Peter A Clarke

This Wednesday the amendments to the Privacy Act 1988 take effect.  They should require a significant change to the manner in which privacy is regulated in Australia by the Privacy Commissioner.  He has been given significant and varied enforcement powers.  And the penalties for serious interferences with privacy, $340,000 for an individual and $1,700,000 for a company, and breaches of the Credit Reporting provisions of the Act (Part IIIA) are very significant.  The question is, and has always been, how active and effective the regulator will be.  Part of the problem in the past has been Read the rest of this entry »

There has been some critisism about the effectiveness of the Guidelines to the APP.  That has prompted quite a lively response from the Privacy Commissioner (found here).  He rarely reacts so quickly and assertively to media reportage. It is important issue to clarify.  The extent of work undertaken to comply by organisations has been uneven, to put it mildly.  That has been a subject of reports over the last 15 months.  Having mixed signals in the marketplace can only hamper regulatory compliance.  Ultimately the assertiveness of the Privacy Commissioner will influence how compliant organisations really become.

The consultation details relevantly provides:

Significant amendments to the Privacy Act 1988 (the Privacy Act), made by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (the Privacy Amendment Act), commence on 12 March 2014.

The amendments include Read the rest of this entry »

The release of guides, policies and Codes is gathering pace ahead of E day, the day the amendments contained in the Privacy (Enhancing Privacy) Act 2012 takes effect, on 12 March 2014.  As part of the process the Privacy Commissioner is seeking to update the Guide to undertaking Privacy Impact Assessments.  The draft is found here.  Comments are sought by 28 March 2014.

The Draft Guide provides, absent appendices:

Introduction to privacy impact assessments

About this Guide

The Guide to undertaking privacy impact assessments (the Guide) has been prepared by the Office of the Australian Information Commissioner (OAIC) to provide an overview of a process for undertaking a privacy impact assessment (PIA). The Guide is intended for use by both government agencies and private sector organisations.

The Guide sets out Read the rest of this entry »

The amendments to the Privacy Act 1988 take effect on 12 March 2014.  It is as much an issue for the Privacy Commissioner as organisations and agencies.  While compliance will be a significant issue proper regulation and enforcement is as important.  In the past Read the rest of this entry »

The OAIC has released the enforcement guidelines (found here).

Significant changes to the Privacy Act 1988 will commence on 12 March 2014. The changes include a new set of harmonised Australian Privacy Principles (or APPs) that will replace the two sets of principles that currently apply to Australian Government agencies and to businesses. There will also be changes to credit reporting, including the introduction of a more ‘comprehensive credit reporting’ system and a simplified and enhanced correction and complaints process. The reforms also include new enforcement powers and remedies in relation to investigations.

The Office of the Australian Information Commissioner (OAIC) has Read the rest of this entry »

Today the Privacy Commissioner released the APP guidelines.  It is found here.

The accompanying press release provides:

‘March 12 will see the biggest change in privacy law in 25 years, and the APP guidelines are an essential tool for the implementation of this change,’ said Australian Information Commissioner, Professor John McMillan.

The APPs are a single set of principles that Read the rest of this entry »

The story of a data breach by the Department of Immigration by the Guardian has resulted in the Privacy Commissioner launching an investigation.  The Commissioner issued a statement providing:

The Office of the Australian Information Commissioner (OAIC) is aware of this data breach. I have spoken to the Department of Immigration and Border Protection and have been assured that the information is no longer publically available. This is a serious incident and Read the rest of this entry »

Itnews in Commissioner to launch privacy guidance next week reports that the Privacy Commissioner will relase its guidance on amendments to the Privacy Act.  If the draft guidelines provide any indication the focus is on the operation of the Australian Privacy Principles.

The article provides:

Having compliance on your agenda isn’t enough, says commissioner.

Pilgrim said the Office of the Australian Information Commissioner (OAIC) would also Read the rest of this entry »

Today is Data Privacy Day.  Perhaps a bit paradoxical as it comes just after a spate of spectactular data breaches in the US.  The Privacy Commissioner has issued a press release titled  Australians’ right to privacy strengthened with new privacy laws (found here) which provides:

‘With the introduction of new privacy laws, people’s privacy rights will be enhanced and strengthened in areas such as direct marketing, the disclosure of personal information overseas and requesting access to and correction of personal information held by an organisation,’ Australian Privacy Commissioner Timothy Pilgrim said.

From 12 March 2014 new privacy laws mean that Australians can more easily:

• ask an organisation Read the rest of this entry »

The CR Code registered today will come into effect on 12 March 2014.

It Read the rest of this entry »