Australian Privacy Commissioner Timothy Pilgrim has called for an improvement in website privacy policies after looking at 20 websites and finding that the median policy length was 3413 words.
Pilgrim assessed a number of organisations including ANZ Bank, the Commonwealth Bank, the Department of Human Services, Westpac, Fairfax, and The Guardian Australia for Australian Privacy Principle One (APP 1) requirements.
APP 1 covers the open and transparent management of personal information.
“The median policy length was 3413 words. This kind of length in an important document like a privacy policy makes it difficult to locate important information. However, the longest we assessed was 18,000 words. I think we can all agree that is far too long for readability,” he said.
He said the key to a good privacy policy to is to make the information easy to read and accessible.
“Our office has provided feedback to each of the agencies and organisations and made recommendations to address any privacy issues that we identified.”
For example, 55 per cent of the privacy policies did not address one or more of the content requirements set out in APP 1.4.
Five privacy policies did not outline how an individual could request access or correction of their personal information.
Eight privacy policies did not mention how the organisation would deal with a privacy complaint it may receive.
Five policies did not describe how the company protects the personal information they hold while four privacy policies did not outline whether the organisation was likely to disclose personal information overseas and the countries in which the recipients were located.
Privacy framework
As part of Privacy Awareness Week, Pilgrim launched a new privacy management framework which is designed to assist public and private sector organisations meet their ongoing compliance obligations.
The framework provides practical guidance on how to establish and implement a privacy management plan, including a four step approach covering governance, leadership and accountability.
“A privacy management plan should commit both people and resources to make sure there is clear accountability for privacy in your organisation,” said Pilgrim.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia