Latest Products

Interview with Angelene Falk, Deputy Commissioner, OAIC

Thursday 6 April 2017


What are some of the OAIC’s concerns about the attitudes towards data protection in Australia?

 
Many organisations still believe privacy and data protection is about secrecy. Privacy, in a customer content, is about transparency as well as protecting personal information. It means being clear about what data you collect and how you’ll use it, so customers can make informed choices. As the country’s privacy regulator, we encourage a privacy-by-design approach when it comes to building privacy and data protection into a business, or its products. Minimising privacy risks by not collecting unnecessary personal information, or using de-identified data, are just some of the ways businesses and agencies can protect their customer’s data, and their own reputations.
 
Privacy and data protection works poorly as an afterthought; it needs to be part of the overall risk management and planning processes. Risk and compliance professionals should always consider undertaking a privacy impact assessment (PIA) for any project that will involve the handling of personal information. It’s also important for businesses and government agencies to inform people about how they are managing their personal information and what security measures are in place to protect their identities.
 


Do you think Privacy Awareness Week helps to raise awareness about the issues relating to data protection and privacy? Are there specific issues that will be tackled in Privacy Awareness Week this year?

We live in an innovative time where increasingly, personal information is collected and used in ways we couldn’t have anticipated a few years ago.

Privacy Awareness Week is an opportunity for organisations to take stock of their privacy practices and increase their knowledge about new best-practice approaches for protecting the personal information of their customers.    

The theme for PAW this year is ‘trust and transparency’. This theme highlights that, beyond being a regulatory requirement, good privacy management is now a pillar of successful consumer and brand trust.

To help organisations meet contemporary community expectations, we are releasing some helpful eLearning tools for PAW 2017. Our Privacy Impact Assessment e-tool will help anyone managing a project to build in good privacy management from the outset. It will also outline some easy steps you can take to mitigate any risks or community concerns about the management of personal information.
 


Are there any new issues you anticipate coming in the New Year and onwards?
 
With the Notifiable Data Brach scheme passing through Parliament in February 2017, our office is working towards providing practical, plain-English materials to assist agencies and businesses to understand how the new scheme relates to them. We encourage organisations to prepare for its introduction by reviewing our guide for
voluntary data breach notification. We will also be visiting capital cities in 2017 through our Privacy Professionals’ Network to provide briefings on the transition.
 
The impact of international developments—such as the EU’s General Data Protection Regulation (GDPR)—will soon be felt here in Australia. Businesses should now determine whether they will need to comply, and if so, begin to take steps to ensure their personal data handling practices will comply. In the coming months, we will be releasing a helpful resource on the GDPR to help businesses understand and manage their obligations.
 


Is there any message you would like to leave for risk and compliance professionals when it comes cyber security and data protection?
 

Digital innovation and privacy go hand-in-hand, in Australia. The OAIC understands that technology is a rapidly-moving industry, and it is important for the regulator to provide guidance when it comes to supporting risk and compliance professionals in navigating cyber security and data protection.
To deliver privacy solutions to tech industry challenges, we are holding a public conference,
Data + Privacy Asia Pacific, on 12 July in Sydney. The one-day conference will deliver insights on upcoming regulations and policy developments, along with the opportunity to hear from leading experts and regulators.   

Biography