Privacy officers currently working in Australian businesses will face challenges when the recommended changes to Australia’s Privacy Act become law, a data security expert has warned.
Troy Braban from global management consulting firm Accenture believes the new Privacy Act will incur both costs and management reshuffling, most of which will impact the role of the privacy officer.
“One of the largest changes that we see is really around the role of the security and privacy officer. To this date that role has existed but it hasn’t had the importance that it will going forward,” said Braban.
Braban foresees an increase in the importance of the role which he fears may leave current employees confused about the role’s requirements.
“Currently, in some cases the privacy officer’s role could be four or five levels below the c-level. So from a reporting and budget perspective they just haven’t had the exposure or the amount of money they need to support these sorts of things,” he said.
After two years of consultation, the Australian Law Reform Commission (ALRC) recommended the Australian government introduces mandatory data breach disclosure laws, in its final privacy report released in August.
The landmark report makes 295 recommendations to the existing Privacy Laws and practices, of which, a recommendation for mandatory data breach disclosure is included.
According to Braban, the privacy officer of the future will need to understand security, privacy and data issues as well as legal knowledge.
“They may well need a legal background given the flow on effects to a company's reputation and also they’re going to need to be at a serious level.
"Some organisations are looking at incorporating that into the CIO type role and operate it at high levels of the organisation," he said.
Furthermore, c-level management has to embrace the laws sufficiently as they also will be required to report to stakeholders.
“CIOs, CSO, and CFOs are going to have to understand how do we deal with privacy in our organisation, it’s not just technology, we’re going to need all these other things around it and they’re going to have to report on it to their stakeholders and people who have invested in their organisations.”
“The cost for organisations is going to be high," said Braban.
Privacy officers to feel the brunt of privacy law changes
By Negar Salek on Oct 3, 2008 7:52AM