[LINK] The new privacy laws

[stephen at melbpc.org.au]

OAIC gets cracking on raising awareness of new privacy laws

New survey suggests half of Australian companies still don’t know about the 
government’s overhaul of privacy legislation.

By David Braue (CSO Online (Australia)) — 30 April, 2013 16:48
<http://www.cso.com.au/article/460469/oaic_gets_cracking_raising_awareness_
new_privacy_laws/?fp=4&fpid=959105>


The Office of the Australian Information Commissioner (OAIC) has kicked off 
a targeted campaign to raise awareness on the new privacy laws before take 
effect next March.

This comes off the back of the State of Privacy Awareness in Australian 
Organisations survey, commissioned by security vendor McAfee and launched 
at the beginning of Privacy Awareness Week 2013 – a joint effort of eight 
Asia-Pacific countries’ privacy authorities that runs through Friday 4 May 
– which found that despite being responsible for managing the personal 
information of customers, 59 per cent of respondents were unaware of the 
recent major changes to the Privacy Act.

 http://www.privacyawarenessweek.org/

Those changes that will increase the onus on both private and public-sector 
organisations to tighten their privacy controls – and they could represent 
a time of reckoning for many organisations that haven’t taken appropriate 
steps to protect their corporate information.

www.oaic.gov.au/privacy-portal/resources_privacy/Privacy_law_reform.html

One third of respondents believe personally identifiable information is not 
well handled within their organisation, with 38% admitting they have never 
received training in the management and storage of sensitive data.

Of those who have received training, 52% have received training in the last 
year, while 19% receive ‘regular frequent updates’.

Use of poorly secured cloud technologies was a common behaviour across the 
surveyed companies, with 36% of respondents saving data to cloud-based 
file-sharing services like Dropbox and YouSendIT. One-fifth of respondents 
use Webmail services like Gmail and Hotmail to share information with 
colleagues and third-party suppliers; however, that figure rises to 36% 
among those who have experienced a data breach in the past.

With just ten months to go until the new Privacy Act changes kick in, those 
findings suggest the federal Office of the Australian Information 
Commissioner (OAIC) has its work cut out for it in raising awareness about 
the changes, which were introduced in November 2012 after an extensive 
review of previously-disparate privacy regulations for public and private-
sector organisations.

Rationalisation of the two prior sets of privacy principles will produce a 
single set of 13 Australian Privacy Principles (APPs) to which all 
Australian organisations must adhere or risk fines from $340,000 for 
individuals and $1.7m for corporations.

The OAIC this week kicked off that campaign with the launch of its "Guide 
to Information Security", which offers guidance for organisations keen to 
update their practices.

http://www.oaic.gov.au/news/consultations/Information_security/info_securit
y_consult_draft_Dec2012.html

Yet any fines are only the beginning of the damage that poor privacy 
protection can do, with reputational damage seen as a potentially longer-
term problem for organisations that are perceived to be lax in their 
protection of customer data.

“We measured the repercussions most feared by companies when it comes to a 
data breach,” McAfee practice head for data protection Joel Camissar said. 
“Reputational damage and loss of customer trust are feared far more than 
monetary penalties or the cost of fixing the breach itself.

“With the growing volume of big data being collected by Australian 
organisations, the implications for protecting privacy and building 
customer trust will be more important than ever and could even be leveraged 
as a competitive advantage.”
--

Cheers,
Stephen