A "no-harm rule" safeguarding consumers whose personal information is collected, used or disclosed is one of ten principles in a proposed Data Governance Australia code of conduct.
The new industry body, set up last October and headed by former ACCC chairman Graeme Samuel has published a draft of the code and is seeking feedback from stakeholders. Its aim is to promote a culture of best practice and drive innovative use of data by increasing confidence and trust.
Chief executive Jodie Sangster hopes Australia will take a leadership opportunity in self-regulation: "Data is one of the most valuable assets in our digital economy and there are currently many untapped opportunities for innovation using data," she says.
"The ways in which organisations collect, use, manage and disclose data will continue to change rapidly with technological advancements. The code is an initiative to increase consumer trust and drive transparency in data-handling practices."
Sangster (pictured) says organisations that meet the standards outlined in the Code will be able to demonstrate that consumer trust is front and centre of their business: "Self-regulation is the right approach in the era of rapid transformation. Introducing laws and regulations runs the risk of stifling innovation and creating a regime that is not flexible enough to respond to the rate of change."
Board chair Graeme Samuel says the body exists to "assist businesses to thrive" through innovation and to promote greater productivity while enhancing consumer trust and greater regulatory compliance.
The code will contain ten core principles and extends beyond the Privacy Act in several respects by setting higher standards. It does not only apply to 'personal information' - as defined by the Privacy Act - but may also apply to 'data' about consumers more broadly. The core principles cover: the 'no-harm' rule; honesty and transparency; fairness; choice; accuracy and access; accountability; stewardship; security; and enforcement.
Organisations that sign up to the code are required to consider whether, and ensure that their data practices, are consistent with community expectations. They must also consider the 'fairness' to the consumers in the collection, use and disclosure of personal information, taking into account factors such as how the personal information was collected, the reasonable community expectations with respect to the use of personal information, and the risk of harm a particular data-practice may pose to consumers.
The Code will be enforced by the Code Authority, which consists of three members from consumer groups, three members from the industry and an independent chair.
A draft copy of the Code is now available for download at: http://www.datagovernanceaus.com.au
DGA is a not-for-profit association set up to establish industry standards and benchmarks around the collection, use and management of data in Australia. Its role is to provide education, thought leadership and advocacy services to its members to promote and foster an understanding of how data can be used responsibly to drive innovation and competitive advantage while increasing consumer trust and complying with regulatory requirements.
Members come from a cross section of Australian industry and include major financial institutions, leading retailers, law firms, real estate corporations, aviation, and specialist data suppliers including technology, software and consulting service providers.