On Mon, 20 Aug 2001 18:48:33 +1000 (EST) Howard Lowndes
<lannet@lannet.com.au> wrote:
>Does anyone have any idea what the requirements are for these amendments.
>I have seen very little writen about it and have heard very little about
>it from IIA.
>
>Is there a "Dummies Guide" anywhere?
Not really, because it's probably near impossible to produce an accurate
short guide. And, the reason it's too hard to produce a short guide, is
that the law the Parliament chose to enact has so many loopholes in it,
that any guide needs to list all the loopholes, or at least to not
misrepresent what the law says. If it misrepresents the law, makes it sound
more privacy protective than it is, of course various businesses/industry
reps will/do scream blue murder.
The IIA Code launch statement is here:
http://www.iia.net.au/privacylaunch.html
and one of the docs available from there is intended to be a one page
summary. I make no comment on whether or not it's accurate, haven't studied
it.
A couple of months ago the Privacy Commissioner launched draft guidelines
for public comment, deadline for comment was 6 July. These were/are
intended to provide a guide to complying with the law. One problem is they
comprised 150 pages (partly because they provide lots of example
situations).
A "summary" released by the Commissioner is available from here:
http://www.privacy.gov.au/rfc/sdnppg.html
The full _draft_ Guidelines are from here:
http://www.privacy.gov.au/rfc/index.html#1
As the EFA representative on the Commissioner's NPP Guidelines Reference
Group, I'm aware (from the third meeting of that group last week), that the
Commissioner's office is endeavouring to reduce the 150 page guidelines to
40 pages, with supplemental FAQ type sheets to also be available on various
aspects.
It is, in my personal opinion, likely that some of the
proposals/interpretations in the draft guidelines will be rolled-back to be
less privacy protective than appears to be the case in the initial draft.
Unsurprisingly, some business groups do not like the law, or the draft
guidelines - heaven forbid that they might actually require businesses to
respect individuals' privacy to a greater extent than in the past - and so
they will no doubt have heavily lobbied the Commissioner's office and/or
politicians, the latter of whom are likely to have exerted their own
pressure in relevant places.
In my opinion, if businesses really are "scrambling" to comply with the
forthcoming law, then it just shows what little regard they gave to privacy
before. If they'd already had procedures in place to ensure personal
information about customers was not used or disclosed in a manner that
their customers would not reasonably expect, then the amount of work they'd
have to do to comply with the new law would not be very onerous. Of course,
businesses that are trying to find every loophole they can in order to
continue breaching customers' privacy will no doubt be having considerably
more difficulty in preparing to comply, than businesses who are willing to
make simple statements like "we will not use or disclose your personal
information for purposes for which you have not consented".
Irene
This archive was generated by hypermail 2.1.1 : Fri Aug 31 2001 - 03:10:04 EST