It features the comment, strongly endorsed by myself, that -
The complete absence of any high profile / high impact enforcement action by the OPC [ie the national Privacy Commissioner] means that business organisations are under no pressure to comply with privacy laws, or to respond to complaints quickly. As no organisations are ever named by the OPC, there is no potential for adverse publicity.The authors analyse "common communications privacy complaint paths" (eg who you can complain to and whether that will be effective) in dealing with telecommunication privacy issues, currently spread over several agencies and involving a range of legislation. Their aim is to assist achievement of optimum outcomes for consumers through development of a "more straightforward, fairer system for managing privacy complaints" in the telecommunications sector. The Report thus examines complaints to the Office of the Privacy Commissioner (OPC), the Australian Communications & Media Authority (ACMA) and the Telecommunications Industry Ombudsman (TIO).
Their key findings, with no surprises for specialists, include -
• Distribution of privacy communications complaints: Annually the OPC [soon to be part of the OAIC] receives 110 communications sector privacy complaints, ACMA receives around 16,000 complaints and the TIO around 5,000. "This is partly a natural result of the jurisdiction of the ACMA - as spam and Do Not Call Register complaints will always be the largest categories of privacy complaints in the sector."Their consequent recommendations are -
• Average resolution times: The average time for dispute resolution varies between 180 days (OPC), 10 days (TIO), and 5 days (ACMA).
• Shaming of businesses for privacy breaches: The OPC, in contrast to other regulators, has never named a telecommunications organisation that has breached privacy, and there have been no formal determinations against any private sector organisation since 2005. [As noted elsewhere in this blog, one might question the usefulness of a watchdog that has no teeth and is so scared of the rain, butterflies or other nasdties that it dare not venture out of its cosy kennel to utter an occasional bark.]
• Where to go for compensation or an apology: If a complainant is seeking compensation and/or an apology, use the OPC or TIO - not ACMA.
· Improvements in complaint resolution times by the Office of the Privacy Commissioner;
· Frank and consistent information given to consumers, especially regarding resolution times;
· Collection of demographic profiles of complainants to better target services;
· Better coordination between the three complaints bodies;
· Consistent messages to complainants on where to complain, and to industry on compliance;
· A full range of regulatory tools and remedies on offer and used – any privacy complaint in the communications sector lodged with any complaints body should be able to achieve all of the outcomes that are desirable in a best practice regulatory environment: compensation for the individual; an apology for the individual; prompt correction or removal of personal data; a change to business practice at the individual company; a change to broader industry practice for systemic issues; occasional naming of individual companies as a warning to other consumers and a lesson for industry; and occasional enforcement action in order to promote compliance.
