Privacy Sweep- How Did We Scrub Up?

The OAIC is moving onto the front foot in relation to Privacy. The Commissioner has indicated he will not be lenient, and results of a survey indicate there is room for improvement. As you will already be aware, the new Privacy amendments come into force in March. The amendments "raise the standard" in relation to managing personnel information. Recruitment and other companies which deal with and store personal information should be reviewing their procedures. Early last year, the OAIC (Office of the Australian Information Commissioner) conducted a 'privacy Sweep' of around 50 common websites visited by Australians. This was in conjunction with a global check of over 2000 websites and apps observed for 'Privacy Practice Transparency'- that is, how effectively these websites increased public or business awareness of privacy rights and responsibilities, and complied with both current and upcoming privacy legislation. Although this Sweep was not an official investigation, it nonetheless aimed at identifying websites that might warrant further assessment in the future after the privacy reforms in March come into force. Although participants only spent a few minutes per website, the results of this Sweep were still quite concerning: in Australia, a staggering 83% of privacy policies on websites were found to have at least one issue with readability, relevance, length, 'contacts for further information' or ability to be found.

Readability and Length

Nearly 50% of websites had readability issues- either the language employed was too complex, or the length of the policy was inexcusably long. The Information Commissioner explained that policy must be capable of being presented in formats which assist people who use technologies like screen readers (often used by visually impaired, illiterate or people who primarily speak a language other than English at home). In essence, people needed to be able to "understand what they are signing up to".

Relevance

On a global and national scale, roughly one-third of policies had relevance-related issues. Too many policies used generalised, 'boiler plate' language that was unclear about whether the site complied with relevant legislation and often, they offered no information about the collection, use and disclosure of personal information. Alarmingly, mobile apps fared far worse- a shocking 92% of apps raised privacy practice concerns, with up to 54% having no privacy policies at all! Those that did frequently provided simple links to the privacy policies for their website, instead of addressing just how the apps themselves would be using and collecting information.

Location and Contact-ability

21% of websites searched worldwide did not even contain a privacy policy, but reassuringly, only 2% of Australian websites and apps fell into that category. More importantly though, 15% of the Australian websites registered a concern with find-a-bility of the privacy policy and a further 9% of participants struggled to find further contact information. The Information Commissioner, Timothy Pilgrim, entreated organisations to observe and revise their privacy policies where needed to ensure they comply with the new requirements. He reiterated that in order to comply with the Australian Privacy Principle 1 (APP 1), organisations must have a clear, up-to-date privacy policy that is open and transparent about their privacy practices. Indeed, in a speech that he made in Sydney on the 25th of November, Timothy Pilgrim warned that he will not be taking a "softly, softly" approach after implementation of these reforms. "I have been asked whether I will I be taking a 'softly, softly' approach after implementation of the reforms. Well, I have never been known to be subtle so the answer to that question is probably 'no'". He did go on to say that he would always start by resolving matters through conciliation, but this in no way should be interpreted as being a lenient approach to the enforcement of privacy laws. Certex has been working with ITCRA (recruitment industry association) and Andrew Wood (barrister) to provide workshops and support services on the privacy changes. Call us for further information.