The Office of the Australian Information Commissioner (OAIC) recently undertook its own assessment of the online privacy policies of 20 major organizations. The purpose was to assess compliance with the Australian Privacy Principles (APPs), issued by the OAIC, which took effect on March 12, 2014, and replaced the previous National Privacy Principles and Information Privacy Principles in Australia. The APPs apply to private sector organizations, as well as to the Australian Government.

The Office of the Australian Information Commissioner (OAIC) recently undertook its own assessment of the online privacy policies of 20 major organizations. The purpose was to assess compliance with the Australian Privacy Principles (APPs), issued by the OAIC, which took effect on March 12, 2014, and replaced the previous National Privacy Principles and Information Privacy Principles in Australia. The APPs apply to private sector organizations, as well as to the Australian Government. The APPs contain 13 basic principles and allow the Commissioners of OAIC to undertake performance assessments of relevant organizations, as well as provide for increased powers of enforcement and higher fines for non-compliance. 

The OAIC assessment showed that more than half of the organizations reviewed did not meet certain fundamental requirements under the APPs. Particular problems identified were that privacy policies did not: outline how the organization would deal with a privacy complaint received; adequately describe how the organization protected personal information; or state clearly enough whether the organization was likely to transfer personal information overseas and identify the relevant countries involved. The organizations reviewed were from a variety of sectors, including finance, online retail, government, and social and digital media. 

It has been reported that, at this stage, no action will be taken against any of the organizations as the APPs are relatively new and that the assessment will be used by the OAIC to educate organizations as to how to interpret and comply with the APPs going forward. However, the situation may be different when the OAIC conducts a further-planned review in 12 months’ time.

TIP: Companies in Australia should keep in mind that it is not enough simply to have an online privacy policy. Companies operating in that country should review the content of those policies and ensure that online privacy policies comply fully with the APPs.