What are data privacy rules?
It might be all the rage at the moment, but that doesn’t mean the new data economy is the Wild West out there. In fact, anyone looking to pull valuable information from other parties must have a thorough understanding of data privacy rules.
Do you know the Privacy Act?
For over 30 years, the Australian Privacy Act has been in place, overseeing anything and everything related to the handling of personal information. While in its formative years the law focused on how a lot of physical data passed between individuals and companies, in recent years – and especially thanks to the explosion of digitization – the Privacy Act has been used to manage how digital data is handled.
This is important for Chief Data Officers and all those in the C-suite of organizations as well. While they may not be lawyers, under Australian law they are beholden to the policies and regulations outlined in the act, and ignorance of it is not a viable legal defense.
That’s why it’s crucial for all operators who collect, manage, share and analyze data to understand how the Privacy Act plays into their day-to-day operations. If you don’t want to pore over dense legal texts, you might consider hiring a lawyer or engaging your legal department to create a privacy handbook based on the relevant sections of the act.
But the Privacy Act isn’t the only authority Australian entities must abide by in terms of relevant data privacy rules. With the rise of the data economy has come the need for various regulations dependent on the region, industry types and level of data handling involved.
So while Australia has its Privacy Act to manage the handling of data by companies and individuals, the European Union recently implemented its General Data Protection Regulation. Regarded as one of the most comprehensive policies surrounding data collection and sharing, it’s something every Chief Data Officer must be aware of and knowledgeable in if they are to adequately manage their organization’s data campaigns.
This is because GDPR fines for any data misuse are severe, up to €20 million or 4% of the company’s global annual turnover. Most importantly, any business with connections to entities within the EU (even third-party connections) falls within the remit of the GDPR and its penalties.
Data protection laws
It might seem like Chief Data Officers have a difficult task ahead, what with needing to get across multiple data protection laws that may not even have an impact on their organization over the course of their career.
But these data protection laws are in place for a very good reason: to ensure the privacy and protection of both individual and company data, and to maintain the value of that data for the length of its life. And when it comes to getting as much out of the data economy as possible, especially through data sharing initiatives, the value of that data is priceless.