Speaking at the Cyberspace law and Policy Centre Symposium, Senator John Faulkner, Cabinet Secretary and Special Minister of State, noted that the areas of policy covered are “far reaching and extremely complex”

“Trying to legislate to control technological development or the ways people use technology is not perhaps ordering the tide to not come in, but it is certainly like trying to empty a bathtub with a teaspoon,” he said.

The value of privacy, he added, needs to be embedded in the hardware and software of technological evolution. “We need to make sure that those values are considered at the beginning, not the end, of the development process,” he said.

All together the Australian Law Reform commission made 295 recommendations for privacy reform, in what mounted to a 74 chapter, 4.8 kilogram report.

It’s the rise of rapid technological chance, particularly in the areas of the capture, storage and transfer of electronic information, including personal data as well as Internet footprints, that is challenging the privacy question. Faulkner said: “The trail of digital crumbs we leave behind us has produced the potential for vast data collections, data collections whose existence may be unknown to us, because they depend not on information volunteered but on information scavenged from the detritus of every-day life.”

But in organisations affected by privacy reform, the biggest challenge may not be how technology evolves, but just who takes responsibility for enforcing changes across the business, and ensuring end-users are aware of their obligations in complying with the legislation.

Troy Braban, senior manager, technology consulting — security at Accenture said the onus of responsibility could fall on a range of different skill-sets. “A security and privacy background will be essential. You may also need a legal background … And they will need to operate at the high level of the organisations.”

As privacy becomes more important and enforcement comes into play, that role of understanding the implications will become a priority for business. According to Braban, the knowledge needed for an individual to take the ropes on privacy reform in a large organisation is going to be extensive — crossing into multiple areas of expertise. For small to medium sized business, the learning curve will be even steeper.

Even more difficult, noted Braban, may be the need to see where privacy legislation applies across differing jurisdictions — alongside the responsibility of working out just where the organisations stores its data, and how it’s protected.

Faulkner expects the government to be able to legislate on the first reform stage within 12 to 18 months.