Australia’s privacy watchdog has told businesses that privacy must be on senior leadership’s agenda and should be built into company culture.
“Privacy has to be a high order concern for your organisations,” said Angelene Falk, the acting Australian Information Commissioner and acting Privacy Commissioner.
“It needs to be on the agenda of the CEO.”
Falk was speaking at an industry briefing on privacy and GDPR, hosted by IAB Australia – the peak trade association for online advertising. The acting commissioner said recent events like the Cambridge Analytica scandal and incoming regulations like GDPR had thrust privacy and data management into the spotlight.
According to Falk, privacy requires a holistic approach, often beyond compliance, and organisations must consider themselves “trusted custodians” and “ethical stewards” of the personal information of Australians.
“It is essential to be proactive in embedding privacy in your organisation and business practices through taking a privacy by design approach.”
“This enables you to meet community expectations, and to build trust in your data management — trust which supports you in realising the benefits of data and meets your corporate social responsibilities.”
- Read More: The Australian Privacy Watchdog Is Investigating Facebook Over The Cambridge Analytica Scandal
IAB CEO, Vijay Solanki, said it is a pivotal time for the use of data as consumers continue to trend towards digital.
“Many people say data is the new oil… But right now many of us might be asking is it actually lubricating digital media or clogging up the engine,” Solanki said. “Privacy, consent, and how data is managed has never been more important.”
Recent developments in domestic and international privacy regulation have increased transparency, choice, control, and accountability, according to Falk. And while the upcoming changes, including GDPR and Australia’s Consumer Data Right, are substantial, they are essentially a response to “enduring community concerns”.
“In our long-running national community attitudes to privacy surveys, we have consistently found that about three in five Australians have avoided a business due to privacy concerns. In our 2017 survey, 69 per cent of Australians said that they were more concerned about their online privacy than they were five years ago,” Falk said.
The same survey found 86 per cent of people perceived the secondary use of personal information as a misuse of data.
Transparency and Accountability
According to Falk, both the incoming GDPR laws and existing Australian Privacy laws foster transparency and accountability.
Organisations need to be up front with consumers about privacy, Falk said, particularly when it came to privacy policies – something “many businesses can do better on”.
“Your privacy notices should be a communications tool, not a litigation tool. It is an opportunity to explain how you handle personal information to consumers in a way that is easy to understand and is fair,” Falk said.
Data breach notification requirements are also outlined in both GDPR and Australian privacy law. However the Australian scheme – The Notifiable Data Breach Scheme – has been criticised for significantly less stringent requirements and ambiguous wording.
But Falk contends that the new scheme is working. “We have received 63 notifications since the NDB scheme commenced — which, when compared to the 114 notifications we received on a voluntary basis in the last financial year, shows the NDB scheme is on track to significantly increase the number of notifications handled by the OAIC.”