Peter A Clarke

The release of guides, policies and Codes is gathering pace ahead of E day, the day the amendments contained in the Privacy (Enhancing Privacy) Act 2012 takes effect, on 12 March 2014.  As part of the process the Privacy Commissioner is seeking to update the Guide to undertaking Privacy Impact Assessments.  The draft is found here.  Comments are sought by 28 March 2014.

The Draft Guide provides, absent appendices:

Introduction to privacy impact assessments

About this Guide

The Guide to undertaking privacy impact assessments (the Guide) has been prepared by the Office of the Australian Information Commissioner (OAIC) to provide an overview of a process for undertaking a privacy impact assessment (PIA). The Guide is intended for use by both government agencies and private sector organisations.

The Guide sets out Read the rest of this entry »

How the Privacy Commissioner will approach compliance is a matter of some conjecture.  He has put out a statement on enforcement.  It is not the most clear cut and emphatic document one would read this year. Trying to devine an approach is challenging.  Itnews reports in Privacy Act audits will consider infosec budgets that while the Privacy Commissioner will not accept laxity he will take into account the resources of a company when dealing withe breaches due to hacking attacks.  There is always a danger Read the rest of this entry »

The Target breach has been described as a seminal event in the history of data security and hacking events to date.  It has now led to Read the rest of this entry »

The amendments to the Privacy Act 1988 take effect on 12 March 2014.  It is as much an issue for the Privacy Commissioner as organisations and agencies.  While compliance will be a significant issue proper regulation and enforcement is as important.  In the past Read the rest of this entry »

The Atlantic, the Economist and the New York Review of Books occasionally venture into a discussion about Privacy.  The offerings are invariably of high quality and thought provoking.  The New York Review of Books Can Privacy Be Saved?  keeps to the excellent standard, if the heading is a touch on the cliche side.

It provides:

When the secretive Foreign Intelligence Surveillance Court (FISC) first authorized the National Security Agency in May 2006 to collect and search the telephone metadata records of every American—including every number we call, how often we call, when we Read the rest of this entry »

The Privacy Commissioner has released a business resource on the de-identification of data and information. It is found here. De identification and anonymisation of data is the subject of some conjecture in the privacy community and with academic writers.  With the rise of big data and the harnessing of sophisticated algorithims some commentators believe it is virtually impossible to de-identify information.  That is not a position privacy regulators take though they acknowledge the danger of matching data across a range of sources which could identify data otherwise thought de identified.  It is an open issue.  For the regulator however an orthodox resource to provide some assistance has been produced.

It provides, without footnotes (though the sources are a necessary read to properly understand this issue):

Privacy business resource 4: De-identification of data and information

De-identification of personal information can Read the rest of this entry »

The House Standing Committee on Social Policy and Legal Affairs conducted a roundtable on the use of drones and privacy on 28 February 2014.  The terms of reference are:

Inquiry into a matter arising from the 2012-13 Annual Report of the Office of the Australian Information Commissioner, namely the regulation of Unmanned Aerial Vehicles.

The press release relevantly provides:

Do drones pose a new threat to our privacy, or Read the rest of this entry »

The OAIC has released the enforcement guidelines (found here).

Significant changes to the Privacy Act 1988 will commence on 12 March 2014. The changes include a new set of harmonised Australian Privacy Principles (or APPs) that will replace the two sets of principles that currently apply to Australian Government agencies and to businesses. There will also be changes to credit reporting, including the introduction of a more ‘comprehensive credit reporting’ system and a simplified and enhanced correction and complaints process. The reforms also include new enforcement powers and remedies in relation to investigations.

The Office of the Australian Information Commissioner (OAIC) has Read the rest of this entry »

The Age has run a piece titled Drones in the sky – technological marvel or threat to privacy?  regarding the growing phenomana of drones and drone technology.  I recently attended a conference on UAVs (unmanned aerial vehicles – drone by a more technical name) at Flinders University, Adelaide, earlier this month and was impressed by the development of the technology and the likely developments in the future.  The issue of privacy was a constant theme amongst the experts, engineers and lawyers alike.  In the US the States are at the forefront of regulating the use of drones.  The FAA is struggling with the policy issues and the practical implementation of rules.  In Australia Read the rest of this entry »

The Office of the Privacy Commissioner of Hong Kong, by media statement (found here), announced that there was a 48% in privacy complaints in 2013.  It is a record high.  Given the reports of the last 12 months, through Verizon and Pew to name just a few, the number of privacy intrusive practices is on the rise as is the concern by individuals as to the use of their personal information.  It is an important function of regulators to both highlight emerging problems and take enforcement action.  Some regulators are better at this than others.  The US Federal Trade Commission, the de facto privacy regulator, has been quite active in giving publicity to enforcement and also providing very useful resources to assist consumers.  The Information Commissioner’s Office in the United Kingdom has been critisised in the way it regulates privacy breaches.  In my view it is doing a reasonable job and its reports are very helpful.  The Australian and New Zealand Privacy Commissioners are Read the rest of this entry »