There is a growing focus in the community on privacy and personal information, and that will no doubt continue as data becomes an increasingly valuable commodity in big business.
The Big Brother spectre is a real and growing perception, and business cannot afford to ignore the importance people place on the integrity of their privacy.
Privacy Commissioner, Timothy Pilgrim, has quite broad sweeping powers to act on complaints as well as instigating his own investigations.
The Commissioner recently worked with the Data Protection Commissioner of Ireland and Office and the Privacy Commissioner of Canada, to investigate the consequences of a major data breach involving Adobe's facilities in Ireland.
Part of Adobe's network in Ireland held some 1,700,000 records of Australian customers. The Australian Commissioner found that Adobe failed to take reasonable steps to protect all of the personal information it held.
So it's worth keeping in mind that although you may be liable for damages and other penalties for beaching the Privacy Act, the damage to reputation from the incident and the government's publicised investigation and findings, may have a far greater effect on your business and bottom line.
So, who is obliged to comply with the Privacy Act?
As a simple statement, the Act prohibits 'interfering' with the privacy of an individual. It also specifically provides that interfering with an individual's privacy occurs when conduct breaches an Australian Privacy Principle (APP).
The next important questions are: What is 'personal information', and how does the Act affect those that collect and handle it?
Personal information is information or an opinion about an individual who can be identified, or who is reasonably identifiable. The truth or correctness of the information or opinion is not relevant.
There is a sub-category of personal information called 'sensitive information', which is subject to more stringent controls under the Act. Sensitive information relates to race, ethnic origin, religious beliefs and related matters.
The principal obligations for the collection and handling of personal information are set out in the APPs. Some of the key obligations under the APPs are considered below.
Sign up for CIO Asia eNewsletters.