OAIC gets cracking on raising awareness of new privacy laws

New survey suggests half of Australian companies still don’t know about the government’s overhaul of privacy legislation.

The Office of the Australian Information Commissioner (OAIC) has kicked off a targeted campaign to raise awareness on the new privacy laws before take effect next March.

This comes off the back of the State of Privacy Awareness in Australian Organisations survey, commissioned by security vendor McAfee and launched at the beginning of Privacy Awareness Week 2013 – a joint effort of eight Asia-Pacific countries’ privacy authorities that runs through Friday 4 May – which found that despite being responsible for managing the personal information of customers, 59 per cent of respondents were unaware of the recent major changes to the Privacy Act.

Those changes that will increase the onus on both private and public-sector organisations to tighten their privacy controls – and they could represent a time of reckoning for many organisations that haven’t taken appropriate steps to protect their corporate information.

One third of respondents believe personally identifiable information is not well handled within their organisation, with 38% admitting they have never received training in the management and storage of sensitive data.

Of those who have received training, 52% have received training in the last year, while 19% receive ‘regular frequent updates’.

Use of poorly secured cloud technologies was a common behaviour across the surveyed companies, with 36% of respondents saving data to cloud-based file-sharing services like Dropbox and YouSendIT. One-fifth of respondents use Webmail services like Gmail and Hotmail to share information with colleagues and third-party suppliers; however, that figure rises to 36% among those who have experienced a data breach in the past.

With just ten months to go until the new Privacy Act changes kick in, those findings suggest the federal Office of the Australian Information Commissioner (OAIC) has its work cut out for it in raising awareness about the changes, which were introduced in November 2012 after an extensive review of previously-disparate privacy regulations for public and private-sector organisations.

Rationalisation of the two prior sets of privacy principles will produce a single set of 13 Australian Privacy Principles (APPs) to which all Australian organisations must adhere or risk fines from $340,000 for individuals and $1.7m for corporations.

The OAIC this week kicked off that campaign with the launch of its Guide to Information Security, which offers guidance for organisations keen to update their practices.

Yet any fines are only the beginning of the damage that poor privacy protection can do, with reputational damage seen as a potentially longer-term problem for organisations that are perceived to be lax in their protection of customer data.

“We measured the repercussions most feared by companies when it comes to a data breach,” McAfee practice head for data protection Joel Camissar said. “Reputational damage and loss of customer trust are feared far more than monetary penalties or the cost of fixing the breach itself.

“With the growing volume of big data being collected by Australian organisations, the implications for protecting privacy and building customer trust will be more important than ever and could even be leveraged as a competitive advantage.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags State of Privacy Awareness in Australian Organisationsprivacy lawsOAIC

More about CSODropboxHotmailMcAfee Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts