Peter A Clarke

The OAIC has released the enforcement guidelines (found here).

Significant changes to the Privacy Act 1988 will commence on 12 March 2014. The changes include a new set of harmonised Australian Privacy Principles (or APPs) that will replace the two sets of principles that currently apply to Australian Government agencies and to businesses. There will also be changes to credit reporting, including the introduction of a more ‘comprehensive credit reporting’ system and a simplified and enhanced correction and complaints process. The reforms also include new enforcement powers and remedies in relation to investigations.

The Office of the Australian Information Commissioner (OAIC) has Read the rest of this entry »

The Age has run a piece titled Drones in the sky – technological marvel or threat to privacy?  regarding the growing phenomana of drones and drone technology.  I recently attended a conference on UAVs (unmanned aerial vehicles – drone by a more technical name) at Flinders University, Adelaide, earlier this month and was impressed by the development of the technology and the likely developments in the future.  The issue of privacy was a constant theme amongst the experts, engineers and lawyers alike.  In the US the States are at the forefront of regulating the use of drones.  The FAA is struggling with the policy issues and the practical implementation of rules.  In Australia Read the rest of this entry »

The Office of the Privacy Commissioner of Hong Kong, by media statement (found here), announced that there was a 48% in privacy complaints in 2013.  It is a record high.  Given the reports of the last 12 months, through Verizon and Pew to name just a few, the number of privacy intrusive practices is on the rise as is the concern by individuals as to the use of their personal information.  It is an important function of regulators to both highlight emerging problems and take enforcement action.  Some regulators are better at this than others.  The US Federal Trade Commission, the de facto privacy regulator, has been quite active in giving publicity to enforcement and also providing very useful resources to assist consumers.  The Information Commissioner’s Office in the United Kingdom has been critisised in the way it regulates privacy breaches.  In my view it is doing a reasonable job and its reports are very helpful.  The Australian and New Zealand Privacy Commissioners are Read the rest of this entry »

The ICO has issued a 48 page updated privacy impact assessment code of practice.  Clearly it is tied to the UK Data Protection Act however it is relevant to any practitioners in the Australian environment.

The press release (found here) provides:

The Information Commissioner’s Office (ICO) has published Read the rest of this entry »

The Australian in Predictions 2014: Snowden fallout to put privacy at top of agenda higlights the privacy implications of 3 developments in technology within the public sector; cloud computing, mobile and big data.

It provides:

PRIVACY will be front of mind for public-sector agencies at all levels following Read the rest of this entry »

The Economist article Looking both ways considers the interaction of government and technology, in particular how it is regulated.  It is a thoughtful piece which highlights the complexity of encouraging the development of technology but establishing the appropriate safeguards.  The role of government in the use, control and management of personal data is one of the current issues that defies easy solution.  That is the subject of current debate in Europe where the trend is to increase legal responsibility  on business in keeping data secure and using it responsibly.  The question is then whether the (proposed) protections may be going too far and costing too much.  The issue is the USA is not over regulation but the opposite.  The sectoral nature of data protection in the USA translates to inadequate protections and control in large parts of the market where there should be some form of regulation.

Even with the amendments to the Australian Privacy Act on 12 March 2014 the scope of regulation is patchy.  It does not cover Read the rest of this entry »

The Guardian reports in Tinder dating app was sharing more of users’ location data than they realised on a data security flaws in the Tinder App which was identified and notified to the developer last October but not fixed until years end. Apps are a significant and growing problem for data security.  In Australia many start up apps are not covered by the Privacy Act.  The owners rarely have turnover of $3 million or more and aren’t covered by any of the small businesses services which ropes them into the operation of the Act, such as handling health information or credit information as either a credit provider or credit reporting body.  So the Act does not apply to the one area of rapid development in the technology market whose lifeblood is the collection, storage and use of personal information.  And without regulation  developers are all about quickly getting the app into the market with as quick a take up rate as possible.  Not an environment where Read the rest of this entry »

Today the Privacy Commissioner released the APP guidelines.  It is found here.

The accompanying press release provides:

‘March 12 will see the biggest change in privacy law in 25 years, and the APP guidelines are an essential tool for the implementation of this change,’ said Australian Information Commissioner, Professor John McMillan.

The APPs are a single set of principles that Read the rest of this entry »

Failure to scrub data from old computers or from devices at the end of a lease can easily result in a data breach as sensitive information becomes accessible to unauthorised people.  The ICO in the UK has issued guidelines on what should be done (I have posted on this subject here).  With the growth of BYOD and the internet of things this problem will only grow.  It is critical for organisations to have the right protocols and training in place to deal with this potential data time bomb.  In Read the rest of this entry »

The story of a data breach by the Department of Immigration by the Guardian has resulted in the Privacy Commissioner launching an investigation.  The Commissioner issued a statement providing:

The Office of the Australian Information Commissioner (OAIC) is aware of this data breach. I have spoken to the Department of Immigration and Border Protection and have been assured that the information is no longer publically available. This is a serious incident and Read the rest of this entry »