Image supplied.
We have been forced to come to terms with a world in which privacy concerns are less about keeping your personal information from others (a near impossible feat in the Digital Age) – but more about limiting its use and dissemination without our consent.1
The Australian Privacy Principles (APPs) were developed to deal with that precise concern through compelling all organisations to adhere to broad principles of transparency, accountability, and responsiveness in relation to the collection and use of personal information. Set into law as part of the recent amendments to the Privacy Act 1988 (Cth), the APPs are founded on the bedrock of APP 1, which states that businesses must deal with their customers’ information in an open and transparent way.
Such transparency necessarily involves crafting a compliant privacy policy, to ensure that consumers are informed about how you will handle their personal information so that they can make informed decisions about whether or not to deal with you. Yet according to a recent review of privacy law compliance by the Office of the Australian Information Commissioner (OAIC), many businesses’ privacy policies are still vastly inadequate.
OAIC recently assessed the online privacy policies of the organisations behind 20 of Australia’s most visited websites, which are run by Australian and international organisations from various sectors including finance, online retail, government, and social and other media. They found that 11 of them (55%) did not satisfy one or more of the basic requirements set by the Privacy Act 1998 (Cth) and the APPs.2
Timothy Pilgrim, the Australian Privacy Commissioner, said the privacy policies reviewed had a median length of 3,413 words, and were therefore “still too long making it difficult to locate relevant information”. This was deemed by OAIC to be inconsistent with APP 1, which requires privacy policies to be “clearly expressed and up to date”, and is necessary to ensure organisations manage personal information in an “open and transparent way”.
Many policies also did not outline how personal information could be accessed and corrected, how a privacy complaint would be dealt with, how personal information would be protected, and whether the personal information was likely to be sent overseas.
If your privacy policy is overly long or complex, or neglects to address any of the above issues, we recommend that you review it in order to give your customers and suppliers the assurances that we all, by now, have come to expect.
Sources: 1. http://america.aljazeera.com/articles/2014/11/4/data-privacy.html
2. http://www.oaic.gov.au/news-and-events/media-releases/privacy-media-releases/
privacy-policies-still-have-room-for-improvement
Mark Love, Legal Director, Business Law 9th Floor, Canberra House,
40 Marcus Clarke Street, Canberra ACT 2601
E: [email protected]
T: 02 6274 0810 | www.bradleyallenlove.com.au
