In November 2012 a consultant psychiatrist lost a bag while riding home. Disappointing and frustrating no doubt but in and of itself normally nothing dramatic there. Except if the bag contained sensitive personal data. A consultant psychiatrist working for the Cardiff and Vale University Health Board did just that. And for these troubles it has been the subject to an undertaking from the Information Commissioner’s Office.
The press release provides:
The Information Commissioner’s Office (ICO) has issued Cardiff and Vale University Health Board with an undertaking following a breach of the Data Protection Act.
On 27 September 2013 the Privacy Commissioner issued Guidelines for recognising external dispute resolution schemes under section 35A of the Privacy Act 1988. It is part of the Privacy Commissioner’s roll out of guidelines, codes and policies in anticipation of the amendments to the Privacy Act coming into effect on 12 March 2014. It is very commendable and entirely appropriate. The real test is the approach the Privacy Commissioner takes once he is armed Read the rest of this entry »
With 6 in 10 Australians choosing not to use a smartphone app because of concerns about the way personal information would be used[1], the Guide will assist mobile app developers to embed better privacy practices into their products, and to comply with Australian privacy law.
The Australian Privacy Commissioner, Timothy Pilgrim, said the growing app industry presented both Read the rest of this entry »
The Australian Governemnt CTO John Sheriden is reported in Public servants should be impartial online: Sheridan to have made it clear that breaches of the guidelines on use of social media may result in severe consequences.
The article provides:
No implied freedom of speech for social media.
Australian Government CTO John Sheridan says guidelines governing how public servants behave online are clear and reasonable – and employees should not be surprised if they face severe consequences for breaching them.
The US Office for Civil Rights and the Office of the National Coordinator for Health Information Technology have together developed model Notices of Privacy Practices. It is geared to the US law but the layout and the terminology is quite effective and user friendly. The homepage is found here.
The basic text provides:
Your Information. Your Rights. Our Responsibilities.
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
The European Court of Human Rights handed down its chamber judgment on 19 September 2013 regarding a complaint by Princess Caroline von Hannover under Article 8 of the European Convention on Human Rights. The Court found there was no breach of Article 8.
The decision is only available in French. The press release is found here.
The photographs the subject of the dispute, taken in 2002, showed the Princess and her husband on holiday of her holiday home off the coast of Kenya. The Court essentially reiterated the criteria for balancing privacy and freedom of expression found in Von Hannover (No 2) involving consideration of:
The subject of the report and its contribution to a debate of general interest
The amendments to the Privacy Act 1988 (Cth) take effect on 12 March 2014. The Privacy Commissioner will then have significant powers to conduct own motion investigations and institute civil penalty proceedings in the Federal Court. The Guidelines being developed by the Privacy Commisioner’s office will no doubt be persuasive. Guidelines are not binding rules (but with a few notable exceptions, see section 16B. That has been made clear with the amendments (see section 6(3). The Privacy Commissioner will develop guidelines which will establish the criteria on which a decision to pursue a civil penalty will be made. But it will be the Federal Court which will be considering the meaning of words, the scope and operation of privacy policies and codes and the operation of the APPs. The jurisprudence in Australia in the privacy law area is quite sparse. Not surprising given the relative ineffectiveness of the legislation. That may change with the new powers available to the Privacy Commissioner. It will be prudent to consider how other jurisdictions have approached privacy issues and have developed their jurisprudence. Obviously they may be of use and even persuasive but definitely not binding.
In that vein it is relevant to have regard to the case notes recently published by the New Zealand Privacy Commissioners. They are found here.
As the ALRC (further) inquiry proceeds on at a relatively relaxed pace on whether there should or should not be a statutory right to privacy and if so what form it should take the UK jurisprudence has developed to the point where there are established principles governing the grant of injunction on privacy related matters. The grant of super injunctions caused considerable controversy and disquiet in the media. More importantly there was concern about their efficacy and enforcement. The process has been amended signficiantly and the Court has been more restrained in its use. The use of privacy injunctions are now more effective and less controversial.
Notable featurs of the report are that there were
six proceedings in which the High Court in London considered an application for a new interim injunction prohibiting Read the rest of this entry »