Australia’s banks are among the largest recipients of personal data from overseas companies, but what do they do about it?
article If you’ve ever used an online banking service or been offered a free account, you’ve likely been in the grip of a privacy issue.
The Australian Securities and Investments Commission has been working to address the issue and, with the latest privacy reform, Australia is one of only a handful of countries in the world that don’t have mandatory data retention.
Read more: Australia’s privacy reform bill ‘stacks up’Australia has a number of privacy laws, but they are not the only ones in play.
For starters, Australia’s Data Retention and Investigatory Powers Act (DRAPA) requires the government to retain a list of companies, who can request that data be retained.
This list can be used to access information from the database.
In a statement, the Commission said the information retention list is designed to ensure data retention is “consistent with Australia’s public interest requirements”.
The legislation also has a mandatory retention period of three years.
The information must be retained in Australia if it is “relevant to an investigation or enforcement action” and is “of a type which is relevant to the conduct of the investigation or the enforcement action”.
While the DRAPA is a requirement of law, it is not a mandatory data preservation regime.
The Commission has also made changes to the way the Australian Security Intelligence Organisation (ASIO) collects data.
In September, the organisation revealed it had obtained data from more than 3,000 Australians.
This is an emerging trend for the security sector, with companies now being able to collect and retain data on a far wider range of people, including people who are not deemed to be “high risk”.ASIO Director General Ian Stewart said in a statement that the organisation was “currently working to develop the most comprehensive data retention regime in the Commonwealth, consistent with the Australian law”.
While privacy advocates argue that the DRAPSA is an adequate law, they say it is currently only required for the bulk collection of data, rather than specific types of data.
The Privacy Act will continue to apply until the new data retention period expires in 2022.
Privacy experts and advocates have been arguing for the data retention law to be extended to cover data collected from online platforms, including Twitter, Facebook, Google and Instagram.
The Australian Privacy Foundation has called on the Government to amend the DRPSA to allow the retention of data collected via third-party services like these, but this has not been a priority.
As well as the DROPSA, the Privacy Act also includes new requirements for companies that store and store online user data, such as Facebook, to keep this information for “reasonable periods of time” and to provide “reasonable protection” to the data subject.
In addition, companies are also required to keep a record of how long they hold and access personal data, which will be kept for three years, rather like the DRATSA.
In its submission to the Federal Government’s Privacy Review, the Australian Privacy Law Institute said it was “quite clear” the DRASA would “be insufficient” to protect the privacy of Australians.
“This will not address the fundamental concern that personal data should be held for as long as possible in Australia, rather it will merely increase the number of data held by Australian companies and their foreign affiliates,” the institute wrote.
“A lack of adequate privacy protection could potentially undermine the privacy protections of Australians.”
Read more: Privacy Act to end data retention deadline, but internet companies won’t be exemptedRead more about the privacy debate:Read more storiesLike many of the other countries, Australia has some of the strictest data retention laws in the developed world.
These include the Data Retentions and Investigational Powers Act, which requires all telecommunications companies to retain the records of all phone calls and text messages for a three-year period.
This law also covers the sharing of internet user data.
This means that any company that collects and stores user data must keep it for as much time as is reasonable for the company to protect its interests, and no longer than is necessary to protect a legitimate interest.
The Privacy Act currently applies to the sharing, storage and use of personal information by all companies, and there are also additional requirements for information stored by non-profit organisations and government agencies.
These include the prohibition on using personal information in “unauthorised circumstances” and “in the public interest”.
For example, it can be kept if it helps protect a law enforcement investigation, national security, the national security of a foreign government or an ongoing international investigation.
The privacy commissioner of New Zealand said in July that the Privacy Commissioner had also found there were no requirements under the law that data should remain in the country for longer than it is needed for the purposes of the law.