Privacy Advisor

Privacy News

October 1, 2007

ALRC Proposes Overhaul of 'Complex and Costly' Privacy Laws
The Australian Law Reform Commission (ALRC) has released a blueprint with 301 proposals for overhauling Australia's complex and costly privacy laws and practices.

Releasing Discussion Paper 72, Review of Australian Privacy Law, ALRC President Professor David Weisbrot said it was the product of the largest public consultation process in ALRC history.

"We have received over 300 submissions and held over 170 meetings to date, including with business, consumers, young people, health officials, technology experts and privacy advocates and regulators.

"The clearest message from the community is that we must streamline our unnecessarily complex system. The federal Privacy Act sets out different principles for private organisations and for government agencies. On top of that, each state and territory has its own privacy laws or guidelines and some also have separate laws on health privacy.

"The ALRC is proposing there be a single set of privacy principles for information-handling across all sectors, and all levels of government. This will make it easier and less expensive for organisations to comply, and much more simple for people to understand their rights.

"The protection of personal information stored or processed overseas, as is now routine, is another serious concern. The ALRC wants to ensure that such information has at least the same level of protection as is provided domestically. We propose that a government agency or company that transfers personal information overseas without consent should remain accountable for any breach of privacy that occurs as a result of the transfer," Weisbrot said.

Commissioner in charge of the Inquiry, Professor Les McCrimmon, said that the ALRC also is proposing a new system of data breach notification.

"There is currently no requirement to notify individuals when there has been unauthorised access to their information, such as when lists of credit card details are inadvertently published. Where there is a real risk of serious harm to individuals, we say they must be notified," McCrimmon said.

McCrimmon added that the ALRC also proposes the removal of the exemption for political parties from the Privacy Act. "Political parties and MPs should be required to take the same level of care when handling personal information as any other agency or organisation."

Other key proposals include:

  • Introducing a new statutory cause of action where an individual's reasonable expectation of privacy has been breached;
  • Abolishing the fee for 'silent' telephone numbers;
  • Expanding the enforcement powers of the Privacy Commissioner;
  • Imposing civil penalties for serious breaches of the Act; and
  • Introducing a more comprehensive system of credit reporting.

Review of Australian Privacy Law is available at no cost from the ALRC Web site, www.alrc.gov.au. The ALRC is seeking community feedback on these proposals before a final report and recommendations are completed in March 2008. Submissions close on Dec. 7, 2007.

Luis Salazar Appointed Consumer Privacy Ombudsman
Greenberg Traurig Shareholder Luis Salazar, CIPP, has been apointed by the U.S. Department of Justice as the consumer privacy ombudsman in the Tweeter Audio/Sound Advice Chapter 11 reorganization. Salazar is only the fifth person nationwide to hold such a position. The position was created as a result of the Privacy Policy Enforcement in Bankruptcy Act (PPEBA) (Bankruptcy Code Sections 363(b)(1) and 332), a law which Salazar drafted in 2001.  

The PPEBA, which was passed by Congress as part of the recent Bankruptcy Code amendments, is the first national lawthat specifically enforces commercial privacy policies, limits the sale of private consumer data, and creates a consumer privacy ombudsman to advise bankruptcy courts in enforcing privacy laws and restrictions. In his role as consumer privacy ombudsman, Salazar advocated to protect consumers' private information by requiring the purchaser of Tweeter/ Sound Advice to comply with the company's existing privacy policy, while also giving consumers notice of the transfer of their data and an opportunity to opt-out of the transfer.

Salazar focuses his practice on corporate counseling and crisis management, data privacy and security laws and regulation, and startups and early stage businesses. Salazar is widely published in the areas of crisis management, data privacy and security law, and bankruptcy. He is a noted authority on the fiduciary duties of directors and officers and defending management against Deepening Insolvency claims. A seasoned trial attorney, Salazar has tried more than 100 discrete matters in federal and state courts throughout the country, on behalf of plaintiffs, defendants, debtors and creditors in a wide variety of actions.

John Kropf Named New DHS Deputy Chief Privacy Officer
The Department of Homeland Security (DHS) Privacy Office has named John Kropf, CIPP/G, to serve as its new Deputy Chief Privacy Officer.

Kropf will serve as a key adviser to DHS's Chief Privacy Officer, Hugo Teufel, III, CIPP/G, and other DHS leadership on issues related to compliance with privacy laws, DHS policies, as well as programs and agreements that adhere to fair information principles. He also will serve as chief operation officer and policy strategist for the Privacy Office.

Kropf previously served as the office's Director of International Privacy Policy, where he represented the department on U.S. government delegations to the Organization for Economic Cooperation and Development (OECD), Asia-Pacific Economic Cooperation (APEC) and various international negotiations, as well as followed global developments in privacy. He will continue to have overall responsibility for international privacy policy as a senior adviser.

Kropf brings 19 years of federal service to the job including experience as an international lawyer and information law litigator at the Depart-ment of State, and an immigration attorney in the Department of Justice's Honors Program.

The Center for Information Policy Leadership at Hunton & Williams Appoints IAPP Members to New Executive Committee

The Center for Information Policy Leadership at Hunton & Williams LLP recently announced the election of a new Executive Committee to advise the center on fulfilling its mission to encourage and inform responsible information governance in today's digital society. The Executive Committee will represent more than 40 center member companies from around the world.

"With the continuing growth of the Center and its global presence, we recognize an increased need for a governance structure for the organization," said Martin Abrams, Executive Director of the Center, commenting on the organization's 6-year history.

The Executive Committee members are privacy leaders who bring a wealth of experience to center discussions. Each member will advise on specific areas of the center's work, and provide guidance and direction as the organization grows and stakes out new initiatives.

The Committee includes IAPP members Scott Taylor, CIPP, Chief Privacy Officer, Hewlett Packard, Chair of the Executive Committee; Harriet Pearson, CIPP, Vice President, Regulatory Policy and Chief Privacy Officer, IBM; Andrew Roth, Chief Privacy Officer, American Express; Lynn Goldstein, CIPP, Senior Vice President and Chief Privacy Officer, JPMorgan Chase; and Jennifer Barrett, Global Privacy Officer, Acxiom.

NASCIO Brief Highlights Creating Cultural Change in State Government Through IT Security Awareness and Training

The National Association of State Chief Information Officers (NASCIO), which represents the chief information officers (CIOs) of the states, recently unveiled the research brief, "IT Security Awareness and Training: Changing the Culture of State Government," which highlights how IT security awareness and training activities, if conducted on a consistent basis, can instill cultural change within state government. The brief is a product of NASCIO's Information Security and Privacy Committee. 

Most state government employees use technology to do their daily work, yet they may not realize the dramatic consequences that can flow from one mistake. As data breaches and security incidents that originate from within state government appear to be on the rise, cultural change is needed toward a more security-conscious state workforce. All state employees need to understand that IT security is everyone's job and know how to use the state's IT resources in a way that minimizes security risks. 

"To implement or enhance current awareness and training efforts, State CIOs need examples of what other states are doing in this area. This brief provides numerous examples of other states' awareness and training efforts and serves as a way for State CIOs to share their best practices in order to help all states achieve a heightened culture of IT security," said Thomas Jarrett, CIO, State of Delaware and Co-Chair of NASCIO's Information Security and Privacy Committee. 

NASCIO is the premier network and resource for state CIOs and an effective advocate for technology policies at all levels of government.