Aussie privacy law sparks scramble to comply
With a little over four months to go before the amendments to the private sector privacy legislation come into effect, confusion still abounds.
The Internet Industry Association (IIA) yesterday released its draft privacy code for the Internet industry. After a seven-week consultation period, the code will be formally submitted for registration by the privacy commissioner.
According to IIA chief executive Peter Coroneos, the code’s enforceability is through a government-backed co-regulatory regime.
"The lack of trust which presently permeates e-commerce, at least in the minds of many end users, means that the industry has to go that extra mile to deal with the natural reticence of people to deal with unseen entities in a virtual environment," Coroneos asserted.
Gerard Florian, general manager for multiservice networks at systems integrator Dimension Data, said its concern at the moment is that there’s simply not enough practical advice out there.
Dimension Data had surveyed its customers and found there were some very basic things that needed to be fixed first. He believes this needs to be driven by the industry as a whole, including the channel, regulators, and other organisations.
"This legislation requires organisations to rethink some things and they’ve got a lot to do." For example, Florian said there security issues with the way some networks are currently set up.
"The environment has to be safe for the information to be safe," he asserts. "The organisations have to be helped to walk before we can help them to run."
Florian believes the direction of the code itself is a good thing for businesses, but he doesn’t think people are going to be prepared by the December 21 deadline. "We’ve got four months to go and that’s not very long at all."
From a legal perspective, Simon Bailey, a partner in the Melbourne office of lawyers Phillips Fox said the act requires organisations to write down how they are handling information, in statements and policies which set out their privacy practices.
To comply with the legislation, a business handling personal information--whether online or otherwise--has to understand the information it holds, how it collects it, what it does with it and how it manages its database in order to comply with the legislation. Bailey admits businesses are only just starting to wake up to the implications of the changes.
"My view is that businesses have taken a while to understand the significance [of the changes]," he said. "It’s asking business to make a cultural change--to effectively change the whole way they view and deal with personal information."
There is also confusion about what the transitional arrangements for compliance after December 21 when the amendments come into force. According to Bailey these are complex, but he advises businesses to have their documentation and procedures bedded down before the deadline.