Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Up front and personal: Privacy reform and customers

The Office of the Australian Information Commissioner (OAIC) kicked off Privacy Awareness Week in Sydney this morning with a business breakfast about new privacy laws and consumer rights.

Privacy laws changed significantly on 12 March 2014. The changes include a new set of Australian Privacy Principles (APPs) which set out how many private sector organisations and federal Australian Government agencies covered by the Privacy Act 1988 must handle people’s personal information.

‘Privacy is often associated with secrecy. However, the new APPs aim to build organisational cultures that respect privacy while ensuring greater openness about the handling of personal information,’ said Prof John McMillan, Australian Information Commissioner.

Entities covered by the Privacy Act must now have a clearly expressed and up-to-date privacy policy explaining what they are going to do with people’s personal information.

‘The OAIC’s community attitudes to privacy research shows that 95% of Australians want to know how their information is handled. However, we also know that most people don’t read privacy policies because they are too long and complex. The challenge for organisations and agencies is to develop privacy policies that allow individuals to make informed decisions about their privacy,’ Prof John McMillan said.

This morning, the OAIC launched a Guide to developing an APP privacy policy to assist organisations and agencies meet this challenge. The Guide sets out a step-by-step process for developing privacy policies and a helpful checklist. There are also a number of tips to ensure that privacy policies are accessible and clearly expressed.

The OAIC also launched a revised Guide to undertaking privacy impact assessments. A Privacy Impact Assessment (PIA) is an assessment tool that ‘tells the story’ of a project from a privacy perspective. PIAs analyse the possible privacy impacts on individuals’ privacy and recommend options of managing, minimising or removing these impacts. PIAs are one way of building an organisational culture that respects privacy while also minimising the risk of data breach which can result in reputational damage and a range of other costs.

‘It is great to see that PIAs are starting to become an essential component of planning for projects that involve the handling of personal information. However, there is a lot of work to do before we can say that organisations are always building privacy in at the beginning of projects and not just bolting it on at the end, often when it is too late,’ said Privacy Commissioner Timothy Pilgrim.

‘Privacy complaints to the OAIC are on the rise with the OAIC having received almost 3,000 complaints this financial year. That represents over a 50% increase on the previous year’s figure. We also  know that a majority of Australians (60%) have chosen not to deal with organisations because they were concerned about how their personal information would be handled. The message is clear that people are prepared to exercise their rights to how their personal information is handled. Businesses must recognise and adopt the business case for privacy, and this means prioritising the privacy of their customers,’ Mr Pilgrim said.

Notes for editors

Privacy Awareness Week (4–10 May 2014) is the primary privacy awareness and education event in the Asia Pacific region. For more information see

The Office of the Australian Information Commissioner (OAIC) held a business breakfast to launch Privacy Awareness Week 2014 on Monday 5 May 2014 in Sydney. This year’s breakfast was about privacy and customers. The program focused on transparency of personal information handling practices and building an organisational culture that respects privacy.

Speakers at the breakfast were:

  • Timothy Pilgrim, Privacy Commissioner
  • Alan Kirkland, Chief Executive Officer, CHOICE
  • Rob Scott, Finance Director, Coles Group
  • Ben Heyes, General Manager, Cyber Security, Privacy & Operational Risk, Commonwealth Bank of Australia

The Australian Information Commissioner, Professor John McMillan hosted the event and launched two new OAIC publications: Guide to developing an APP privacy policy and the Guide to undertaking privacy impact assessments.

The OAIC’s Guide to developing an APP privacy policy is available here:

The OAIC’s Guide to undertaking privacy impact assessments is available here:

The OAIC’s What to look for in a privacy policy poster is available here:

More information on privacy law reform can be accessed here:

The OAIC’s 2013 Community Attitudes to Privacy survey results can be accessed here:

Media contact:
Ms Leila Daniels
0407 663 968