Peter A Clarke

Today, 12 March 2014, the long-expected and patchily publicised amendments to the Privacy Act 1988 take effect.

The PM program has run a story on the changes in New privacy laws crack-down on personal data use.  It provides:

MARK COLVIN: New privacy laws come into effect today in a major crack-down on those using our personal data.

Businesses are now compelled to let us know if they’ve got our personal information and what they’re doing with it.

Companies could be liable to pay up to $1.7 million for any breaches.

Karen Tan reports.

KAREN TAN: The big changes will relate to how businesses handle, use and store personal information and greater disclosure is now required to advise us where else our data is going.

Australian Privacy Commissioner Timothy Pilgrim says it’s going to regulate how Federal Government agencies and much of the private sector can collect our personal information.

TIMOTHY PILGRIM: There’s a new set of principles that will apply to all government agencies and all private sector organisations. There are major changes to credit information handling practices and new protections there, and there are also increased enforcement powers to our office so that we can handle investigations and complaints under the Privacy Act.

KAREN TAN: The new laws mainly apply to businesses earning over $3 million a year. But there are some exceptions.

TIMOTHY PILGRIM: All medical practitioners, regardless of the size of their organisation, if they are a private medical practitioner then they are always going to be covered because of the sensitive health information they hold.

And if a business is trading in personal information and they receive a service or benefit – that is, some money or something like that – for trading in it, they will also be brought in regardless of the size of the business.

KAREN TAN: But technology and intellectual property associate Paul Gordon from Finlaysons law firm says consumers still have no rights to stop companies from using or collecting personal information.

Their obligation is for greater transparency and better communication to the consumer in advising them what information they’ve obtained.

PAUL GORDON: The fine print isn’t going to cut it anymore. They are going to have to have big notifications.

KAREN TAN: Lawyer Paul Gordon believes it could ultimately give consumers the chance to profit from selling their own data, rather than losing it for free.

PAUL GORDON: It’s going to mean, basically, that the power is starting to shift back to the consumer. Instead of companies being able to grab information without necessarily telling people that they are getting it, consumers are going to know what information is being gathered and might be able to, in some ways, fight back and look at ways of monetising their personal information.

KAREN TAN: Andrew Wilson is the chief executive of Senetas Corporation, a company that sells data encryption services. His company’s survey found a large percentage of firms appear unprepared for today’s changes to the privacy laws.

ANDREW WILSON: Seventy-four per cent of the surveyed participants in our large corporation and multinational survey said they wouldn’t be ready by the active date for these amendments, which is today.

The critical thing will be how the Privacy Commissioner regulates the new changes.  There is problems enough with the Privacy Act with its exceptions and $3 million threshold meaning that significant parts of the private sector will not be covered. Active regulation is needed to get compliance up.

Just to show that at Year zero in the new world of privacy regulation some things remain the same the Age reports on a major data leak involving two Australian lending companies in Australian lenders hacked in scam.  The focus of the story is on the lead regulator, ASIC.  But the issue of data security comes into play if what was interfered with included personal information.

The article provides:

Cybercriminals have hacked two Australian lending companies and duped customers into wiring thousands of dollars overseas, the corporate watchdog says.

Scammers are believed to have broken into the databases of the two companies before approaching customers with loan offers.

To secure the loan, victims were told to wire money for insurance and tax purposes via Western Union and similar services. The loans never materialised.

An Australian Securities and Investments Commission (ASIC) representative said 21 victims had come forward reporting combined losses of $57,167.

The representative did not name the businesses involved because investigations were ongoing.

The criminals, believed to have been operating from India, also set up fake websites and internet banner ads advertising loans, and created fake contracts using either fabricated business names or the stolen names of legitimate Australian companies.

Money sent via international wire transfer is difficult to trace and recoup.

ASIC deputy chairman Peter Kell said legitimate lending companies would never ask borrowers to transfer money to a third party or an overseas account in order to secure a loan.

“Never deal with anyone you cannot reach through publicly available contact details,” he said.

“Do not respond to any requests to send money before receiving the loan or you risk suffering significant financial loss.”