As Australia observes Privacy Awareness Week, on Monday the Office of the Australian Information Commissioner (OAIC) published its findings in relation to its assessment of compliance with the requirements of Australian Privacy Principle 1 (APP 1) by 20 organisations with online privacy policies.  Organisations assessed include well known entities such as LinkedIn, Westpac Banking Corporation, and News Corp Australia.

APP 1 requires that organisations have a privacy policy that is clearly expressed and up to date.  While all organisations surveyed had easy-to-locate privacy policies, 55% of the policies did not comply with at least one of the requirements of APP 1.  In many cases, privacy policies:

  • did not outline how an individual could request access or correction of their personal information;
  • did not outline how the organisation would handle privacy related complaints; and
  • did not comply with the requirement to describe how the organisation protects the personal information that it holds with adequate detail.

The report acts as a timely reminder to organisations subject to the Privacy Act to review their privacy policies and business practices for compliance with the Privacy Act and the Australian Privacy Principles.