Graeme Samuel (DGA chairman)
Tech players are getting a chance to pitch on a new code of conduct for data management in the local market.
Data Governance Australia (DGA) has launched a draft Code of Practice as part of its efforts to set leading industry standards and benchmarks for the responsible collection, use, management and disclosure of data.
“We are developing a Code of Practice as part of our ongoing effort to set leading industry standards, promote a culture of best practice, as well as to drive innovation by increasing consumer confidence and trust in the data-practices of organisations,” it said, in its draft code.
The DGA Code of Practice is a principles-based self-regulatory regime enforced by an independent Code Authority, consisting of seven members – three members from consumer groups, three members from industry, and an independent chair.
According to the not-for-profit association, the code extends beyond the Privacy Act and is based on nine core principles – no-harm rule, honesty and transparency, fairness, choice, accuracy and access, accountability, stewardship, security, and enforcement.
It added that it does not only apply to ‘personal information’ (as defined by the Privacy Act), but may also apply to data about consumers more broadly.
According to DGA CEO, Jodie Sangster, the Code presents the channel with an opportunity to lead the charge in self-regulation.
“Data is one of the most valuable assets in our digital economy and there are currently many untapped opportunities for innovation using data,” Sangster said.
“The ways in which organisations collect, use, manage and disclose data will continue to change rapidly with technological advancements. The Code is an initiative to increase consumer trust and drive transparency in data-handling practices. Organisations that meet the standards outlined in the Code will be able to demonstrate that consumer trust is front and centre of their business.”
She also said self-regulation is the right approach in the era of rapid transformation.
“Introducing laws and regulations run the risk of stifling innovation and creating a regime that is not flexible enough to respond to the rate of change.” The DGA said that the Code Principles were developed to supplement rather than restate relevant regulatory provisions.
“The Code supports compliant practices, but is not a guide to legal compliance and is not, and is not intended to become, a registered APP code under the Privacy Act 1988. Where there is inconsistency between a Code organisation’s obligations at law and any Code Principle, the law will prevail,” it mentioned.
The DGA was established in October last year, attracting executives from some of the country’s biggest companies, including Westpac, National Australia Bank (NAB), Woolworths and Qantas.
Australian Competition and Consumer Commission (ACCC) chairman, Graeme Samuel, was named chairman of the board.
“Data is held in staggering volumes across multiple platforms and consumers are demanding transparency, proving that the time is right for Data Governance Australia to introduce its Code of Practice," Samuel said.
“This body exists to assist businesses to thrive through innovation and to promote greater productivity while enhancing consumer trust and greater regulatory compliance. Ensuring that businesses gain the trust of consumers is vital, as is the empowerement of the business user through the collective establishment and enforcement of responsible data-practices.”
As per the Australian Government Public Data Policy Statement, the Australian Government recognises the importance of effectively managing this data for the benefit of Australians.
“The Australian Government commits to optimise the use and reuse of public data; to release non sensitive data as open by default; and to collaborate with the private and research sectors to extend the value of public data for the benefit of the Australian public,” it mentioned in the statement.
As it stands, under new laws passed in Parliament on 13 February, Australian businesses with an annual turnover of $3 million or more will have to disclose information breaches that involve individuals’ personal information.
The Privacy Amendment (Notifiable Data Breaches) Bill 2016 was introduced into Parliament on 19 October last year, and was passed into law after debate in the Senate on 13 February.
The DGA Draft Code of Practice is available for public consultation until 21 July for feedback from industry, consumer groups, and government stakeholders. DGA is also consulting with relevant government bodies and industry stakeholders about data portability issues.
