The channel seems as mixed in its adoption of Privacy Act reforms now as it was confused about the changes when they were introduced on March 12 with much huffing and puffing and the odd threat.
Depending on who you talk to — on and off record — there is either a stack of companies wandering around in some post-Privacy reform wilderness untouched so far by Privacy Commissioner, Timothy Pilgrim, but still to adopt or adapt, or the reforms have been smoothly absorbed into daily channel workings by a significant number of businesses.
Even Pilgrim, who was quite talkative when the reforms were launched, warning that he would not take a "softly, softly" approach, has now gone quiet and had nothing to say to ARN this time. As the new Australian Privacy Principles (APP) slotted in, he offered reassurances that he "would always start by trying to resolve matters through conciliation". But he also said once the changes came into effect, he could let himself in the door at "any time".
On the day of the implementation, market research specialist, Core Data, reported that a third of small to medium-sized businesses were oblivious to the changes to the Privacy Act. In July, the firm's principal, Andrew Inwood, revealed about 60 per cent of the decision makers it surveyed more recently remain unaware of the potential impact of the changes.
While the consequences have been reiterated - a fine of up to $1.7 million for those found repeatedly responsible for malpractice resulting in breaches - parts of the channel remain blinkered.
"My view is that a lot of people have done nothing," Distribution Central executive chairman, Scott Frew, said. "There's been a number of changes across both businesses that I own [DC and iAsset.com], but I think that generally, the IT market has not responded.
"I have not seen a lot of communication within the channel about the privacy act per se, and I am concerned that there are some organisations which have not taken this change seriously enough, and have not gone through the process of getting advice to protect the privacy of data. All you need is one customer that gets upset about its private data, and an organisation could be in a world of strife."
The big guns have, for the most part, got it together (or at least claim to). Those with a prominent foothold in the Australian market (including global players with a physical local presence), security vendors, and resellers which specialise in security services have made investments in adapting compliance as part of constantly-evolving policies to minimise the risk of suffering a breach via attack or negligence. Whether complete prevention is possible is another matter.
Sign up for CIO Asia eNewsletters.