While many companies are finding that compliance with the upcoming privacy legislation is causing more headaches than first anticipated, some companies are keen to subscribe to the Internet Industry Association's (IIA) "more stringent" code for the Federal Government's proposed regime.
The IIA's industry-specific code has the support of many who feel it addresses important issues not covered in the Privacy Commissioner's guidelines.
Charles Britton, policy officer, IT and communications at the Australian Consumers Association, said the IIA's code "makes considered and constructed extensions" from the privacy legislation, with the code addressing three areas the Privacy Commissioner's guidelines neglect.
Firstly, the term 'sensitive information' has been extended to included information from or about children under 13 years of age and is coupled with a requirement for parental consent when collecting information from this group.
Secondly, the IIA's code has been formulated with European Union standards in mind and, according to Peter Coroneos, chief executive of the IIA, organisations looking to trade with the EU will fall short if they choose only to adhere to the Privacy Commissioner's guidelines.
The final, and most industry-specific, difference revolves around the IIA's restrictions on direct marketing. Brett McGuire, senior associate at international law firm Coudert Brothers, which helped draft the code, said the Australian privacy legislation does not prohibit spamming, whereas anyone complying with the IIA's proposed code simply will not be allowed to spam.
"The act allows organisations to use personal information for direct marketing purposes without obtaining consent so long as it is 'impracticable' for the organisation to obtain consent," he said, adding that the legislation effectively promotes an 'opt out' system.
"The IIA's draft code tackles this by requiring subscribers to the code to create an opt-in environment, where marketing materials can only be distributed with the express permission of the recipient," he said.
While these three inclusions to the code attracted kudos from many corners of the industry, Britton also noted, however, that the IIA's code needed to be more specific in its definition of the online environment so as to encompass newer technologies such as WAP, SMS and digital television.
Another important feature of the IIA code is that member organisations can subscribe to the code regardless of their size. According to Theo Hnarakis, group general manager of MelbourneIT, the privacy legislation is virtually useless within the Internet industry, given that most businesses fall below the $3 million threshold that dictates compliance to the legislation.
"MelbourneIT has 500 to 600 resellers of domain names in Australia, of which only a handful would have a turnover of $3 million," he said. "So what's the use of having privacy legislation if 95 per cent of all operators within the industry won't be bound by it?"
Hnarakis added that MelbourneIT would be subscribing to the IIA code, because of its industry-specific elements.
David Bathur, communications co-ordinator for OzEmail, agreed with this reasoning, saying that OzEmail is looking to subscribe to the IIA code for a similar reason. "The legislation allows an organisation to subscribe to an approved code and the IIA code is basically more applicable to the Internet industry. So the result is that we adhere to the most strenuous privacy code that is available," he said.
The IIA's draft code was launched during August, with the organisation accepting comments on the draft until October 5, 2001. Coroneos said he expects that a final draft will be submitted for registration with the Federal Privacy Commissioner by November.