IT analysts are warning Australian companies racing to comply with the new privacy act next month that high-profile organisations will be targeted in the New Year to test the legislation.
Listing compliance principles which are "vague" and difficult for IT professionals to enforce, Meta Group issued a paper warning companies: "We expect high-profile organisations such as banks and utilities to be under close scrutiny and that a few of these will inevitably be targeted as examples."
Pointing to principles covering data security, the research company said strict enforcement of a few vague areas could lead to some challenges.
"Without a body of formal rulings to establish precedent it is difficult to project specific conditions that will be judged as non-compliant and the associated consequences."
The paper said that rulings over the next 12 to 18 months under the Privacy Amendment Act, which comes into force on December 21, will be required to clarify ambiguities.
The Act will force many Australian companies to increase investment in IT security, because protection must be provided against unauthorised external access via the Internet.
Principles also suggest avoiding transmission of personal information across "public networks" or to adopt the use of encryption "during transmission".
The Meta paper poses the questions: Is a frame relay circuit considered public or private? Does transmission include just the wide-area network, or also local area network?
"Depending on the answers, the implications could be substantial, from requiring massive implementations of link encryptors to full-scope public key infrastructures," according to the paper.
"A practical approach, pending future clarification, is to provide encryption for the non-local portions when the network in question is the Internet."
Privacy advocates also expect a few high-profile cases next year to test the new legislation, so companies that lag behind could be under the microscope.
As the privacy compliance centre director Mark Sumich has warned: "Come December, consumer interest groups will be looking for some showcase examples of privacy in different businesses and the current regulatory climate in Australia is unforgiving for corporate malfeasance."