Australian Privacy Commissioner won’t be taking 'softly, softly approach' with privacy reforms

Timothy Pilgrim will be able to seek civil penalties of up to $1.7 million for companies if there is a serious breach of privacy

Australian Privacy Commissioner Timothy Pilgrim has warned enterprises and government agencies that he won’t be taking a “softly, softly approach” to privacy investigations when his new powers come into effect on 12 March 2014.

Under the Privacy Amendment (Enhancing Privacy Protection) Bill 2012 which was passed by Parliament in November 2012, Pilgrim will be able to seek civil penalties of up to $340,000 for individuals or up to $1.7 million for companies in the case of a serious breach of privacy.

Speaking at the iaapANZ Privacy Summit in Sydney this week, Pilgrim said he had been asked by people if he will take a cautious approach after implementation of the privacy reforms.

“I have never been known to be subtle so the answer to that question is probably no,” Pilgrim said.

“Before people get too excited about the bluntness of that response, remember that I said I would always start by trying to resolve matters through conciliation. But please do not interpret conciliation to mean softly, softly.”

He added that audits of Australian government agencies, tax file number recipients, credit reporting agencies and credit providers will be extended to include private sector companies.

These audits will determine if companies are handling personal information in accordance with the new Australian Privacy Principles (APPs).

“There has been a power in the current [Privacy] Act to allow me to audit a private sector organisation by invitation. However, it seems organisations have been too shy to extend such an invitation up to now,” Pilgrim said. “So from 12 March I’ll be able to invite myself in.”

He warned that these assessments may be conducted at “any time”, whether the organisation has had a previous privacy breach or not.

“Central to the Office of the Australian Information Commissioner’s (OAIC) enforcement activity is an enforcement pyramid approach to regulation,” Pilgrim said.

For example, in the case of individual complaints the OAIC would expect that a person would try to resolve the issue with the organisation first.

“If a matter is accepted by us, we will always attempt to resolve issues through mutual agreement, conciliation,” he said.

“However, in the event that this is not effective, we will not hesitate in using our other tools to resolve a matter, including determinations, enforceable undertakings or in the case of serious or repeated breaches, civil penalties.”

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Comments

Comments are now closed.

Supporting Association

The marketing over the past 2 years of the Vodafone brand has been confused. We have seen some of the worst advertising in the brands his...

Noel

Vodafone on the hunt for new CMO

Read more

This is an extremely insightful article for sure: a perfect case study into the correct way to choose and implement a CRM system so that ...

Aaron Williams

How marketing automation, CRM upgrade is paying engagement dividends for ResMed

Read more

Mr. Rudy has found the right direction to marketing Catch of the Day and paying attention to customer comments and complaints. The simpl...

Desiree Segal

Catch of the Day retailer hooks fresh customer insight with NPS

Read more

True. Australian Marketing, Advertising, News, PR and Sales Fails Big Time due to using old techniques and not adapting to ICT - can be r...

Joe

Marketing must take charge of innovation, says TBWA chairman

Read more

Step 1) Employ your own workforce. Step 2) Show the public network being built. Step 3) Let the public advertise your brand in return f...

Jason

NBN Co creates head of social strategy role

Read more

Sign in