ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

CHILDREN’S PRIVACY—HONG KONG

Newborns’ ID Tags to be Alarmed (February 22, 2010)

The Privacy Commissioner for Personal Data has welcomed a Hospital Authority pilot program aimed at increasing newborns' safety. The program will don newborn babies with smaller and tighter identification tags, the commissioner's office reports. The tags will set off an alarm if an unauthorized person carries a baby out of the hospital ward. The program comes after an incident last year involving the mix-up of two babies' identities. "The Personal Data (Privacy) Ordinance was enacted to protect the personal data of all living individuals no matter how young they are," Commissioner Roderick Woo said.  
Full Story

PRIVACY—AUSTRALIA

Australian Privacy Efforts Receive International Acclaim (February 18, 2010)

The Office of the Privacy Commissioner (OPC) was recently shortlisted for PublicAffairsAsia magazine's international Gold Standard Awards. The OPC is one of three finalists in the "Stakeholder Engagement" category for its Australian Privacy Awards and Medal programs. "The Australian Privacy Awards and Medal are a world first," says Australian Privacy Commissioner Karen Curtis. "It is the first time that a country's privacy regulator has hosted such programs to reward good privacy initiatives in the corporate, not-for-profit and public sectors, as well as acknowledging the work of an individual in the privacy sphere." Privacy lawmaker Michael Kirby also received international recognition in recent weeks when he was named the Electronic Privacy Information Center's 2010 International Privacy Champion.
Full Story

DATA LOSS—NEW ZEALAND

ACC Investigating Privacy Breach (February 18, 2010)

New Zealand's Accident Compensation Corporation (ACC) is looking into a breach involving thousands of private documents related to workplace injuries, TVNZ reports. ACC has formally apologised for the breach, which involved about 2,000 organisations receiving documents in error in January. ACC General Manager Keith McLea says a full investigation has been requested and steps are being taken to ensure such privacy breaches do not happen in the future. ACC has stated the external mail house handling the reports inadvertently sent information intended for other organisations.
Full Story

SOCIAL NETWORKING

Canadian Commissioner Probing Buzz; Class Action Filed (February 18, 2010)

The fallout continues from the launch of Google's new social networking feature, Buzz. The Office of the Privacy Commissioner (OPC) of Canada is investigating the feature to see if it complies with Canadian privacy laws, reports the Sydney Morning Herald. "We have seen a storm of protest and outrage over alleged privacy violations and my office also has questions about how Google Buzz has met the requirements of privacy laws in Canada," Commissioner Jennifer Stoddart said in a statement. Released last week, Buzz has garnered criticism from several privacy interests, prompting a Google product manager to promise certain changes. Despite this, a U.S. law firm has filed a class-action suit against the company claiming similar violations.
Full Story

GENETIC PRIVACY—AUSTRALIA

CLA Advocating DNA Protection Laws (February 18, 2010)

There should be no discrimination in Australia on genetic grounds, says Civil Liberties Australia (CLA), which is advocating for national legislation to allow Australians to find out what their DNA reveals without being forced to disclose their genetic test results. CLA points to concerns that disclosure could lead to prejudice on the part of potential insurers and employers. "The Australian government should legislate to protect Australians in such cases," says CLA spokesperson Tim Vines, adding, "we all have a right to use new technology to learn about our personal health situation; we don't want people to be afraid of having tests because they might lose their insurance policies if they don't disclose DNA information."
Full Story

TRAVELLERS’ PRIVACY—AUSTRALIA

Stripping Away Privacy Concerns over Scanners (February 18, 2010)

Australia is moving forward with plans to introduce airport body scanners in 2011 as part of a $200 million funding plan to improve airport security, The Australian reports. While the government has not yet announced the specific scanning technology it will adopt, Prime Minister Kevin Rudd says newer technology that transmits "stick figures rather than fleshier images" could allay some privacy concerns about the scans. Transport Minister Anthony Albanese has promised a consultation with Federal Privacy Commissioner Karen Curtis, who said her office welcomes the opportunity, pointing to such potential concerns as whether scanned images are stored with identifying information.
Full Story

SOCIAL NETWORKING

Content Controls Extended to Third-Party Programs (February 18, 2010)

