A year on, commissioner “pleased” with Australian Privacy Principles momentum

Privacy commissioner Timothy Pilgrim is “pleased” with the rate at which Australian businesses have embraced the overhauled Privacy Act 1988 in the year since significant changes to the legislation were introduced.

Backed by fines of up to $1.7m, the changes were introduced on 12 March 2014 to standardise privacy controls across public and private sector organisations that had previously been held to different standards in protecting private information.

The new guidelines – which are based around 13 consolidated Australian Privacy Principles (APPs) – had broad support from business and privacy leaders, although days before the cutover many businesses were still said to be unprepared for the new policies.

The intervening year had been a busy one for the Office of the Australian Information Commissioner (OAIC), whose review of the first year of enforcement found that the OAIC had received 4016 privacy complaints during the past year, with 104 voluntary data breach notifications and 13 privacy assessments undertaken.

Much of the OAIC's enforcement effort has been focused on auditing organisations' privacy policies; the organisation is undertaking a targeted assessment program that will expand this year to include evaluation of APP compliance.

“I've been particularly pleased with how organisations and agencies have responded positively to the challenge of implementation,” Pilgrim said in a statement.

“It is more effective, and ultimately cheaper, to embed privacy in day-to-day processes than it is to respond to issues such as data breaches as they arise.”

With some 14,064 enquiries about privacy policies received by the OAIC in the first year of the new policies, Pilgrim indicated that the OAIC would this year be focused on working with organisations to build “a culture of privacy” that helps them be “proactive in meeting their compliance requirements.”

This included a campaign to raise awareness of privacy requirements and policies during Privacy Awareness Week (PAW), which will run from May 3 to 9 this year and will see the OAIC release a privacy management framework drawing on its experiences to date.

Read more: Companies failing to maintain payment-card protections after PCI DSS certification

PAW is an initiative of the Asia Pacific Privacy Authorities (APPA) forum.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags Australian Information Commissioner (OAIC)Australian Privacy Principlesvoluntary data breachCyber Security StrategyAustralian Privacy Principles (APPs)Australian GovernmentCSO AustraliaPrivacy Awareness Week (PAW)Timothy Pilgrim

More about CSOEnex TestLab

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts