The Office of the Australian Information Commissioner (OAIC) has approved amendments to the Privacy (Market and Social Research) Code 2014.
Initiated and developed by the Association of Market and Social Research Organisations (AMSRO), the code sets out how AMSRO members must comply with the Australian Privacy Principles in the Privacy Act 1988 in the conduct of market and social research.
Under the updated code:
- Members must notify AMSRO, as code administrator, of any notifications made to the OAIC under the Notifiable Data Breaches (NDB) scheme.
- Members must notify AMSRO of any serious data breach (whether or not an eligible data breach under the NDB scheme) that demonstrates a significant vulnerability of other research organisations in the handling of identifiable research information.
- AMSRO must review the operation of the code annually, including by seeking feedback from member organisations about issues or concerns they have experienced.
Australian Information Commissioner and Privacy Commissioner Angelene Falk welcomed the updates to the code.
“I support AMSRO’s work to ensure the code meets its objectives and remains effective and relevant,” Commissioner Falk said.
“The changes, particularly around data breach reporting, will help ensure the protection of identifiable research information collected about Australians by AMSRO members.”
The Privacy (Market and Social Research) Code 2021 will commence on 22 March 2021.
Under Part IIIB of the Privacy Act, the Information Commissioner can approve and register enforceable privacy codes, including those developed by entities on their own initiative.
The Privacy (Market and Social Research) Code 2014 was registered under subsection 26B(1) of the Privacy Act on 28 November 2014. Full and associate members of AMSRO are bound by this code, including market and social research, data and insights businesses.
Part G of the code requires an independent reviewer to review the code at least every five years.