Facebook has introduced more ways for users to control content, reports the Sydney Morning Herald. The company has extended sharing tools to third-party programs, meaning that users will now be able to which friends see content generated from third party programs, the report states. "There are now granular privacy options that enable you to personalize the audience for each piece of content you share through applications," Facebook engineer Ray He wrote in a blog post. He said the new controls give users the ability to share or conceal third-party-generated content to a greater degree.
Full story

DATA LOSS—AUSTRALIA

Hackers Attack Parliament Web Site (February 18, 2010)

Two days after receiving threats over the government's plan to filter Internet information, Parliament's Web site was hit by an apparent denial-of-service attack, CIO reports. Hacking group Anonymous issued a press release on February 8 criticising Australian Telecommunications Minister Stephen Conroy's proposal to require ISPs to filter Web content in an effort to protect children from exposure to online gambling and pornography. "The Australian Government will learn that one does not mess with our porn," Anonymous wrote. "No one messes with our access to perfectly legal (or illegal) content for any reason." Early on February 10 the site was hit by 7.5 million requests per second, rendering it inoperable within a matter of hours.
Full Story

SOCIAL NETWORKING

Opinion: Privacy Advocate Buzzing over New Site (February 18, 2010)

From social networking to biometrics, every indication is that those who wish to keep their personal information private will be facing an uphill battle, privacy analyst Stephen Wilson writes in an op-ed for the Sydney Morning Herald. Citing criticism of Google for its new Buzz social networking feature, Wilson says the company created an "instant circle of followers from e-mail address books" by using information collected for another purpose. Wilson suggests that without safeguards, information gained through social networking, biometrics and consumer tracking will continually be used for unintended purposes, with potentially dire consequences. "The best way to head off these nightmare scenarios is to invoke fundamental privacy protections at every turn," he writes. "Nobody should collect information about me without a clearly defined need. No information about me should be used for unforeseen purposes without my consent."
Full Story

ONLINE PRIVACY

Should We Remember to Forget? (February 12, 2010)
When it comes to our online lives, "Cheap storage has been a boon in many ways, but can it also be a nightmare?" an Ars Technica report asks.

ONLINE PRIVACY

Remembering Who, What, Where and When—Digitally (February 12, 2010)

Two computing pioneers are recording every aspect of their lives digitally, prompting questions about the potential dangers these "lifelogs" pose to personal privacy, The Times reports. Gordon Bell and Jim Gemmell, both Microsoft researchers, suggest the biological ability to retain memories can be augmented with an electronic memory they call "Total Recall." Proponents tout the ability of storing away mundane information and making interesting facts and experiences easily accessible. Others question whether using Total Recall could lead to a "life without privacy," where authorities could demand access to such memory storage banks. Bell, who has spent years compiling an electronic memory that comprises everything from letters and photographs to biometric data, says, "We need to adapt to reap the benefits."
Full Story

SOCIAL NETWORKING

Blippy: Sharing Credit Card Data…Really? (February 10, 2010)
In the era of sharing, along comes a platform for broadcasting credit card holders' purchases. TIME reports on Blippy.com, the site that, with users' permission, posts point-of-purchase information such as cost and location. "Why would any sane person volunteer to publicize that information?" asks TIME author Barbara Kiviat.

PRIVACY LAW—AUSTRALIA

Healthcare Identifier Bill Expected to Help Protect Privacy (February 10, 2010)
The introduction of a new national e-health identifier for all Australians is expected to assist with healthcare privacy issues, ZDNet Australia reports. Under the Healthcare Identifier Bill introduced into Parliament on Wednesday, unique 16-digit numbers will be assigned to individuals and healthcare providers by the middle of this year with the goal of streamlining the transfer of patient information.

BEHAVIORAL TARGETING

“Everybody Can Be Tracked, Everybody Will Be Tracked” (February 8, 2010)
The San Francisco Chronicle reports on marketers' growing use of technologies to discern more about customers and prospective customers. Cameras within grocery store monitors, radio frequency identification (RFID) on shopping carts and billboards that target ads using publicly available data, among other methods, have arrived.

