March 7, 2014
There has been some critisism about the effectiveness of the Guidelines to the APP. That has prompted quite a lively response from the Privacy Commissioner (found here). He rarely reacts so quickly and assertively to media reportage. It is important issue to clarify. The extent of work undertaken to comply by organisations has been uneven, to put it mildly. That has been a subject of reports over the last 15 months. Having mixed signals in the marketplace can only hamper regulatory compliance. Ultimately the assertiveness of the Privacy Commissioner will influence how compliant organisations really become.
The consultation details relevantly provides:
Significant amendments to the Privacy Act 1988 (the Privacy Act), made by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (the Privacy Amendment Act), commence on 12 March 2014.
The amendments include Read the rest of this entry »
Posted in Commonwealth Privacy Commissioner, Privacy
|
Post a comment »
The release of guides, policies and Codes is gathering pace ahead of E day, the day the amendments contained in the Privacy (Enhancing Privacy) Act 2012 takes effect, on 12 March 2014. As part of the process the Privacy Commissioner is seeking to update the Guide to undertaking Privacy Impact Assessments. The draft is found here. Comments are sought by 28 March 2014.
The Draft Guide provides, absent appendices:
Introduction to privacy impact assessments
About this Guide
The Guide to undertaking privacy impact assessments (the Guide) has been prepared by the Office of the Australian Information Commissioner (OAIC) to provide an overview of a process for undertaking a privacy impact assessment (PIA). The Guide is intended for use by both government agencies and private sector organisations.
The Guide sets out Read the rest of this entry »
Posted in Commonwealth Privacy Commissioner, Privacy
|
Post a comment »
March 6, 2014
How the Privacy Commissioner will approach compliance is a matter of some conjecture. He has put out a statement on enforcement. It is not the most clear cut and emphatic document one would read this year. Trying to devine an approach is challenging. Itnews reports in Privacy Act audits will consider infosec budgets that while the Privacy Commissioner will not accept laxity he will take into account the resources of a company when dealing withe breaches due to hacking attacks. There is always a danger Read the rest of this entry »
Posted in Privacy
|
Post a comment »
The Target breach has been described as a seminal event in the history of data security and hacking events to date. It has now led to Read the rest of this entry »
Posted in Privacy, Privacy Articles
|
Post a comment »
March 5, 2014
The amendments to the Privacy Act 1988 take effect on 12 March 2014. It is as much an issue for the Privacy Commissioner as organisations and agencies. While compliance will be a significant issue proper regulation and enforcement is as important. In the past Read the rest of this entry »
Posted in Commonwealth Privacy Commissioner, Privacy
|
Post a comment »
March 3, 2014
The Atlantic, the Economist and the New York Review of Books occasionally venture into a discussion about Privacy. The offerings are invariably of high quality and thought provoking. The New York Review of Books Can Privacy Be Saved? keeps to the excellent standard, if the heading is a touch on the cliche side.
It provides:
When the secretive Foreign Intelligence Surveillance Court (FISC) first authorized the National Security Agency in May 2006 to collect and search the telephone metadata records of every American—including every number we call, how often we call, when we Read the rest of this entry »
Posted in Privacy
|
Post a comment »
March 2, 2014
The Privacy Commissioner has released a business resource on the de-identification of data and information. It is found here. De identification and anonymisation of data is the subject of some conjecture in the privacy community and with academic writers. With the rise of big data and the harnessing of sophisticated algorithims some commentators believe it is virtually impossible to de-identify information. That is not a position privacy regulators take though they acknowledge the danger of matching data across a range of sources which could identify data otherwise thought de identified. It is an open issue. For the regulator however an orthodox resource to provide some assistance has been produced.
It provides, without footnotes (though the sources are a necessary read to properly understand this issue):
Privacy business resource 4: De-identification of data and information
De-identification of personal information can Read the rest of this entry »
Posted in General, Privacy
|
Post a comment »
March 1, 2014
The House Standing Committee on Social Policy and Legal Affairs conducted a roundtable on the use of drones and privacy on 28 February 2014. The terms of reference are:
Inquiry into a matter arising from the 2012-13 Annual Report of the Office of the Australian Information Commissioner, namely the regulation of Unmanned Aerial Vehicles.
The press release relevantly provides:
Do drones pose a new threat to our privacy, or Read the rest of this entry »
Posted in Privacy
|
Post a comment »
February 28, 2014
The OAIC has released the enforcement guidelines (found here).
Significant changes to the Privacy Act 1988 will commence on 12 March 2014. The changes include a new set of harmonised Australian Privacy Principles (or APPs) that will replace the two sets of principles that currently apply to Australian Government agencies and to businesses. There will also be changes to credit reporting, including the introduction of a more ‘comprehensive credit reporting’ system and a simplified and enhanced correction and complaints process. The reforms also include new enforcement powers and remedies in relation to investigations.
The Office of the Australian Information Commissioner (OAIC) has Read the rest of this entry »
Posted in Commonwealth Privacy Commissioner, Privacy
|
Post a comment »
February 27, 2014
The Age has run a piece titled Drones in the sky – technological marvel or threat to privacy? regarding the growing phenomana of drones and drone technology. I recently attended a conference on UAVs (unmanned aerial vehicles – drone by a more technical name) at Flinders University, Adelaide, earlier this month and was impressed by the development of the technology and the likely developments in the future. The issue of privacy was a constant theme amongst the experts, engineers and lawyers alike. In the US the States are at the forefront of regulating the use of drones. The FAA is struggling with the policy issues and the practical implementation of rules. In Australia Read the rest of this entry »
Posted in Privacy
|
Post a comment »