The Australian Privacy Commissioner will be busy in 2015 investigating the misuse of personal data and enforcing the new regime. However, a lack of clarity around big data may put businesses at risk.

Under a revised privacy regime, the Australian Privacy Commissioner has a range of increased powers. With the regime now firmly in place, the logical next step for the Commissioner is an investigation and enforcement role, so businesses need to ensure that systems and procedures are up to scratch and compliant with the new rules.

However, without clear guidance from the Commissioner as to how to manage big data, businesses will need to consider the 'privacy by design' obligations under the Australian Privacy Act. The Commissioner has also noted that the cross border disclosure of information will be a key focus in 2015. This is permitted under the Australian Privacy Act, but subject to specific guidelines and restrictions.

Whether the big data they hold constitutes personal information and, if so, whether the disclosure of that information offshore is in accordance with the Australian Privacy Act and the Commissioner's guidelines, is something businesses will need to carefully consider in 2015.