Following on from the recent opinion piece by Nalini Kara from Salmat on the new Australian Privacy Principles (APPs), Aaron Greenman from IT consultancy Protiviti has chipped in his thoughts on the matter, reports RetailBiz.com.au.
“For the first time under Australian information privacy law, organisations have an express obligation to take positive steps to adopt practices and systems to protect personal data in accordance with the APPs,” Greenman said.
“Organisations will be saddled with a raft of new responsibilities including ensuring they have processes to deal with privacy complaints, making sure they are accountable for personal information disclosed to overseas parties, establishing security measures to prevent information breaches, and many more.”
Click here to sign up for our free daily newsletter
Greenman provided 10 tips for retailers looking to be more APP ready:
1. Identify the classes of personal information collected and held. Examples include: contact details, employment history, educational qualifications, racial or ethnic origin, Tax File Numbers, health information.
2. Identify how such information is collected, held, used and disclosed, and the purposes for which it is collected and used.
3. Identify the scope of any cross-border disclosures including where possible, the countries where recipients are likely to be located.
4. Review and update procedures and policies for managing the privacy risks at each stage of the lifecycle of this information, including at the time of collection, use, disclosure, storage and destruction.
5. Implement security systems for protecting the information from misuse, interference, loss and unauthorised disclosure, such as IT systems, internal access controls and audit trails.
6. Implement procedures for identifying and reporting privacy breaches and for receiving and addressing complaints.
7. Implement access and correction procedures.
8. Introduce procedures to give individuals the option of not identifying themselves or of using a pseudonym.
9. Establish a process to conduct a privacy impact assessment for any new projects where personal information will be handled.
10. Establish governance mechanisms to ensure ongoing compliance with the APPs such as appointing designated privacy officers and regular reporting to the board and management.
Click here to read the full RetailBiz.com.au Round Up with all the latest news from the retail industry.