Login
iscover
The Office of the Australian Information Commissioner (OAIC) is set to conduct a targeted review of businesses’ privacy policies, including a focus on real estate agencies, to ensure compliance and transparency.
Australia’s privacy commissioner intends to start the new year with a compliance sweep to “put privacy policies under the spotlight”.
The sweep, which is the first of its kind, will kick off in the first week of January and will focus on a select number of businesses to ensure they are meeting their privacy obligations.
“When confronted with in-person requests for their personal information from retailers, licensed venues, car hire companies, or real estate agents, consumers often don’t have access to all the information they might need to make an informed decision,” privacy commissioner Carly Kind said in a 9 December statement.
“This makes them vulnerable to overcollection of personal information and creates risks to their security and privacy.”
The OAIC will focus its attention on roughly 60 entities known for collecting information in-person, looking for compliance issues across six sectors: rental and property, chemists and pharmacies, licensed venues, car rental companies, car dealerships, and pawnbrokers and second-hand dealers.
“In conducting a compliance sweep, the OAIC intends to ensure that entities are meeting their obligations to be transparent with consumers and customers about how they’re using the personal information they collect in-person. We hope this will also catalyse some reflection about how robust entities’ privacy practices are, and whether more can be done to improve compliance with the Privacy Act writ large,” Kind said.
“The Australian community is increasingly concerned about the lack of choice and control they have with respect to their personal information. The first building block of better privacy practices is a clear privacy policy that transparently communicates how an individual can expect their information to be collected, used, disclosed and destroyed.”
The privacy policies of the targeted entities will be assessed under the requirements of the Australian Privacy Principle (APP) 1.4, which outlines what must be included in a privacy policy.
If the OAIC finds any instances of non-compliance, the office will “consider its recently expanded regulatory toolkit” when considering the best regulatory response. Non-compliant entities could face infringement notices and penalties of up to $66,000.
You are not authorised to post comments.
Comments will undergo moderation before they get published.