The Privacy Commissioner has released a third video, this time titled How to access my personal information.

It is Read the rest of this entry »

The Privacy Commissioner has issued a statement about the Commonwealth Government’s data retention proposal.

In Australian Government’s data retention proposal — statement he Read the rest of this entry »

The Privacy Commissioner has released another educational video, How do I make a privacy complaint.  The You tube of the video is Read the rest of this entry »

Curiously the Privacy Commissioner has today, 6 August,  published on the OAIC web site notice titled Consultation on the revised Guide to information security although it is dated Monday 4 August. Time must move more slowly in Canberra.

The statement consultation period closes on Wednesday 27 August 2014.  That is 3 weeks from today.  Given the nature and importance of the issues surrounding information security, what should constitute reasonable steps and the developments in both law overseas and technological advances (and otherwise) why such an abridged timetable is warranted is more than a little perplexing.

The Consultation draft is found here.

The Consultation Information is found Read the rest of this entry »

Today thePrivacy Commissioenr released a video, the first in a series, on privacy.

It is found here:

https://www.youtube.com/watch?v=wmCE_CkV58I

The transcript provides:

What is privacy?

In Australia, personal information is protected by the Commonwealth Privacy Act. Personal information is information that could identify you, like your name or a photo. Read the rest of this entry »

The Office of the Australian Information Commissioner has published its most recent statistics relating to the last quarter.  They are found here.  The media release is found here.

Regarding privacy related work the OAIC made the following comments:

• Phone enquiries: handled 16,486 phone enquiries (18,238 in 2012–13) — a 9% increase in privacy phone enquiries, which are 71% of the total
• Written enquiries: answered 3742 written enquiries (3165 in 2012–13) — a 26% increase in privacy written enquiries, which are 64% of the total
• Privacy complaints: received 4243 complaints (184% increase), and completed 2616 (74% increase). The average closure rate was 7.2 privacy complaints per day (90% increase), and the average completion time was 86.7 days (44% decrease)
• Privacy audits: conducted 8 audits (60% increase)
• Data breach notifications (DBNs): handled 73 DBNs (55% increase)
• Privacy investigations: conducted 13 Commissioner-initiated investigations (32% decrease), and published 4 reports
• Advice, guidance and submissions: published 20 guideline items, conducted 22 consultations, provided 133 written policy advices, and made 17 submissions
• Website visits: received 1.51 million website visits (10% increase)

Read the rest of this entry »

The Privacy Commissioner has conducted an own motion investigation into Pound Road Medical Centre. The investigation applied to the Privacy Act prior to the amendments taking effect on 12 March 2014.  

FACTS

On 23 November 2013, a shed located at 16 Amberley Park Drive, Narre Warren South was broken into.  There were boxes of medical records located in a locked shed.  During the break in the boxes, and therefore the documents, were compromised.  The medical records were created when PRMC operated as a medical centre at the site.  PRMC ceased operating the medical practice at the site from 6 April 2011, and since this date has conducted its practice from new premises.

In about October 2012, the records were transferred from a locked room inside the site to the shed so that renovations for sale of the site could occur. The  shed door was locked with three padlocks. PRMC believed that all the paper-based health records stored at the site were transferred to a locked store at its new premises.

A representative from PRMC initially visited the site two to three times a week and later once a week for purposes of maintenance, repairs and renovations to prepare the site for sale.

The Office of the Australian Information Commissioner (OAIC) was notified that there were boxes of unsecured medical records at the site on 25 November 2013.

The personal information compromised in the data breach consisted of:

1. patients’ ‘identifying particulars’, Read the rest of this entry »

Senate estimates are both a valuable part of the democratic process, holding governmnents accountable and reviewing expenditure, and good media fodder.  It can also be tedious.

The Legal and Constitutional Affairs Committee quizzed the Information Commisioner and the Privacy Commissioner on 29 May 2014.  It is found here.  Noteworthy comments were:

Data Breach notification.

Senator SINGH: Professor McMillan, I want to ask about privacy alerts and whether you support the introduction of mandatory notification requirements for serious breaches of data.

CHAIR: Senator Singh, this might have to be your last question because I have four other senators and 15 minutes left. So could you make this your last question?

Prof. McMillan : Legislation was introduced into the parliament under the previous government for mandatory notifications.

Senator SINGH: Yes, I have now introduced a private member’s bill.

Prof. McMillan : It was called the privacy alerts bill. At the time the Office of the Australian Information Commissioner put out a statement saying that it supported the passage of that legislation. We have made no subsequent statement on the issue.

Senator SINGH: You obviously stand by that previous statement. Are you aware of what significant data breaches have occurred in the last few years?

Prof. McMillan : I will transfer that question to the Privacy Commissioner.

Mr Pilgram : Yes, we are aware, obviously, of a number of major data breaches that have occurred over the last few years. Just to give you an idea, they will vary in severity and the number of people that have been impacted. For example, in the current year, 2013-14, we have become aware of Read the rest of this entry »

Last night’s budget held an unwelcome development for the Information Commissioner’s office.  As in there will be no Information Commissioner come 1 January 2015.  The Privacy Commissioner, a statutory office, will move to the Human Rights Commission and work out of Sydney.

The OAIC were well and truly quick off the mark in the legacy exercise with a statement (found here) which provides:

We acknowledge the Australian Government’s Budget decision on Tuesday 13 May 2014 to disband the Office of the Australian Information Commissioner (OAIC) by 1 January 2015.

During Privacy Week the Privacy Commissioner gave, or least published on the oaic website, 3 speeches: Mapping data breach notification, Privacy matters and Defining the sensor society.

They relevantly provide:

Defining the sensor society

It’s a pleasure to be here to speak to you today for Privacy Awareness Week, especially with so much going on in the privacy sphere lately.

Defining the sensor society is an ambitious and important topic for a two day conference. As Australia’s Privacy Commissioner, you will not be surprised to learn that, in my view, any discussion of this topic should have privacy and the protection of personal information at its core. And so I am encouraged to see that is the case in a number of the presentations that you will hear over the next two days.

Privacy is rarely out of the news these days. The media continues to report on exciting new technologies as well as on activities that raise privacy questions and Read the rest of this entry »