Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The Office of the Australian Information Commissioner (OAIC) will conduct a targeted review of businesses’ privacy policies.
Australia’s privacy commissioner intends to start the new year with a compliance sweep to “put privacy policies under the spotlight”.
The sweep, which is the first of its kind, will kick off in the first week of January and will focus on a select number of businesses to ensure they are meeting their privacy obligations.
“When confronted with in-person requests for their personal information from retailers, licenced venues, car hire companies or real estate agents, consumers often don’t have access to all the information they might need to make an informed decision,” privacy commissioner Carly Kind said in a 9 December statement.
“This makes them vulnerable to overcollection of personal information and creates risks to their security and privacy.”
The OAIC will focus its attention on roughly 60 entities known for collecting information in person, looking for compliance issues across six sectors: rental and property, chemists and pharmacies, licensed venues, car rental companies, car dealerships, and pawnbrokers and second-hand dealers.
“In conducting a compliance sweep, the OAIC intends to ensure that entities are meeting their obligations to be transparent with consumers and customers about how they’re using the personal information they collect in person. We hope this will also catalyse some reflection about how robust entities’ privacy practices are, and whether more can be done to improve compliance with the Privacy Act writ large,” Kind said.
“The Australian community is increasingly concerned about the lack of choice and control they have with respect to their personal information. The first building block of better privacy practices is a clear privacy policy that transparently communicates how an individual can expect their information to be collected, used, disclosed and destroyed.”
The privacy policies of the targeted entities will be assessed under the requirements of the Australian Privacy Principle (APP) 1.4, which outlines what must be included in a privacy policy.
If the OAIC finds any instances of non-compliance, the office will “consider its recently expanded regulatory toolkit” when considering the best regulatory response. Non-compliant entities could face infringement notices and penalties of up to $66,000.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
