The Privacy Amendment Private Sector Act, introduced one year ago and effective now, gives Australians the right to know what is happening to their personal information held by organisations and the right to expect that all information collected about them is complete, accurate and up-to-date. All businesses with a turnover of more than AU$3 million and all private sector health service providers will be covered by the new legislation.
Despite admitting that the Commission has received no extra funding from the Federal Government to investigate non-compliance and privacy breaches, Privacy Commissioner Malcolm Crompton said at a press briefing today: -I'm very positive about us having a new era of respect for peoples' personal information. Our office is here to promote an Australian culture that protects and respects privacy."
Crompton said the Privacy Commission received fresh money in the budget -a couple of years ago" in order to prepare for the new legislation which helped to bump up complaints handling staff numbers and education staff.
-We believe we have the resources to handle this situation but we obviously have to keep an eye on matters and if necessary we will approach the Government on resource levels but we have been given a good first estimate of the money necessary to invent the new jurisdictions," Crompton said.
Whilst the law is enforceable, it has been widely criticised within industry groups as lacking bite, considering the Privacy Commissioner is unable to fine organisations for non-compliance and proving a privacy breach has occurred is an -onerous undertaking" Leif Gamertsfelder, e-security group leader at Deacons Lawyers, told ZDNet Australia in an earlier interview.
However, according to Crompton, mostly complainants want an apology and to know that it will not happen again to them or to anyone else. Claims for compensation, he says, will only be made by those -severely adversely affected by what has happened to them".
"The message we want businesses to understand is that this is a light-touch approach," Attorney General Darryl Williams said at today's media briefing. The new legislation forms the principals of -common sense," he said.
The Office of the Privacy Commissioner would not say how many businesses it believes will be ready to meet their obligations tomorrow, but said a -substantial number" would meet the December 21 deadline.
The Australian Information Industry Association (AIIA) also believes a -a significant portion" of its 385 members will be compliant by tomorrow's deadline and will following up with a survey in the New Year.
-We think it's important in the current climate to remove any concerns individuals may have with e-business," AIIA executive director Rob Durie told ZDNet Australia.
Of the new laws lacking bite, Durie said he believed the overriding factor that would lead to compliance was the common sense factor of good privacy being good business.
-A lot of our members have had privacy compliance policies in place for years...they see it as good privacy is good business," Durie said.
The biggest threat for businesses is not the powers of the Privacy Commissioner but the loss of trust from customers, he said. A tarnished reputation over a privacy breach would result in a plummeting share price and revenue slide, Durie added.
-We've been surprised by the level of interest and number of customers out there selling their commitment to privacy as part of their value proposal," Durie said. -I think that's going to be an important part of getting it right."
For full coverage of the new privacy legislation,
check out ZDNet Australia's special report:
All eyes on you
