It has been almost three years since the Australian Privacy Principles (APPs) were introduced. At that time many organisations did a widespread review and update of their privacy policies and other key privacy documents and procedures. In a world where fast-evolving technologies regularly impact information collection practices, another review and update may well be (over)due.
PRIVACY IS KEY TO CONSUMER TRUST
Consumers are now more privacy-aware and discerning about who they provide their personal information to than they have ever been. Privacy breaches quickly become headline news and often have repercussions for organisations that fail to meet community expectations about how personal information should be managed.
In 2013, the Office of the Australian Information Commissioner’s (OAIC) privacy survey found that 60% of Australians have decided not to deal with a private company due to concerns as to how their personal information will be used. In light of high profile data breaches and the community response to the 2016 Census (both in terms of the privacy concerns and the website being taken off-line due to security concerns) even more people may avoid dealing with an organisation – Government or private sector – if they don’t trust it will handle their personal information appropriately.
WHAT POLICIES SHOULD LOOK LIKE AND INCLUDE
THREE DATA PRACTICES THAT MAY HAVE CHANGED FOR YOU IN THE LAST THREE YEARS
- Information storage: in an increasingly connected world, corporate restructures, company growth and the use of cloud computing all mean that information storage practices often change. Privacy policies must accurately reflect how data is stored and list the overseas countries to which information is disclosed – you should make sure this is up to date.
- Marketing and remarketing: tools such as Google Analytics and Facebook Custom Audiences have changed the manner in which organisations engage with existing and potential customers. These technologies can be effective marketing tools, however, privacy policies should be updated to specify that personal information may be used for marketing purposes, and may be disclosed overseas.
Update related documents Privacy policies do not exist in a vacuum and are not the only documents you need to have in order to support privacy compliance. Make sure you also make corresponding and appropriate updates to your other internal and external privacy documents that address privacy and information management, such as your website terms and conditions, privacy collection statements and data breach response plans.