Startups must get privacy in order


James Riley
Editorial Director

Australia’s privacy czar has emerged from a near death experience imposed by former Prime Minister Tony Abbott to launch Privacy Awareness Week and warn tech startups of coming scrutiny, after having his agency refunded in the 2016 budget.

In the 2014 horror budget of Mr Abbott and then Treasurer Joe Hockey, the Office of the Australian Information Commissioner which contains the office of the Privacy Commissioner, was to be stripped of dough and disbanded.

Instead, a standalone Privacy Office was to be formed and the freedom of information request processing that was part of the OAIC’s brief was to be handled by other arrangements.

Timothy Pilgrim says startups need to get their house in order

The 2014 changes ran into problems in the Senate and the OAIC was resurrected in the 2016 budget with $37 million over four years.

Fast forward to Privacy Awareness Week and the ever diplomatic Timothy Pilgrim, privacy policy legend and Acting Australian Information Commissioner.

In a speech to mark PAW, Mr Pilgrim spoke gently of the funding crises that have rocked his pitch for the last two years and marked out his turf for the future,

“For those of you who have worked closely with our Office over recent years, you will be aware that the last couple of years have been, a little challenging, to say the least,” he said.

“In the 2014 Budget the Government announced its intention to disband the OAIC, introduce new arrangements for the handling of FOI matters, and re-establish an Office of the Privacy Commissioner.

“However, as part of the 2016 Budget, the Government announced that it would not proceed with those changes and returned funding to the OAIC to enable it to continue with its regulating role under both the Privacy and the FOI Acts.

“As you might expect then, with the funding of the OAIC’s privacy and FOI functions now confirmed, you will be hearing from us a great deal and in a diversity of fora and locations.”

Mr Pilgrim warned startups and those playing with the Internet of Things to have their privacy management in order.

“You’ll … see a lot of focus from us on the Internet of Things and tech start up sectors this year — working to build privacy governance into the outset of our future tech-leading companies,” he said.

“We are collaborating with these sectors on the need to get privacy right and are encouraging them to make use of tools like our Privacy Management Framework, and our template for small and medium enterprises.”

“All I can suggest is, have your Privacy Management Frameworks well established,” he warned.

Mr Pilgrim introduced the OAIC’s new Privacy Professionals Network that will help mesh privacy policy development between government, business and the regulator. The first meeting is in Perth in two weeks’ time.

He jumped on the recent finding by the Deloitte Privacy Index that 94 percent of consumers believe trust is more important than convenience in buying products and services.

“That clear resurgence of trust over convenience also points to the rewards for businesses who have already adopted the ‘privacy by design’ approach,” he said.

“The idea that privacy can be a bolt on extra has always been impractical from a regulator’s perspective but is now also undesirable from a consumer’s.”

Big data looms large on the privacy radar for the year ahead.

This means entities have the flexibility to tailor their personal information handling practices to respond to the privacy challenges of big data uses.

The OAIC is after feedback on a draft guide to big data use and sees formalising deindentification of big data streams as a key priority.

“Deidentification if done properly, can be a privacy enhancing tool with potential to unlock the value of big data. And the OAIC will be revisiting its guidance on deidentification in coming months,” Mr Pilgrim said.

“To that end we will be conducting a series of conversations, through the Privacy Professional’s Network and other networks, to work with business, government, consumer and technical groups on the possibilities of deidentification.”

Loyalty programs can expect serious privacy scrutiny in coming months and Mr Pilgrim urged loyalty players to be compliant with attendees being sent on their way with a warning.

“Without divulging our full assessment calendar I can say that — building on our assessment of Coles and Woolworths loyalty programmes so far this year — it will include a look at some of the other most popular loyalty schemes in Australia.

“You’ll want to ask which programs I’m talking about. But that would be something of a spoiler, wouldn’t it?”

Do you know more? Contact James Riley via Email.

Leave a Comment