The sweep starts in the first week of January
The Office of the Australian Information Commissioner (OAIC) will initiate its first compliance sweep in the first week of January.
In the targeted evaluation, the privacy regulator will examine the privacy policies of businesses that obtain information in person. In particular, the compliance sweep will target about 60 businesses from 6 sectors: rental and property, chemists and pharmacists, licenced venues, car rental companies, car dealerships, and pawnbrokers and secondhand dealers.
“When confronted with in-person requests for their personal information from retailers, licenced venues, car hire companies or real estate agents, consumers often don’t have access to all the information they might need to make an informed decision. This makes them vulnerable to overcollection of personal information and creates risks to their security and privacy”, privacy commissioner Carly Kind said. “In conducting a compliance sweep, the OAIC intends to ensure that entities are meeting their obligations to be transparent with consumers and customers about how they’re using the personal information they collect in-person”.
Businesses’ privacy policies will be evaluated in line with Australian Privacy Principle 1.4. The businesses to be reviewed will be determined based on size, location, and reference to high profile and high-risk entities in each sector.
Reforms to the Privacy Act passed last year broadened potential regulatory consequences for breaches of foundational requirements of the law – including the failure to implement privacy policies with specific information. Businesses with non-compliant policies could be slapped with compliance and infringement notices as well as a maximum penalty of $66,000.
“We hope this will also catalyse some reflection about how robust entities’ privacy practices are, and whether more can be done to improve compliance with the Privacy Act writ large”, Kind said. “The Australian community is increasingly concerned about the lack of choice and control they have with respect to their personal information. The first building block of better privacy practices is a clear privacy policy that transparently communicates how an individual can expect their information to be collected, used, disclosed and destroyed”.
