Privacy policies must be clear and simple: OAIC
Australian companies and government agencies must draw up privacy policies that make clear what they will do with personal information, according to the Australian Information Commissioner.
Australian privacy laws changed significantly last month, with the introduction of a set of Australian Privacy Principles (APPs) covering the handling of personal information.
To kick off Privacy Week, the Office of the Information Commissioner has launched guides to developing a privacy policy that complies to the new standard, as well as to undertaking privacy assessments.
“The OAIC’s community attitudes to privacy research shows that 95% of Australians want to know how their information is handled. However, we also know that most people don’t read privacy policies because they are too long and complex,” McMillan said.
“The challenge for organisations and agencies is to develop privacy policies that allow individuals to make informed decisions about their privacy.”
Privacy Commissioner Timothy Pilgrim added that Australians are becoming increasingly concerned about how their private data is being handled.
“Privacy complaints to the OAIC are on the rise with the OAIC having received almost 3000 complaints this financial year. That represents over a 50% increase on the previous year’s figure,” he said.
“We also know that a majority of Australians (60%) have chosen not to deal with organisations because they were concerned about how their personal information would be handled.”
Speaking at the launch, Pilgrim said that companies that proactively notify the OAIC about a data breach will be looked on more favourably than those who don’t, IT News reported.
He said ANZ spared itself an investigation into a 2011 incident involving a security hole that potentially exposed customer statements to unauthorised eyes by directly informing Pilgrim about the breach.
“But if an organisation doesn’t tell us about a breach and we find out about it through the media, we will have to start an investigation because we don’t have the background information that we need,” he said.
Cyber-attack prevention is better than a cure
Corporate and political decision-makers need to invest in areas that do a better job of...
The problem with passwords is not what you think
When it comes to secure authentication, there seems to be a lesson we're not learning.
Secure-by-design software development for digital innovation
The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...
