Peter A Clarke

Drones were the subject of a significant discussion by the Standing Committee of Social Policy and Legal Affairs on 28 February 2014.  The transcript of the roundtable is found here (with the privay discussion being found at pages 40 – 53).  The Australian in CASA rejects drone control role has a report on that discussion in its Aviation section.   The article makes clear that CASA wants nothing to do with policing any privacy laws that may regulate drones in the future.  Which is very sensible.  CASA has a very clear defined role and privacy protections is not within that bailiwick.  The rapid uptake of drone technology poses a multi agency challenge. As with the United States of America an overhaul of the regulations is required.  On the legal front the current law is utterly inadequate to provide privacy protections from the misuse of drone technology.  The legislature is barely rousing itself to deal with these issues.  The problem is that the technology is not stopping for anyone.

The article provides:

THE aviation regulator has said it has no interest Read the rest of this entry »

There has been some critisism about the effectiveness of the Guidelines to the APP.  That has prompted quite a lively response from the Privacy Commissioner (found here).  He rarely reacts so quickly and assertively to media reportage. It is important issue to clarify.  The extent of work undertaken to comply by organisations has been uneven, to put it mildly.  That has been a subject of reports over the last 15 months.  Having mixed signals in the marketplace can only hamper regulatory compliance.  Ultimately the assertiveness of the Privacy Commissioner will influence how compliant organisations really become.

The consultation details relevantly provides:

Significant amendments to the Privacy Act 1988 (the Privacy Act), made by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (the Privacy Amendment Act), commence on 12 March 2014.

The amendments include Read the rest of this entry »

The release of guides, policies and Codes is gathering pace ahead of E day, the day the amendments contained in the Privacy (Enhancing Privacy) Act 2012 takes effect, on 12 March 2014.  As part of the process the Privacy Commissioner is seeking to update the Guide to undertaking Privacy Impact Assessments.  The draft is found here.  Comments are sought by 28 March 2014.

The Draft Guide provides, absent appendices:

Introduction to privacy impact assessments

About this Guide

The Guide to undertaking privacy impact assessments (the Guide) has been prepared by the Office of the Australian Information Commissioner (OAIC) to provide an overview of a process for undertaking a privacy impact assessment (PIA). The Guide is intended for use by both government agencies and private sector organisations.

The Guide sets out Read the rest of this entry »

How the Privacy Commissioner will approach compliance is a matter of some conjecture.  He has put out a statement on enforcement.  It is not the most clear cut and emphatic document one would read this year. Trying to devine an approach is challenging.  Itnews reports in Privacy Act audits will consider infosec budgets that while the Privacy Commissioner will not accept laxity he will take into account the resources of a company when dealing withe breaches due to hacking attacks.  There is always a danger Read the rest of this entry »

The Target breach has been described as a seminal event in the history of data security and hacking events to date.  It has now led to Read the rest of this entry »

The amendments to the Privacy Act 1988 take effect on 12 March 2014.  It is as much an issue for the Privacy Commissioner as organisations and agencies.  While compliance will be a significant issue proper regulation and enforcement is as important.  In the past Read the rest of this entry »

The Atlantic, the Economist and the New York Review of Books occasionally venture into a discussion about Privacy.  The offerings are invariably of high quality and thought provoking.  The New York Review of Books Can Privacy Be Saved?  keeps to the excellent standard, if the heading is a touch on the cliche side.

It provides:

When the secretive Foreign Intelligence Surveillance Court (FISC) first authorized the National Security Agency in May 2006 to collect and search the telephone metadata records of every American—including every number we call, how often we call, when we Read the rest of this entry »

The Privacy Commissioner has released a business resource on the de-identification of data and information. It is found here. De identification and anonymisation of data is the subject of some conjecture in the privacy community and with academic writers.  With the rise of big data and the harnessing of sophisticated algorithims some commentators believe it is virtually impossible to de-identify information.  That is not a position privacy regulators take though they acknowledge the danger of matching data across a range of sources which could identify data otherwise thought de identified.  It is an open issue.  For the regulator however an orthodox resource to provide some assistance has been produced.

It provides, without footnotes (though the sources are a necessary read to properly understand this issue):

Privacy business resource 4: De-identification of data and information

De-identification of personal information can Read the rest of this entry »

The House Standing Committee on Social Policy and Legal Affairs conducted a roundtable on the use of drones and privacy on 28 February 2014.  The terms of reference are:

Inquiry into a matter arising from the 2012-13 Annual Report of the Office of the Australian Information Commissioner, namely the regulation of Unmanned Aerial Vehicles.

The press release relevantly provides:

Do drones pose a new threat to our privacy, or Read the rest of this entry »

The OAIC has released the enforcement guidelines (found here).

Significant changes to the Privacy Act 1988 will commence on 12 March 2014. The changes include a new set of harmonised Australian Privacy Principles (or APPs) that will replace the two sets of principles that currently apply to Australian Government agencies and to businesses. There will also be changes to credit reporting, including the introduction of a more ‘comprehensive credit reporting’ system and a simplified and enhanced correction and complaints process. The reforms also include new enforcement powers and remedies in relation to investigations.

The Office of the Australian Information Commissioner (OAIC) has Read the rest of this entry »