Commissioner will relase its guidance on amendments to the Privacy Act. If the draft guidelines provide any indication the focus is on the operation of the Australian Privacy Principles.
The article provides:
Having compliance on your agenda isn’t enough, says commissioner.
Pilgrim said the Office of the Australian Information Commissioner (OAIC) would also release “operational regulatory guidance” that would give Australian organisations “a very clear understanding of our expectations and under what circumstances we will take regulatory action.”
Speaking at a Sydney privacy forum, Pilgrim said he will not rule out putting his new enforcement powers to the test in their first 12 months, but said his office would take into account the steps an organisation had taken to achieve compliance with new privacy legislation before applying fines.
New privacy rules will see businesses made accountable for the privacy breaches of third party providers and liable for fines up to $1.7 million – come into effect on 12 March.
Pilgrim hinted that the Office of the Australian Information Commissioner (OAIC) could be lenient towards caught businesses (those with a turnover of more than $3 million per annum) in the first months after the reforms take effect.
“Our compliance focus in the months following 12 March will on working with entities to make sure they understand the new requirements and have systems in place to meet them,” he said.
“To that end, in resolving matters brought to the attention of the office, we will take into account the steps that entities have taken to genuinely prepare for the changes and to comply with the new laws.”
However he added that the OAIC would take “a tougher approach where it finds that attempts have not been made to comply with the new laws.
“It is not enough to have it on your agenda,” he told iTnews.
Appearing at the same privacy forum, partner at the Gilbert and Tobin law firm Peter Leonard also emphasised that companies and organisations must not forget about the privacy implications of third party support arrangements, such as offshore call centres and “follow the sun” style support arrangements for operations outside of Australian working hours.
Under APP 8, Australian organisations are accountable for the breaches of these third party suppliers, he said, such as “call centres in the Philippines where operators in the Phllippines have access to a screen on information about a customer to enable them to deal with a complaint or enquiry” or hardware support deals which “enable a remote equipment support provider to dial in to the hardware to remotely diagnose a problem.”
“Many of these remote support arrangements don’t have full segregation of personal data that might be held on the machine,” he warned.