Home Hacking Effects of data leak will spread beyond customers, warns privacy expert Melanie Marks of elevenM

Effects of data leak will spread beyond customers, warns privacy expert Melanie Marks of elevenM

by

In its 2020 survey Australian Community Attitudes to Privacy, the Office of the Australian Information Commissioner found that Australians trust their healthcare providers to keep their information secure more than they trust any other sector. Seventy 70 per cent of those surveyed said they found health service providers either very trustworthy, or somewhat trustworthy.

That was double the level of trust in insurance companies, which only 35 per cent of Australians said they found trustworthy, according to the OAIC survey.

“If you feel that when you go to see your psychologist and talk about some very personal issues that you might have, and if you fear that your information may not be secure, you may not go back to that provider or to any other provider,” Ms Marks said.

More reform needed

On Friday, the government moved to restore trust in corporate Australia’s ability to keep personal data secure, by vastly increasing the fines that companies will incur when they have failed to take reasonable steps to protect personal data.

While that move was welcome, it was “just one of the dials we need to be turning” to improve corporate attitudes to data security and privacy, Ms Marks said.

“There needs to be a continued push to address other areas of privacy reform, including modernising the definition of personal information, reviewing existing exemptions to the current Privacy Act, and increasing accountability of organisations for preventing privacy harms,” she said.

The government also needed to better fund the OAIC because “increased fines are effectively meaningless unless they can be enforced”, Ms Marks said.

Former NSW deputy privacy commissioner Anna Johnston, who runs her own data privacy consultancy, Salinger Privacy, said many details of the Privacy Act needed to be addressed, not just the size of fines.

“Will the OAIC be able to levy fines directly, or will they still have to apply to the Federal Court?” Ms Johnston asked.

Having to go through the Federal Court was one of the reasons OAIC had never imposed the modest $2.2 million fine under the current Privacy Act, she said.

Additionally, companies could be punished only if they were guilty of “serious” privacy breaches, which was not defined in the Privacy Act, or if they were repeat offenders.

This too was a “weakness” in Australia’s privacy law that needed to be fixed, she said.

Source link

Related Articles

Translate »