IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Adapting to latest privacy regulations: Experts weigh in
Fri, 13th Oct 2023

In today's uncertain, fast-moving landscape, it can be challenging for leaders to know what to prioritise, where to focus and how to successfully bring the entire business on the journey. At the recent Marketing Tech Symposium in the Hunter Valley, I joined Teresa Sperti, Director/Founder of Arktic Fox, to unpack the persistent challenge of securing executive buy-in.

From harmonising short-and long-term initiatives to adapting to a privacy-focused, cookieless landscape and investing in the right resources to bridge skill gaps and understand customers for a compelling value proposition, no stone was left unturned.

Navigating the Australian Privacy Overhaul
When it comes to privacy, there's good news and bad news for brands. The good news, Sperti's research confirms, is that 41 % of leaders believe they have their house in order as it pertains to privacy. These leaders believe they have a clear path they are implementing or are well on their way to evolving in the privacy space.

The bad news is more than half (59%) don't. Even more, less than one in four say that improving compliance with data privacy is a key priority in 2023. "Only 23% stated that privacy was a major data priority for them in the year ahead. That number should be 100%, considering the fines involved with non-compliance and the risk to brand reputation from the fallout of a breach," advises Sperti.

"We shouldn't be waiting for change to occur. Consumers want to see action. They expect more from brands. Yet, there is a lack of leadership around this and, I believe, there will continue to be until hands are forced."

With the government's recent commitment to overhauling Australia's privacy laws, following the recommendations of a major review first initiated by the former administration, it looks like hands are now forced.

The latest on Australia's privacy principles
At the core of the proposed changes, the government has agreed to an overhaul of how data is collected, used and stored. The privacy reforms will be progressed under the following focus areas:

Bring the Privacy Act into the Digital Age
The reforms will bring the scope and application of the Privacy Act into the digital age by recognising the public interest in protecting privacy and exploring further how best to apply the Act to a broader range of information and entities which handle this information.

Uplift protections
The reforms will uplift the protections afforded by the Privacy Act by requiring entities to be accountable for handling individuals' information within community expectations and enhancing requirements to keep information secure and destroy it when it is no longer needed.

Reforms to the Notifiable Data Breaches scheme will assist with reducing harms that may result from data breaches and introduce new organisational accountability requirements to encourage entities to incorporate privacy by design into their operating processes. New specific protections will also apply to high-privacy risk activities and more vulnerable groups, including children.

Increase clarity and simplicity for entities and individuals
The reforms will provide entities with greater clarity on how to protect individuals' privacy and simplify the obligations that apply to entities that handle personal information on behalf of another entity.

The reforms will increase the flexibility of code-making under the Act, reduce inconsistency and improve coherence across different legal frameworks with privacy protections, and simplify requirements for transferring personal information overseas, particularly to those countries with substantially similar privacy laws.

Improve control and transparency for individuals over their personal information. The reforms will provide Individuals with greater transparency and control over their information through improved notice and consent mechanisms. The reforms will also explore the scope and application of new rights in relation to personal information and increased avenues to seek redress for interferences with privacy through a direct right of action permitting individuals to apply to the courts for relief for interferences with privacy under the Privacy Act and a new statutory tort for serious invasions of privacy.

● Strengthen enforcement
The reforms will increase enforcement powers for the OAIC, expand the scope of orders the court may make in civil penalty proceedings and empower the courts to consider applications for relief made directly by individuals.

A strategic review of the OAIC and further consideration of its resourcing requirements, including investigating the effectiveness of an industry funding model and establishing litigation funds, will enhance the effectiveness of Australia's privacy regulator.

Australia's Privacy Framework: What you need to know now

Attorney-General Mark Dreyfus recently released the "Government Response to the Privacy Act Review Report". The response agrees to 38 proposals fully, agrees in principle to 68 proposals and notes 10 proposals for further consideration.

Here's what you need to know at a glance:
● Australians can now:
○ Demand that tech companies erase their data
○ Sue for privacy breaches
○ Opt out of being targeted, using sensitive personal information

● Full transparency with AI:
○ The government intends to mandate greater transparency regarding the utilisation of personal data by AI tools.

● Aussie Data Privacy: Taking Cues from GDPR
○ Australia considering adopting similar data privacy regulations akin to Europe's.

● Personalised Advertisements:
○ No approval for rights to opt out of personalised ads or to prevent political parties from targeting based on "sensitive information or traits".

● Transparency Requirement:
○ Entities to be more transparent about personal data use in automated decision-making processes.

What's next?
The government is taking a comprehensive approach to reform, with plans for further consultation and impact analysis before finalising the reform. In 2024, they intend to introduce legislation aimed at safeguarding personal information. Meanwhile, non-legislative proposals, such as new codes and guidance, will be implemented sooner. There will also be further opportunities for public consultation in the next phase.

The fuel that propels transformation 
Securing executive buy-in for transformation and adapting to rapid shifts in the consumer and data privacy landscape is critical. However, Arktic Fox's Digital "Marketing In Focus study highlights a glaring obstacle to this transformation." What we found is that while organisations are embracing digital transformation – not enough are succeeding," Sperti points out. "Nearly 40% of leaders stated that one of the key difficulties they face is senior leadership understanding and buy-in. This topped the list."

This is a real problem, she says, adding, "A lack of executive knowledge and understanding when it comes to digital makes it harder to drive alignment and focus. This results in less investment while increasing the likelihood that more leaders and teams work against, not for, the change."

Putting your customer at the centre of the experience is critical for ongoing success. Mounting research suggests that companies that adopt a customer-centric approach tend to outperform their competitors in areas like revenue generation and market share.

Ultimately, embracing these priorities and investing in the necessary resources, whether it's data privacy compliance, personalisation tools or workforce development, is essential for guiding their organisations toward a successful and adaptive future.