This Privacy Awareness Week, the theme is Back to Basics
It is a timely reminder that with the world of technology and information sharing continuing to evolve, basic privacy principles have never been more crucial.
While the digital world has generated significant benefits, including consumer convenience, improved efficiencies and new employment opportunities, it has resulted in large amounts of personal information being generated, used, disclosed and stored. The recent high-profile data breaches across Australia have only intensified conversations surrounding privacy law reform.
The proposed privacy law reform is aimed at:
-
- Enhancing the safeguarding of personal information and the ability of individuals to control their information
-
- Ensuring that the Privacy Act remains relevant in the digital era
-
- Bringing the Privacy Act in line with similar laws abroad, such as the General Data Protection Regulation (GDPR) in the European Union and the United Kingdom (UK GDPR).
Australian Information Commissioner and Privacy Commissioner Angelene Falk stated that “as the world has become increasingly connected and information flows more complex, our privacy laws need to adapt to ensure that personal information is protected and handled fairly.”
The Privacy Act Review Report 2022 delivered 116 recommendations that, if implemented, will fundamentally change how we deal with data in Australia.
The recommendations focus on:
-
- broadening and clarifying the type of information covered by Australian privacy laws;
-
- enhancing privacy protections – with a focus on protecting and empowering individuals; and
-
- strengthening enforcement and compliance – reducing regulatory complexity and giving the Regulator more options to enforce privacy breaches
According to Commissioner Falk, the review “shifts the burden from individuals, who are currently required to safeguard their privacy by navigating complex privacy policies and consent requirements, and places more responsibility on the organisations who collect and use personal information to ensure that their practices are fair and reasonable in the first place.”
What can we learn from other countries
The GDPR, which has been described as the most significant and strictest data protection reform ever introduced, is often cited in conversations surrounding privacy reform in Australia.
There are varying approaches to privacy and data protection regulation across different jurisdictions. Experiences from privacy changes overseas indicate that there will be stricter enforcement and investigation activity in Australia in relation to existing privacy obligations before new obligations get traction.
What it means for businesses and individuals
Privacy legislation reform is an ongoing process, and businesses must be prepared to adapt to changing regulations. Privacy compliance, though it may be complex and time-consuming, will enable businesses to build trust with their customers and reduce the risk of data breaches or leaks. The proposal suggests tougher penalties for serious or repeated privacy breaches. It also gives the regulator more options to enforce privacy breaches.
Individuals can benefit from greater control over their personal data including through a right to seek erasure of personal information. They also benefit through more transparency and control over direct marketing, targeting and sale of their personal information.
The most successful organisations recognise that privacy is a fundamental right – and reflect that in all they do.
Despite not being enacted as law yet, there are measures that entities can and should take presently to get ready for these modifications. These include:
-
- Gain a better understanding of your data. Develop the necessary internal resources to gain better visibility of your collection, storage, use, disclosure, monitoring, and control of personal information. Establish controls to effectively manage and comprehend what is required and what is currently being done in real-time.
-
- Recognise challenges that may arise. Investigate and assess the extent of actions that are necessary to conform to major reforms that impact your business.
-
- Strengthen security and privacy. While security and privacy complement each other, they are not synonymous. Security incidents can occur without data breaches, and data breaches can occur without attacks.
Privacy foundations need ongoing upgrades as our world continues to be rapidly transformed by innovations in technology. Talk to the GWI team to learn more about how we can help your organisation get ready for the changes. www.gwi.com.au/contact
