The Australian Information Commissioner and Privacy Commissioner have issued a statement about the Office of the Australian Information Commissioner’s (OAIC) enforcement approach to new privacy laws from 12 March 2014.
“Our compliance focus in the months following 12 March 2014 will be on working with entities to ensure that they understand the new requirements and have the systems in place to meet them. In resolving matters brought to the attention of the OAIC we will take into account the steps taken by entities to genuinely prepare for the changes and to comply with the new legal requirements.
Central to the OAIC’s enforcement approach is an escalation model that includes a range of regulatory responses.
Individuals will continue to have the right to make a complaint to the OAIC and we will deal with these according to our usual processes. That is, in the first instance, in the case of individual complaints we would expect to see a person try to resolve a matter with the organisation or agency first. If the respondent is a member of a recognised External Dispute Resolution scheme, we would also expect the individual to have first accessed that scheme. If a matter is accepted by us, we will always attempt to resolve issues through conciliation. In relation to Commissioner initiated investigations the OAIC will work with respondent organisations and agencies to resolve the matter.
However, where conciliation or working with entities is not effective, we may use our other tools, including determinations, enforceable undertakings or in the case of serious or repeated breaches, initiating court proceedings for civil penalties. This is consistent with our current practices and the approach of the OAIC for some time.”