PRIVACY LAW—AUSTRALIA

Telecommunications Amendment Bill Passes Senate (February 5, 2010)
The Telecommunications (Interception and Access) Amendment Bill 2009 has passed the Senate, CIO reports. The bill gives private entities the option to intercept telecommunications in order to protect their networks from cyber attacks.

DATA LOSS—NEW ZEALAND

No Criminal Charges for Database Breach (February 5, 2010)
Two police officers from Counties Manakau will not face criminal charges after being accused of leaking information from the police national database, the New Zealand Herald reports.

STUDENT PRIVACY—AUSTRALIA

Teachers’ Union Threatens Boycott over National Web Site (February 5, 2010)
The Australian Education Union is threatening to boycott this year's national literacy and numeracy tests in protest of a national Web site that will publish students' scores, the Sydney Morning Herald reports.

PRIVACY LAW—AUSTRALIA

CommSec pays $55,000 in Spam Act Breach (February 5, 2010)
Commonwealth Bank's stock trading arm, CommSec, has agreed to pay the Australian Communications and Media Authority (ACMA) $55,000 for breaching the Spam Act in 2009, ITNews reports.

BIOMETRICS—QUEENSLAND

Scanners Come into Question (February 5, 2010)
The federal privacy commissioner's office is investigating the legality of fingerprint and ID scanning at Brisbane nightclubs, the Courier Mail reports.

PERSONAL PRIVACY—VICTORIA

VicRoads Workers Improperly Accessing Files (February 5, 2010)
The Herald Sun reports that members of VicRoads staff continue to breach security provisions, despite the government's attempt to stop it.

GENETIC PRIVACY—QUEENSLAND

Children’s DNA Stored (February 5, 2010)
Queensland Police have collected DNA samples from more than 1,200 children ages 10 to 16 in less than five years, the Sunday Mail reports. The samples are intended to serve as a crime-fighting tool to help quickly identify those who break the law later in life.

DATA RETENTION—AUSTRALIA

Growing Police Database Worries Advocates (February 5, 2010)
Civil liberties advocates say that privacy safeguards have not kept pace with the increase in information stored on a police database, the Sydney Morning Herald reports.

DATA PROTECTION—VICTORIA

Commissioner Publishes Privacy-During-Emergency Protocol (February 5, 2010)
Victorian Privacy Commissioner Helen Versey has released guidelines on how to mitigate privacy concerns during emergency situations.

PRIVACY LAW—VICTORIA

Versey Advises Gay and Lesbian Community on Rights (February 5, 2010)
Victoria's privacy and health services commissioners used Midsumma Festival to advise the gay and lesbian community about their privacy rights, the Star Observer reports.

PRIVACY

EPIC Names Justice Kirby 2010 Privacy Champion (February 5, 2010)
The Electronic Privacy Information Center (EPIC) has announced it will present the 2010 International Privacy Champion Award to the Honorable Michael Kirby for his role in the development of the OECD Privacy Guidelines of 1980, which have provided the basis for national laws, international agreements and privacy frameworks around the world.

DATA THEFT—SOUTH KOREA

Court Says Web Site Not Responsible for Data Breach (February 5, 2010)
Seoul's Central District Court ruled that Auction, a major online open market, is not responsible for the theft of its customers' personal information, the Korea Herald reports.

PERSONAL PRIVACY

My Pill is Smarter Than Your Honor Student (February 3, 2010)
Smart phones, smart meters and now, smart pills. A California startup recently won the nod of Swiss pharmaceutical giant Novartis, which will pay $24 million for exclusive rights to Proteus Biomedical's drug-delivery technologies, according to an Economist report.

SOCIAL NETWORKING

Companies Rank Riskiest Social Networking Sites (February 3, 2010)
A survey of 500 companies worldwide by the security firm Sophos has found that 60 percent consider Facebook to be the riskiest social-networking site, USA TODAY reports.

PERSONAL PRIVACY—HONG KONG

Official Says “Smart Card” Payment System Poses No Risk to Privacy (February 2, 2010)
A top official has stated that Hong Kong and Shenzhen residents who use the smart card payment system when it is introduced later this year have no reason to worry about their privacy, Computerworld Hong Kong reports.