The federal privacy commission has warned businesses it won’t take a “softly-softly” approach with new regulatory powers that will become available to it in March.
The powers, given to the regulator as part of the Privacy Amendment (Enhancing Privacy Protection) Bill 2012, for the first time expose businesses to court-backed financial and administrative penalties for serious lapses in privacy protection.
Financial penalties for companies can reach up to $1.1 million under the new laws. The commission has delayed the release of industry guidelines for new privacy principles associated with them.
The Act will offer one set of Australian Privacy Principles (APPs), replacing the current Information Privacy Principles (IPPs) for the public sector and NPPs for the private sector.
Privacy Commissioner Timothy Pilgrim today told attendees at a privacy summit in Sydney the regulator would take its traditional conciliatory approach to breaches but warned it shouldn’t been mistaken for a soft touch.
“The two sets of principles we have are fundamentally very similar to the ones that are coming into place. The private sector has been working with them for over 12 years, the government has been working with them for over 25 years, there’s a common theme so there shouldn’t be a big challenge in complying with them," he said.
“I also think that businesses have had a long lead in now of 15 months, which is quite long."
Pilgrim stressed, however, that the commission would always attempt conciliation with organisations first.
He also said he expected the commission to resort to written enforceable undertakings far more frequently than court orders.
Large businesses have traditionally recognised the value of complying with directions from the commission in recognition of the risk that failing to do so could damage their brands, Pilgrim said.
But the commission may need to take a firmer hand with some organisations.
“There will always be some difficult organisations and some intransigent organisations. These laws will reinforce the community’s view that privacy is a serious issue for them," Pilgrim said.
The Office of the Australian Information Commissioner recently conducted a survey to uncover community attitudes to privacy. Over 60 per cent of respondents indicated they would be prepared to withdraw their loyalty to retailers and other companies that failed to protect their privacy.
That today led Pilgrim to warn businesses the idea that “privacy is dead” was a myth.
He recommended businesses review their information security and ensure they had data breach plan in place before the new laws came into effect, March 12, 2014.
iTnews and Secure Computing intend to produce a guide to navigating the revised Privacy Act before the end of the year.
To that end, we will be holding a workshop in Sydney during early December to recommend how IT policies snd systems need be overhauled to comply with the amendments.
We welcome CSOs and privacy/InfoSec professionals interested in participating to register here.
CIOs and IT managers that wish to engage with this expert panel over a roundtable lunch late in the day to register here.
Click here if you cannot attend but would like a copy of the report/recommendations.