Data Governance Australia (DGA) has announced the launch of a draft Code of Practice (the Code) as part of its ongoing effort to set leading industry standards and benchmarks for the responsible collection, use, management and disclosure of data.
The Code aims to promote a culture of best practice as well as drive innovation by increasing consumer confidence and trust in the data-practices of organisations.
The draft Code will be released for public consultation on 21 June until 21 July 2017. During this period, DGA will take feedback and submissions on the Code from interested stakeholders, including government, business and consumer groups.
DGA chief executive Jodie Sangster said: “Data is one of the most valuable assets in our digital economy and there are currently many untapped opportunities for innovation using data.
“The ways in which organisations collect, use, manage and disclose data will continue to change rapidly with technological advancements.
“The Code is an initiative to increase consumer trust and drive transparency in data-handling practices. Organisations that meet the standards outlined in the Code will be able to demonstrate that consumer trust is front and centre of their business.”
“Self-regulation is the right approach in the era of rapid transformation. Introducing laws and regulations run the risk of stifling innovation and creating a regime that is not flexible enough to respond to the rate of change.”
Graeme Samuel, chair of the DGA board, said: “Data is held in staggering volumes across multiple platforms and consumers are demanding transparency, proving that the time is right for Data Governance Australia to introduce its Code of Practice.
“This body exists to assist businesses to thrive through innovation and to promote greater productivity while enhancing consumer trust and greater regulatory compliance.
“Ensuring that businesses gain the trust of consumers is vital, as is the empowerment of the business user through the collective establishment and enforcement of responsible data-practices.”
The Code will contain ten core principles and extends beyond the Privacy Act in several respects by setting higher standards and most importantly does not only apply to ‘personal information’ (as defined by the Privacy Act), but may also apply to ‘data’ about consumers more broadly. These core principles are:
- No-harm rule
- Honesty and transparency
- Accuracy and access
DGA is also consulting with relevant government bodies and industry stakeholders about data portability issues.
Some other important aspects of the Code are:
‘No-harm rule’ – organisations that sign up to the Code must ensure that they do not cause harm to consumers as a result of the collection, use or disclosure of the consumer’s personal information. This goes beyond the Privacy Act,as it requires organisations to consider the potential impact of their data-practices on the consumer and use best endeavours to ensure that its data-practices do not result in harm to consumers.
Community expectations – organisations that sign up to the Code are required to consider whether, and ensure that, their data practices are consistent with community expectations. This aspect of the Code will promote consumer trust and the ethical use of data.
Fairness – organisations that sign up to the Code must also consider the ‘fairness’ to the consumers in the collection, use and disclosure of personal information. In considering the fairness of a particular data practice, organisations will be required to take a range of factors into account, including for example, the circumstances in which the personal information was collected, the reasonable community expectations with respect to the use of personal information, and the risk of harm a particular data-practice may pose to consumers.
Enforcement – the Code will be enforced by the Code Authority, which consists of three members from consumer groups, three members from the industry and an independent chair.