In his speech on 16 May at the opening of the 2016 Privacy Awareness Week in Australia, the Australian Information Commissioner announced a public consultation on a draft Guide to Big Data in the context of the Australian Privacy Principles ("APPs") (the "Draft Guide"). The closing date for comments in 26 July 2016.
Despite some criticism that the Draft Guide does not deal with the more challenging privacy issues for Big Data, it serves as a useful starting point for organisations considering the use of Big Data. It encourages organisations to take a risk based approach and to make use of existing privacy tools in their analysis of the impact Big Data will have in terms of consent, data collection, data use and data limitation and data retention. It is hoped that following the consultation and the responses it receives the Draft Guide may yet provide more in depth guidance on how best to comply with the APPs when making use of Big Data.
Organisations should consider responding to the consultation on the Draft Guide because the more organisations currently carrying out Big Data activities that contribute to it, the more likely it is that a useful final guide will be produced.
The following day the Office of the Australian Information Commissioner ("OAIC") released its 'Privacy Management Plan' template ("PMP Template") the purpose of which is to assist organisations in developing their own privacy management plan, which the OAIC describes as a key tool for organisations in meeting their ongoing compliance obligations under the APPs. The PMP Template sets outs four key steps in developing a privacy management plan:
- Embed: a culture of privacy that enables compliance;
- Establish: robust and effective privacy practices, procedures and systems;
- Evaluate: your privacy practices, procedures and systems to ensure continue effectiveness; and
- Enhance: your response to privacy issues.
The release of the PMP Template comes ahead of amendments to the Privacy Act 1988 around data breach notifications being passed, which is due to take place in the second half of 2017, with the hope that it will help more organisations become compliant by that time.
To the extent that organisations process personal data in Australia they should review the PMP Template to ensure that they have processes in place that reflect its requirements and introduce them where it does not. This should help ensure that any processing of personal data is compliant with the data breach notification amendments when they come into force.
A press release on the Information Commissioner's speech is available here.
The consultation on the Draft Guide can be accessed here.
The PMP Template can be accessed here.