Guidelines for recognising external dispute resolution schemes
Under the Privacy Act 1988 (Privacy Act) external dispute resolution(EDR) schemes recognised by the OAIC can be used by organisations and individuals to resolve privacy complaints. The Guidelines for recognising external dispute resolution schemes outline the conditions that must be met by EDR schemes to be recognised under the Privacy Act.
The Australian Privacy Commissioner, Timothy Pilgrim, said that the OAIC supports the use of recognised EDR schemes.
‘We encourage the use of alternative dispute resolution processes like EDR schemes to resolve complaints,’ Mr Pilgrim said.
The Privacy Act gives the Information Commissioner the discretion to recognise EDR schemes to handle privacy-related complaints.
‘We recognise the expertise and experience of existing industry EDR schemes and the important role they place. The new guidelines include advice on the conditions that must be met by an EDR scheme to be formally recognised under the Privacy Act.’
‘Importantly, from 12 March 2014, a credit provider must be a member of a recognised EDR scheme to be able to participate in the credit reporting system.’
‘Now that the guidelines have been released the OAIC can receive applications from existing EDR schemes who wish to be recognised so that their members can participate in the credit reporting system from 12 March 2014,’ Mr Pilgrim said.
A register of recognised EDR schemes will be available on the OAIC’s website by 12 March 2014.
Guidelines for developing codes
The Guidelines for developing codes cover the development, registration and ongoing administration of Australian Privacy Principles (APP) codes and the Credit reporting (CR) code.
The Australian Privacy Commissioner said that there were a number of reasons why an organisation or agency may decide to develop an Australian Privacy Principle (APP) code.
‘Industry associations may want to provide greater clarity about how particular APPs apply in a specific industry context or in relation to new and emerging technologies which entities bound by the code utilise,’ said Mr Pilgrim.
‘Other reasons might be to incorporate higher standards for privacy protection than the Privacy Act requires or to assist in promoting cultural change in an industry sector in relation to personal information handling.’
Under the new Part IIIB of the Privacy Act the Information Commissioner can register enforceable codes which are developed by entities on their own initiative or on request from the Information Commissioner, or developed by the Information Commissioner directly.
The new guidelines will assist an organisation to understand whether it is appropriate for them to develop an APP code and what they will need to include in a code.
As well as APP codes the guidelines apply to the development of the mandatory credit reporting code.
A register of codes under the new Part IIIB of the Privacy Act will be available on the OAIC’s website by 12 March 2014.