The ACCC’s preliminary report expressed concerns that the current regulatory framework applied to digital platforms, like Google and Facebook, may not meet community expectations when it comes to the collection, use and disclosure of personal information in the digital era. Amongst other things, the report recommends amendments to the Privacy Act that include strengthening notification requirements, the introduction of a 3rd party certification scheme, strengthened consent requirements, enabling the erasure of personal information, increasing penalties for breach and more.
At CRNRSTONE, previously Stable Research we take our responsibility for data security and consumer privacy seriously and believe that the issues raised by the ACCC only highlight our strength and proactiveness in this space. We also support the Association of Market and Social Research Organisation’s (AMSRO) response to the ACCC’s recommendations that “ethical behaviour, independent certification and privacy law are the three pillars that underpin AMSRO member compliance”.
Industry wide approach to privacy
As a proactive market research company, we are members and have worked closely with AMSRO in shaping our industry’s approach to privacy that includes:
- Australia’s first and only registered (APP) Industry Privacy Code, enshrined in Australian law, adjudicated by the Australian Privacy Commissioner and administered by AMSRO
- An industry ‘Trust Mark’ that signifies that organisations uphold and actively manage requirements under the privacy code
- An independent annual audit for ISO (International Organisation for Standardisation) certification
- An industry code of ethics.
Surety for respondents and customers
In contrast, at CRNRSTONE, we are able to clearly articulate our documented processes and methods to protect both our customers and respondents, some of these include: Certification, managerial systems including staff and supplier confidentiality agreements, participation in audit systems, processes incorporating encryption, password protection, quarantined information and data destruction after project completion, as well as external and regular auditing to prevent hacking.
We also have signed staff and supplier confidentiality agreements with legally binding provisions to protect the privacy of respondents, confine the use of the data to the specific research project, don’t share data with anyone other than the agreed client and destroy the data after handing it over to the client.
The ensuing dialogue around the ACCC’s report will be our chance to shine the spotlight on the years of focus and development that has gone into shaping our industry’s best practice approach to privacy. Craig Young, President of the AMSRO, has recently commented that “Personal information for market and social research conducted by AMSRO member organisations is collected only with consent and under strict codes and practices, and it’s high time that other organisations collecting, storing and sharing personal information and data comply with a similar regime. If we are to expect ongoing co-operation from the public, whose opinions are the lifeblood of our industry and others, we all need to be transparent, responsible and held to account.”
Submissions to the ACCC’s Preliminary Report close on the 15th February 2019.
Download our Cyber Checklist Here