Anticipated revisions to Australian privacy laws – widely tipped for sometime in 2024 – represent a crucial step forward in safeguarding personal data in an increasingly digital and interconnected world.
Technology has rapidly brought innovative solutions that have revolutionised how we live and work. However, with every leap forward, new challenges arise, particularly in privacy and data protection. Safeguarding personal data has become more crucial than ever.
A recently-published review of the Privacy Act acknowledges the importance of these challenges by providing updated regulations and guidelines to address current and future privacy concerns.
As businesses, we must recognise the transformative power of these regulations and embrace the opportunities they present.
By taking a proactive approach to consent management, prioritising data security, and being accountable for our actions, companies can build strong relationships with customers founded on trust and ensure a future where privacy and innovation coexist harmoniously.
Taking control of consents
At a high level, organisations and marketers understand the importance of consent management.
In a world where data is constantly collected and shared, obtaining and managing consent is paramount. Individuals have the right to know how their personal information is being used and shared, and organisations must ensure they have explicit consent from their customers. This transparency fosters trust and allows individuals to make informed decisions about their data.
But consent management is often let down by its implementation: ‘I agree’ checkboxes where disagreeing would result in access to the service being denied; or where consent is sought once and never reviewed, for example.
Research released this year quashes any doubt on the extent to which taking liberties on consent management are acceptable. In the Australian Community Attitudes to Privacy survey, the largest proportion of Australians – 83% – take privacy to mean that their personal information isn’t shared without consent. Yet, according to Deloitte, “currently 35% of organisations do not obtain consent for collection and handling of personal information”.
That gap, unsurprisingly, has consequences. In the Community Attitudes survey, 64% of Australians indicated they had experienced “at least one problem with the handling of their personal information” in the past year or so. Four of the 11 commonly experienced problems were consent-related, covering collection and disclosure (both accidental and intentional).
More problems are likely to emerge as marketers and other business functions embrace AI. As AI use grows, consent management becomes even more critical. These technologies can collect vast amounts of personal data, raising concerns about privacy and security.
Consent handling is likely to change in an amended Privacy Act. The Australian government indicated in September it is likely to “clarify that consent should be voluntary, informed, current, specific and unambiguous”; and allow individuals to review and easily withdraw consent.
So, the future direction of the Privacy Act is to encourage businesses to implement robust consent management processes that empower individuals to control their data and enable organisations to navigate the complex landscape of data handling.
What this might look like is unclear, but there will be official guidance from the Office of the Australian Information Commissioner (OAIC) on “how online services can design consent requests”.
In the interim, marketers and organisations that have a Customer Data Platform (CDP) are likely to be already managing their consents effectively, as well as be better placed to meet the forthcoming future requirements. CDPs not only manage consumer data to provide a single source of truth, but they also manage the consent around this data and make data security a priority.
In addition, many leading CDPs include a centralised “Permissions Management” model that allows companies and individuals to easily manage what channels and types of communications each customer receives. Given the myriad of systems that store permissions across a business, centralising this content can significantly strengthen privacy and customer data management across the organisation.
Increased expectations on accountability
Accountability is another significant aspect of the Privacy Act review. This isn’t about penalising organisations that fail to live up to accountability expectations, although provisions for this do exist.
Instead, it’s about requiring organisations to take a proactive approach to protect personal data – implementing strong security measures, regularly auditing data handling practices, and having mechanisms to respond to data breaches promptly.
The Government response couched this as “requiring entities to be accountable for handling individuals’ information within community expectations, and enhancing requirements to keep information secure and destroying it when it is no longer needed.”
It goes on to say that “new organisational accountability requirements will encourage entities to incorporate privacy-by-design into their operating processes.” This will encourage organisations to protect personal information proactively, ensuring that privacy is woven into the fabric of their operations and not merely an afterthought.
The same CDP that is used to manage consents can also be useful in helping companies protect their customer data more effectively. By centralising data collection and storage, a CDP can provide more robust security measures than a piecemeal approach. This is particularly important in light of the increasing sophistication of cyberattacks and data breaches.
With a CDP, companies can better monitor and control who has access to customer data and more easily identify and respond to security threats.