The Australian Information Commissioner says all IOT businesses that trade trade in personal information to adopt a privacy-by-design approach. Business owners may be subject to the Privacy Act and definitely are once they reach an annual turnover of more than $3 million, when they are required to build in privacy procedures.
The commissioner said organisations should:
- creating privacy policies that address IoT privacy issues
- making privacy notices easy to read, including by layering notices
- outlining to customers how personal information is collected, used, disclosed and stored
- telling customers how they can control their information, including how to access, amend or delete their information if they wish
- providing timely advice to customers seeking information about privacy practices.
The AIC is developing a number of resources for start-up businesses to assist them in implementing best privacy practices.
For more see https://www.oaic.gov.au/media-and-speeches/news/privacy-shortcomings-of-internet-of-things-businesses-revealed