Curriculum Matters, in State Assessment Group Approves Privacy Rules for Student Data, reports on rules governing personally identifiable information about students participating in assessment regimes. The transfer of data to secondary bodies is a constant source of concern in privacy law.  The new Australian Privacy Principles which will come into effect when the Privacy Act amendments come into force in March 2014 address this issue specifically.  The US has a different structure for privacy protection.  It is however useful to see how the issues are considered there.

The article provides:

The PARCC testing group approved a new policy Thursday that is intended to safeguard personally identifiable information about students that is collected as part of states’ common-core assessment regimens.

The action comes as debate continues to swirl about how student data will be used by PARCC (the Partnership for Assessment of Readiness for College and Careers) and the other federally funded assessment consortium, Smarter Balanced. Some critics have raised alarms because they fear that the two state coalitions will hand over student data to the federal government.

PARCC’s new policy, approved by the governing board of the 19-member consortium, attempts to respond to this concern. 

On the opening Read the rest of this entry »

Today the Federal Court announced the transition to complete electronic filing and storage by the end of 2014.  Many in the profession have known for some time of the Federal Court’s preference for moving in this direction.

Details of the process are as follows (and found here):

Federal Court of Australia’s Electronic Court File

Project overview

The Federal Court of Australia is an early adopter of the use of information technology to increase the effectiveness, efficiency and accessibility of the Court. Technology has, and will continue to change court operations, similar to the ways in which technology has affected business practices across the globe.

The Court is currently undertaking an important change in its internal operations – it will transition from paper based information management to digital files. This transition is called the Electronic Court File (ECF) project.

This change will primarily affect the internal functions of the Court but will also provide opportunities for Court users to expand how they interact with the Court.

The ECF project is a further step towards the creation of a single web-based interface, which will effectively integrate the electronic provision and management of information and services. We use the term my files to describe the service. Registered court users will be able to see immediately a list of their files or more precisely, the information or documents they are authorised to access on the Court’s files. They will be able to undertake electronic interaction with the Court and other court users, in respect of my files (ie. your files).

Project aims

The key aims of the project are to:

• implement Read the rest of this entry »

The Australian Financial Review reports, in JPMorgan warns 465,000 customers after cyber attack, that JP Morgan & Chase has belatedly informed/warned its customers of a hacking attack into its database which may have accessed the personal information of 465,000 holders of prepaid cash cards.  It took 2 1/2 months to notify the authorities of the breach.

It provides:

JPMorgan Chase & Co is warning some 465,000 holders of prepaid cash cards issued by the bank that their personal information may have been accessed by hackers who attacked its network in July.

The cards were issued for corporations to pay employees Read the rest of this entry »

There has been the occasional article on the upcoming amendments to the Privacy Act and their impact.  Less than the changes deserve.  I have been posting on this issue since the Enhancing Privacy Bill was passed in December last year.  I have been giving seminars on aspects of the changes in particular regarding the credit provisions and compliance with the APPs.  Given the significant new enforcement powers that will soon be available to the Privacy Commissioner it is surprising that there has not been greater urgency by organisations covered by the Privacy Act to get their privacy house in order.  With penalties of up to $340,000 for individuals and $1.7 million for corporations the cost of compliance should fade into insignificance against the possibility of being at the wrong end of a civil penalty proceedings.

The Australian Financial Review in Read the rest of this entry »

Zdnet reports (found here) that reported data breaches in New Zealand  has doubled in the last year.

The article provides:

The most recent Harvard Law review (Volume 127 November 2013) has published replies to 2 excellent earlier papers, The Dangers of Surveillance, 126 Harv. L. Rev. 1934 (2013) and Toward a Positive Theory of Privacy Law, 126 Harv. L. Rev. 2010 (2013).  Those papers were delivered at a symposium on privacy law held earlier this year. All the papers delivered at the symposium were excellent.  While the regulatory structure of US privacy law differs from Australia and there is a constitutional overlay there with the Fourth and Fourteenth Amendments which are touchstones on some privacy jurisprudence (usually the most high profile cases) which is absent in Australia there is sufficient conceptual similarity for Australian practitioners of privacy law to obtain benefit in reviewing these papers.  Technology moves apace around the world and the law in every jurisdiction is (sometimes) trying to catch up and grapple with the right balance on a range of issues, including freedom of expression, law enforcement etc..

The Dangers of Surveillance

The 32 page article is found here (in PDF format)   The synopsis provides:

From the Fourth Amendment to George Orwell’s Nineteen Eighty-Four, and from the Electronic Communications Privacy Act to films like Minority Report and The Lives of Others, our law and culture are full of warnings about state scrutiny of our lives. These warnings are Read the rest of this entry »

The increasing use of bring your own devices (BYOD) is a causing a very significant problem in maintaining data security and avoiding breaches of the Privacy Act.  Often the BYODs are unencrypted; a USB stick, a flash card or just the memory on a phone or MP3 device.  Easy to use and easier to lose track of the data.  Or worse, to lose the data.

The Economist in Thief in your pocket? considers the dangers of using mobile devices and their weaknesses.

The article provides:

Mobile security: When it comes to mobile devices, viruses are not the problem they are made out to be—at least, not yet. Instead, the biggest risk for organisations comes from absent-minded or nefarious employees

GIVEN Read the rest of this entry »

The PM radio program does regular analysis pieces on various topical issues without being specific to a particular event.  It is an excellent approach because while it is usually tied to a matter of recent interest it does not go stale with time.

In light of the Read the rest of this entry »

Data breaches in the health sector is an ongoing issue requiring close supervision.  The information, usually of or relating to patients, is almost invariably highly confidential.  And by definition sensitive information under the Privacy Act.  In the UK a former manager of a GP’s Practice has been prosecuted for unlawfully accessing medical records of 1940 patients.

The ICO has Read the rest of this entry »

The rapid and exponential increase in the civilian use of drone technology highlights the inadequacy of privacy protection in Australia.  Whereas American state legislatures are moving the fill the regulatory gaps regarding the use of drones in Australia neither Read the rest of this entry »