Top Aussie websites need to improve privacy policies: Pilgrim

Australia's biggest banks, media, government and online retail operators have 'room to improve' their approach to transparency around the use and protection of customer information, according to the country's privacy commissioner.

Timothy Pligrim

On the first anniversary of the introduction of the revised Privacy Act, Timothy Pilgrim today said the Office of the Australian Information Commissioner would shift its focus from preparing industry for the changes and towards a more strategic approach to privacy awareness and enforcement.

Pilgrim was speaking at his agency's launch of privacy week.

The commissioner and his team have combed through the privacy policies of organisations running 20 of the most visited - and complained about - websites in Australia from the finance, online retail, government, social and other media sectors.

The list includes the Commonwealth Bank, NAB, and ANZ; the Department of Human Services; social media sites; news sites run by Fairfax, News Corp and The Guardian; and credit reporting agency Veda.

Pilgrim reported more than half were deficient on some basic level.

While the OAIC did not attach specific findings to each organisation assessed, it revealed that 20 percent of the policies reviewed failed to properly disclose whether customer information was likely to be shared or hosted overseas, and the applicable locations.

Another 40 percent offered no indication of how the organisation planned to deal with privacy complaints it received, and 25 percent did not explain how they would protect the security of customer data.

Pilgrim took particular umbrage at the length of some of the privacy policies, which the Privacy Act demands are "clearly expressed".

He said the median length of the 20 policies the OAIC assessed was an excessive 3413 words - with one coming in at a whopping 18,000 words. 

"The key to a good privacy policy is to make the information easy to read and accessible and we certainly saw some great examples of creative ways in which this type of information can be presented," he said in a statement.

"However some policies are still too long, making it difficult to locate relevant information."

Pilgrim did however say that all 20 policies "adequately" described the information the organisation collects and how it collects it. 

His office will next target Australia's GP clinics for privacy assessment.