May has been a milestone month for privacy in Australia – from Privacy Awareness Week and our call to Reboot your privacy, to the enactment of new laws to protect personal data in the COVIDSafe app and National Data Store. As privacy hit the headlines, we heard from a wide range of stakeholders about the importance of this fundamental right.
May is also Information Awareness Month, when the OAIC and other organisations come together to promote best practice information handling.
To mark this event, we joined with information access regulators in Australia and around the world to emphasise the importance of documenting decisions, preserving records, and providing access to information during and following the pandemic.
As the statement from Australian Information Access Commissioners makes clear, the duty to document does not cease in a crisis, it becomes more essential.
In the privacy sphere, the public discussion about the COVIDSafe app helped to elevate awareness of the importance that Australians place on privacy and protecting personal information. It also focused attention on the need to take a privacy-by-design approach to any project involving personal information, not only to ensure it is protected, but to minimise privacy impacts and build public trust and confidence in the use of data.
These issues were front and centre in the Privacy Impact Assessment (PIA) process for the COVIDSafe app, as my office worked constructively with the Australian Government to build in strong privacy protections.
Following the recent amendments to the Privacy Act, COVIDSafe app data can only be used for purposes related to contact tracing and must be stored in Australia and destroyed when the app is no longer required. The new law is in keeping with our advice on the PIA that legislation provides the strongest form of protection to codify the privacy safeguards.
We are now monitoring the handling of personal information through the COVIDSafe system as part of a comprehensive oversight program. We have published information for the public on the COVIDSafe app and my privacy rights, explaining these protections and how to make a privacy complaint.
In parallel, we are continuing to develop resources to help guide organisations and agencies through privacy issues related to the COVID-19 outbreak. Our new step-by-step PIA tool will help guide organisations and agencies through this process, both in the current crisis and into the future.
Over the coming year our oversight of COVIDSafe data handling will be a top priority for the OAIC, along with our continuing focus on the online environment and new technologies, security of personal information, and the implementation of the Consumer Data Right (CDR).
Our approach to compliance and enforcement is intended to prevent, detect, redress and incentivise regulated entities to improve personal information handling practices. We have also released a joint Compliance and Enforcement Policy for the CDR with our co-regulator, the Australian Competition and Consumer Commission, to make it clear to consumers and participants how we will uphold the privacy safeguards of the system.
Looking ahead, we are expecting more changes to the Privacy Act to strengthen penalties for interferences with privacy, as well as a broader review to make sure our regulatory framework is able to protect Australians’ personal information into the next decade. You can hear more about this in my address for the launch of PAW 2020 in Queensland.
While we are now seeing restrictions begin to ease across the nation, the impact of the pandemic was also felt in the planning and delivery of Privacy Awareness Week earlier this month. I am pleased to report that a record number of supporters signed up for PAW 2020, working with us to reach a broader audience with important information about protecting personal information online.
Thank you for your commitment to promoting good privacy practice and making the PAW campaign a success during these challenging times.
Angelene Falk Australian Information Commissioner and Privacy Commissioner
|