OAIC launches privacy policy guide

The Australian Information Commissioner has launched a new guide to help organisations develop privacy policies in light of the changes to the Privacy Act, which sets out how government and private sector organisations must handle people’s personal information.

The Office of the Australian Information Commissioner (OAIC) has launched a new guide to help government and private organisations develop a privacy policy to handle people's personal information under the new privacy law change s introduced in March.

The changes to the Privacy Act 1988 on 12 March included a new set of Australian Privacy Principles (APPs) which set out how private sector organisations and federal Australian government agencies must handle people's personal information.

The OAIC's Guide to Developing an APP Privacy Policy (PDF), released this week, sets out a step-by-step process for developing privacy policies, along with a number of tips to ensure that privacy policies are accessible and clearly expressed.

"Privacy is often associated with secrecy. However, the new APPs aim to build organisational cultures that respect privacy while ensuring greater openness about the handling of personal information," said the Australian Information Commissioner, John McMillan, who spoke today at the CeBIT business technology conference in Sydney.

Entities covered by the Privacy Act must now have a clearly expressed and up-to-date privacy policy explaining what they are going to do with people's personal information and the new guide is designed to help them with the creation of those policies.

"The OAIC's community attitudes to privacy research shows that 95 percent of Australians want to know how their information is handled," said McMillan. "However, we also know that most people don't read privacy policies because they are too long and complex.

"The challenge for organisations and agencies is to develop privacy policies that allow individuals to make informed decisions about their privacy," he said.

For McMillan, one of the more thorny privacy issues in Australia right now is non-content telecommunications data — or metadata — and how it should be handled by government and private organisations.

In his presentation at CeBIT, McMillan said that metadata should be considered personal information and should be treated as such by national privacy laws.

According to McMillan, metadata can be used to identify individuals and their activities and, as such, should be considered personal information.

"Personal information is any information that can reasonably identify a person. Of course, there is another category can be thought of as personal information and that is metadata," said McMillan.

McMillan's comments came only weeks after Greens senator Scott Ludlam chaired a series of hearing s to determine how metadata should be dealt with as part of his inquiry into the revision of the Telecommunications (Interception and Access) Act.

McMillan also said that Australia was lagging behind its international peers when it comes to the adoption of an open data policy and transparency in government about how public data is used.

"There have been steps in the UK to move to a more open data policy, but at the moment, Australia lags behind other countries. This was recognised by the Productivity Commission in its annual report," said McMillan.

"The principle that open access should be the default is mirrored in places like the US. Data sets that the government hold are a national asset and should be used for public good," he said.