The Privacy Commissioner has launched new information to guide businesses on how to handle personal information.
Privacy Commissioner, Karen Curtis, described the Privacy Impact Assessment Guide (PIA Guide) as a tool for companies to use when working on projects that use the personal information of consumers.
“Businesses should use the PIA Guide in the early stages of any project or product they are developing which involves the handling of personal information. The guide is easy-to-use, and includes a module specifically designed for the private sector”, she said.
Online payment service, PayPal has thrown its support behind the guide.
“PayPal supports any initiative that raises awareness of the importance of privacy and improves the security of Australian citizens’ details both on and offline. Privacy and security are the heart of our business”, Paypal managing director, Frerk-Malte Feller, said.
Unlike the US, reporting privacy breaches is currently not mandatory under Australian privacy law. While there have been many calls for legislation to include civil penalties for data breaches, the Australian government is still reviewing recommendations as part of the second stage response to the Australian Law Reform Commission Report (ALRC) that was released in October of last year.
“The government, in its first stage response to the ALRC report, has already agreed in principle to the application of civil penalties for serious privacy breaches where other compliance-orientated enforcement methods are not sufficient,” Curtis said in an email to CIO.
“The government will consider the issue of data breach notification as a part of its second stage response to the ALRC’s report,” she said.
She said it was too soon to speculate on whether Australian businesses will be given a grace period if civil penalties for privacy breeches were enforced.
“This will depend on the outcome of the privacy law reform process,” she said.