The Office of the Australian Information Commissioner (OAIC) has released the results of a privacy assessment of the online privacy policies of 20 Australian Privacy Principle (APP) entities (including 5 Australian banks and government and social media bodies).

Each entity’s privacy policy was assessed against specific criteria drawn from APP 1, which deals with the open and transparent management of personal information. Under APP 1, entities must have a privacy policy that is clearly expressed and up-to-date.

The OAIC found that 55% (11) of the entities had privacy policies that did not adequately address one or more of the content requirements in APP 1.4.

Specifically:

• 25% (5) privacy policies did not outline how an individual can request access or correction of their personal information
• 40% (8) privacy policies did not outline how the organisation would deal with a privacy complaint it may receive
• 25% (5) privacy policies did not adequately describe how they protect the personal information that they hold
• 20% (4) privacy policies did not outline whether the organisation was likely to disclose personal information overseas and the countries in which such recipients are likely to be located.