Published on the 20/08/2013 | Written by Newsdesk
Organisations collecting customer data, especially information they might use for big data analysis need to urgently review their privacy policies with a March deadline looming…
In March 2014 Australia’s new national privacy principles come into effect. For organisations with revenues of A$3 million or more, compliance is mandatory – but for many smaller organisations compliance is seen as a way of developing trust with customers.
According to Gartner security research director Rob McMillan for organisations “which have a culture of respecting privacy” the 13 new Australian Privacy Principles will not force too great a change. However the Office of the Australian Information Commissioner which has oversight of the issue released a report earlier this month calling into question the effectiveness of current privacy policies displayed on company websites.
According to the AIOC more than four out of five of the 50 website privacy policies which it reviewed had “issues” which needed to be addressed. With an average length of 2600 words the AIOC said that 50 percent were difficult to read. It added that compliant policies needed to be clearly expressed and up to date.
McMillan said that organisations which “had nothing to hide can usually express something simply”. Verbose privacy policies which appeared to want to bamboozle readers may face a “consumer uprising” as people became more aware of the value of their private data.
Malcolm Crompton, a former Australian Privacy Commissioner and now managing director of privacy consultant IIS Partners, said that it was important companies using data, big data or meta-data to extract some sort of value for the organisation needed to be aware that if the data could be used to identify a individual then its treatment needed to be compliant with the incoming Australian Privacy Principles which not only require an appropriate privacy policy but appropriate data back up and security.
Gartner’s Rob McMillan said it was also important for companies to review the chain of accountability, especially for heavily outsourced businesses, which influenced where and how private data was kept.
While agreeing with Crompton that big data collections were an important consideration for organisations which needed to comply with the new Australian privacy regime he said that it was still difficult to know exactly how this issue would play out over the coming decade.
