Victoria to adopt Privacy by Design: Victorian commissioner

Acting Victorian Privacy Commissioner David Watts. Photo credit: Privacy Victoria.

Privacy Victoria is set to implement Privacy by Design, a set of policies that integrates with technology, from 1 July 2014.

According to Acting Victorian Privacy Commissioner David Watts, Privacy by Design is about “embedding privacy into IT, business practices and networked infrastructures right from the outset".

He added that the policy provides a framework to address the “ever-growing and systemic effects” of ICT and networked data systems.

“As Privacy by Design is an international benchmark it is widely understood and endorsed by the global ICT community. It is nothing new for many of the [Victorian] government’s private sector partners,” Watts said in a statement.

“Victoria will be the first Australian state privacy office to explicitly endorse and implement Privacy by Design,” he added.

Privacy Act will make organisations `more transparent’: State privacy commissioners

Privacy Awareness Week

Watts also launched the state’s Privacy Awareness Week campaign – Data Sharing: Share with Care, Share with Confidence.

This theme was chosen to help companies and state government agencies who need to share data, understand state privacy laws.

“Information privacy was never conceived as preventing the appropriate sharing of personal information and this policy is embodied in the objects section of the <i>Information Privacy Act 2000</i>,” he said.

Watts added that the Act encourages companies and state government agencies “to be thoughtful and open” when dealing with personal information. This means that personal information and the ICT systems that facilitate the collection, use and disclosure of data are properly overseen and managed.

“The <i>Information Privacy Principles</i> [IPPs] have much to say about information sharing in IPP2, the privacy principle that addresses the use and disclosure of personal information. The overarching rule is that when personal information is collected for a purpose, it can be used and disclosed for that or a related purpose,” he said.

According to Watts, the remainder of IPP2 includes exceptions to this rule and recognise that “some interests take priority over privacy".

These interests include: permissions to allow information sharing when a person’s life, health or safety are at risk or so that Victorian police can investigate unlawful activity such as cyber crime.

OAIC

Australian Privacy Commissioner Timothy Pilgrim told Computerworld Australia that the OAIC has "actively promoted" a Privacy by Design approach for a number of years.

"It is worth noting that this approach has recently been reinforced in the federal Privacy Act. Australian Privacy Principle [APP] 1 requires the implementation of practices, procedures and systems that will ensure compliance with the APPs," he said.

"The OAIC also actively promotes the use of privacy impact assessments [PIAs] by organisations. PIAs identify the impact that a project might have on the privacy of individuals and reflect a number of the foundational principles of Privacy by Design."

Pilgrim added that it "regularly reminds" organisations that PIAs should be part of the overall risk management and planning processes, and that privacy should be built into processes, "not bolted on" as an afterthought.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia