One of the insightful things that has been said to me recently came from an independent consultant working at a major FMCG client. He said: “The problem here is that we have some people who are world-class at marketing to the masses, but they haven’t got a clue about how to speak to a customer.”
The Association for Data-driven Marketing and Advertising (ADMA) is calling on the privacy commissioner to consider a new voluntary code for privacy data breaches and stop compulsory notifications being approved by the Australian senate.
The association has offered to work with the commissioner to produce a new voluntary code that would establish clear benchmarks for reporting privacy data breaches. This would be an alternative to the current Data Breach Notification Guide of the Office of the Australian Information Comissioner, as well as the proposed Privacy Alerts legislation being debated by the Australian Parliament.
A senate committee is due to give its report on the proposed Privacy Alerts Bill today (24 June). As previously reported, ADMA CEO Jodie Sangster criticised plans for compulsory data breach notifications last week, claiming the administrative requirements these imposed would cripple hundreds of thousands of Australian businesses.
The latest proposal from ADMA, announced today, would tackle several key issues with the compulsory bill, including a definition of a ‘serious data breach’, so that businesses will know when to report an error. It would also detail benchmarks for different kinds of data issues including cyber attacks, hacking and external threats.
ADMA is also proposing third-party monitoring, auditing and enforcement. According to Sangster, the latest voluntary proposal is consistent with the government’s commitment to support innovation in the digital economy, while offering a more constructive way of dealing with the data privacy issue.
“We are saying to the government, don’t do this to Australian business; give voluntary reporting another chance,” she said.
Sangster called for the senate to refer the matter to the Australian Law Reform Council (ALRC), rather than ram new legislation through parliament’s last week of sitting.
“We recommend that this matter be referred to the ALRC as part of its new privacy reference and that a proper consultation process be undertaken before the legislation is given further consideration by parliament,” Sangster said.
In contrast, the Australian Communications Consumer Action Network (ACANN) has claimed the data breach notifications are necessary and claims arguments that the move would create an “undue burden on business” are a means to sweep privacy breaches under the carpet.