Privacy Policies and compliance
January 2, 2016 |
The Privacy Act 1988 was amended by the the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act). The changes commenced on 12 March 2014. The reforms:
- created a single set of Australian Privacy Principles (APPs) applying to both Australian Government agencies and the private sector. These principles replaced the Information Privacy Principles and National Privacy Principles.
- introduced more comprehensive credit reporting for consumer credit.
- strengthened the functions and powers of the Australian Information Commissioner to resolve complaints, use external dispute resolution services, conduct investigations and promote compliance
- created new provisions on privacy codes and the credit reporting code, including codes that are binding on specified agencies and organisations.
For those privacy practitioners the general level of compliance with the amendments to the Privacy Act has been poor.
A recent example that came to my attention was reading the Privacy Policy of the Comedy Festival web site. It provides:
Legal
Privacy Policy
The Comedy Festival is bound at all times by the National Privacy Principles (“NPPs”) which are contained in the Privacy Act 1988, and as ammended by the Privacy Ammendment (Private Sector) Act 2001.
On some parts of this website you are requested to submit some personal information. Depending on the context, which ought to be clear, we might want this information:
- so we can email or post you Festival information, like a Programme.
- as part of a registration for an event, like Raw Comedy.
- to respond to your questions
If you don’t understand why you’re being asked for information, telephone us on +613 9245 3700
You can contact us anytime by phone, post or email to ascertain, correct, or remove this information from our records. If you can correctly, independently verify three individual contact details from our records, we’ll assume you really are you, and follow your instructions. We won’t discuss any details before we’ve done so.
From time to time, we may also collect information anonymously from your internet server. This is commonly done all over the internet, using things called “cookies”. We may store:
- the last site you visited before us
- the kind of browser you are using
- what country you are connected in
- the date and time of your visit
- your movements around pages on the site
These cookies don’t “remember” you, or identify you personally. We only use the information they give us in aggregate.
We don’t give this information to anyone else – not sponsors, not governments, not independent producers in the Festival. Only Festival staff and contractors and co-producers (in the case of things like Raw). We make our contractors and co-producers agree to these principles, here, as well.
Disclaimer
Melbourne International Comedy Festival Ltd has undertaken all reasonable measures to ensure that the information on this web site is accurate. MICF specifically disclaims any liability, loss or risk, personal or otherwise, which is incurred as a consequence, directly or indirectly from the use and application of any of the contents of this website.
MICF accepts no responsibility for the accuracy or completeness of any material contained herein and recommends that users exercise their own skill and care with respect to its use.
Links to other websites are inserted for convenience and do not constitute endorsement of material at those sites, or any associated organisation, product or service.
The material on this website may include views or recommendations of third parties, which do not necessarily reflect the views MICF, or indicate its commitment to a particular course of action.
The listing of a person or organisation in any part of this website in no way implies any form of endorsement by MICF of the products or services provided by that person or organisation.
It is non compliance on so many levels. It refers to the National Privacy Principles. They were replaced with the Australian Privacy Principles almost 2 years ago. The Policy does not even come close to complying with Australian Privacy Principle 1. It should be placed in a museum. And yet the Comedy Festival is a big operation which involves collecting, using and storing personal information.
Other examples are easy to find from my recent wanderings. For example the new retail outlet Kit and Ace has no privacy policy. The comparison with Myer online is stark. Perhaps it has assessed that it is under the $3 million turnover per annum. Unlikely and definitely unwanted. Landmark in South Australia has a not bad privacy policy but trends to waffle and quite vague in parts. Some of it is self serving (such as first sentences of paragraphs 7 and 8 for example) which could do with some editing. That said it is quite common to have what are essentially meaningless statements in privacy policies.
[…] Privacy Policies and compliance […]