The annual report of the Privacy Commissioner was recently released. It covers the year ending 30 June 2015, which is Commissioner John Edwards' first full year in office. The report lists a number of highlights, including a focus on making privacy easy for private sector organisations, public sector agencies, and individuals, and the growing value of privacy in society – emphasised by significant damages awarded by the Human Rights Review Tribunal in two separate cases over the year.
In addition to the direct financial consequences, the report emphasises the increased accountability for agencies that get things wrong: the Office of the Privacy Commissioner has adopted a 'naming policy' for publicly naming organisations that do not comply with their privacy obligations.
Large-scale data breaches often involve IT systems and so privacy issues tend to be high on the agenda in the ICT industry. The possible consequences of breaches (including the Privacy Commissioner's naming policy) are important to keep in mind given that the Office has experienced a trend of increasing numbers of media and public enquiries, and complaints over the past five years. This trend can be expected to continue as the Privacy Commissioner continues guidance, education, and awareness initiatives
The full report is available here.