OPINION: Privacy has been the subject of scores of articles since the implementation of the privacy act last December, but what does it all really mean?

In a recent survey conducted by the Office of the Privacy Commissioner, Internet retailers were perceived as the least trustworthy organisations regarding the protection and use of personal information, scoring 1.98 on a scale of 5 (real estate agencies and market research companies rated just above them).

The same survey also found that "respect for, and protection of, my personal information" was, overall, the aspect of service that mattered most to the largest proportion of consumers--rating above quality of product, efficiency, price and convenience (Report for the Federal Privacy Commissioner on "Privacy and the Community).

We know that privacy and security are major issues for the digital media industry. As pointed out, consumers are very concerned about the protection of their personal information and it is now essential for developers of digital media to ensure that they incorporate national privacy principles (NPPs) into their business practice.

Even better, they should develop their own privacy policies and make them visible and available for staff, clients, and customers.

The new private sector privacy laws commenced on 21 December 2001. Small business operators, with a turnover of under $3 million (and some other government bodies and individuals), are generally exempt.

However, the NPPs do apply to small businesses that are related to a company with an annual turnover of more than AU$3 million, that elect to opt in, or that provide a health service or that disclose personal information about another individual to anyone else for a benefit, service, or advantage.

Also any contracted service provider to a federal government agency must comply with the NPPs. Even if an organisation is legally exempt, it may find that clients will require compliance with the NPPs. Also, developers need to be aware of the regime when considering any design and functional elements of digital media products.

The National Privacy Principles provide the minimum standard for privacy protection. They:

• (a) set out rules relating to the collection, use, disclosure, quality, and security of personal information;

• (b) require organisations to be open about their information-handling policies;

• (c) grant individuals a right to access the personal information an organisation holds about them, and to deal anonymously with organisations where practicable;

• (d) require organisations to take steps to ensure that personal information they hold is accurate, complete and up to date, and that its security is maintained;

• (e) prohibit an organisation from recycling identifiers assigned by government agencies (such as tax file numbers) as its own identifiers of individuals;

• (f) limit the transfer of information to organisations outside Australia to those in countries or circumstances that can guarantee individuals the same privacy rights as they have in Australia; and

• (g) require a higher standard of protection for the collection and use of "sensitive" and "health" information. Sensitive information includes information about an individual's racial or ethnic origin, political opinions, religious beliefs, and sexual preferences.

The new law also allows industry bodies to have and enforce their own tailored privacy codes in place of the NPPs. However, each code is subject to the Privacy Commissioner's approval and must provide privacy standards that, overall, are at least the equivalent of the obligations in the NPPs.

The NPPs require organisations to establish a "Collection Statement" making a number of specified disclosures in relation to its collection of personal information (as a general rule, all forms that an organisation use to collect personal information must include this statement) and a written "Privacy Policy", a high-level policy document that must be made available to anyone who asks for it.

The new law gives the Privacy Commissioner extensive powers to investigate complaints and to make determinations, including for the payment of compensation. These are enforceable in the Federal Court and the Federal Magistrates' Court.

Lynne Spender is Executive Director of the Australian Interactive Multimedia Industry Association (AIMIA). AIMIA has developed a draft privacy policy for members to adapt or adopt. It can be obtained from AIMIA. More detailed legal advice can be obtained from Matthew Hall or Rachel Burleigh.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.