ANZ Dashboard Digest

Putting its regard for privacy compliance to the fore, the iappANZ Board has this week taken the decision to opt in to the obligations of the new privacy legislation. You will see our new privacy policy, and we welcome any comments as it has been a collaborative effort by some of Australia’s finest privacy minds. We understand that the privacy commissioner will be talking about ways to improve organisations’ privacy policies at the OAIC Privacy Awareness Week Breakfast, so if you are revising yours, it is an event not to be missed. In news this week you will also see that AMSRO has also applied to register a non-mandatory code of practice.

Now that 12 March is over, we are starting to see less of the doomsday reports and more of the innovation which the OAIC encourages. We expect plenty of new ideas in Privacy Awareness Week in May. We are delighted to confirm that the deputy chair of the ACMA will be joining the ALRC and OAIC representatives in our Great Debate on Australia’s direction on serious invasion of privacy in the digital age.

The article by Brenda Aynsley OAM this week, “Sharing the Values to match the technology,” presents a fascinating counterpoint to the call by Tim Berners-Lee and the World Wide Web consortium in their “Web We Want Campaign.” Aynsley examines the important distinction between “trusted” providers and “trustworthy” providers. Trustworthiness is critical because technology projects continue to have one of the highest rates of failure—failure to deliver on promises, on time, on budget—or all three. Risks such as those presented internationally by Heartbleed or the CDA security breach, which threatens the Personally Controlled Electronic Health Record, mean that the concept of trustworthy will become increasingly significant for privacy professionals that either develop or procure technology. Then, of course, as the story on the use of biometric facial recognition technology in Japan shows, trustworthiness in the party deploying the technology is vital. It will be interesting to hear from Tim Rains on trustworthy computing in Privacy Awareness Week. Hope to meet you there.

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

PRIVACY—VICTORIA

Commissioner to Improve Access to Privacy Rights Information (April 30, 2010)

Victoria Privacy Commissioner Helen Versey has announced a new community engagement project, to be implemented over the next 18 months, aimed at helping Victorians from diverse backgrounds have improved access to information about their privacy rights. "All Victorians have privacy rights and it is important that they are aware of these rights and know what to do when they have a problem," Versey said in an announcement of the project. Based on increasing calls to her office, Versey said, it is clear that Victorians are concerned about their privacy rights, but "often don't know where to start, particularly if English is their second language or their access to information and services is limited."
Full Story

PRIVACY—ASIA PACIFIC

Privacy Awareness Week Begins Sunday (April 30, 2010)

The Asia Pacific Privacy Authorities (APPA) will host their Annual Privacy Awareness Week beginning this Sunday and continuing through Saturday, 8 May. This year's Privacy Awareness Week will feature a variety of programs on privacy rights and responsibilities hosted by public and private sector organisations across the region. APPA includes all of Australia's privacy commissioners as well as those from Canada, British Columbia, Hong Kong, New Zealand and South Korea. Each individual jurisdiction will be offering different events on a variety of themes for the 2010 event.
Full Story

New Version of “Mobile Spy” Raises Concerns (April 30, 2010)

A U.S.-based software firm announced that it has released a new version of its "Mobile Spy" program to capture not only text messages and telephone calls but also e-mails and photographs from mobile devices, The Sydney Morning Herald reports. Retina-X Studios is marketing the software as a way to "open your eyes to the real actions of what your child or employee does on your BlackBerry device." However, Australian Privacy Foundation Chairman Roger Clarke suggests such software is inappropriate, noting that while there may be times when employers need to use such technology, "the way to do that is through the courts if they have reasonable grounds for suspicion."
Full Story

ONLINE PRIVACY—CHINA

Legislators Poised to Toughen Law Requiring Telecoms to Share Client Information (April 30, 2010)

China is moving to strengthen its law requiring telecommunications and Internet companies to inform the government about customers who discuss anything defined as "state secrets," The Sydney Morning Herald reports. The meaning of "state secrets" is broadly defined, the report states, so anything from maps and GPS coordinates to economic statistics could fall into the category. Beijing-based human rights lawyer Mo Shaoping says the requirements in the amended law mean communications service providers will be unable to protect the privacy of their clients, leaving them "with no secrets at all, since the service providers have no means to resist the police."
Full Story

SOCIAL NETWORKING

Site Changes Concern Canadian Commissioner (April 30, 2010)

Canada's federal privacy commissioner has expressed concern about changes Facebook made last week that will allow third-party developers to retain users' data indefinitely, The Globe and Mail reports. "I'm very concerned about these changes," said Commissioner Jennifer Stoddart. "More than half a million developers will have access to this data." Stoddart indicated that the company seems to "be moving in the opposite direction" from that which it committed to move toward last summer when the company agreed to certain privacy reforms following an OPC investigation. Stoddart also reiterated concerns she and her global counterparts set forth last week in relation to online companies' actions impacting user privacy.
Full Story

ONLINE PRIVACY

Google Opens up on Wi-Fi Data Collection (April 29, 2010)

Google is opening up about the data its Street View cars collect, reports The Wall Street Journal. A fresh wave of scrutiny surfaced last week after Germany's data protection commissioner learned that the camera-clad cars capturing photos for Google maps are also collecting Wi-Fi data. In a blog post on Tuesday, Google's global privacy counsel, Peter Fleischer, explained that the cars gather photos, Wi-Fi network information and 3-D building imagery. He said that other companies, including German companies, also collect the Wi-Fi data. Fleischer said "it's clear with hindsight that greater transparency would have been better." (Registration may be required to acceess this story.)
Full Story

ONLINE PRIVACY

Company Apologizes for Glitch that Exposed Customers’ Credit Cards Online (April 28, 2010)

Social networking site Blippy has apologized for its recent privacy glitch that accidentally exposed members' credit card information and is promising to hire a chief security officer and invest in more security, PC Magazine reports. The company will also have regular third-party audits, invest in its systems to filter out sensitive information, control caching of information in search engines and create a security and privacy center that includes information about how Blippy is protecting its customers, the report states. Blippy has reached out to eight customers whose information might have been compromised, the report states, and will assist in resolving any issues prompted by the data breach.
Full Story

BEHAVIORAL TARGETING

Marketers Navigating Trust and Privacy Issues (April 27, 2010)

"Trust is the currency of effective advertising, and yet it's so curiously evasive and increasingly murky," Pete Blackshaw writes in an Advertising Age feature that suggests addressing privacy is among the key components to establishing and maintaining credibility. "At the heart of the privacy debate is apprehension that marketers will abuse personally identifiable data or the targeting opportunities of behavioral advertising," he writes. However, Blackshaw points out that many consumers volunteer personal information via social networks that would not have been shared publicly in the past, suggesting such changes require "a new dialogue and a new wave of thinking about how we nurture trust and the credibility of our conversations, platforms and models."
Full Story

SOCIAL NETWORKING

Online Sharing: Is There Such a Thing as TMI? (April 26, 2010)

The desire of some Internet users to share everything from what plastic surgery they've had to where they are eating and how much they've spent on the newest tech gadgets could have long-reaching ramifications. The New York Times reports that there seems to be no such thing as "too much information" on the Web. Privacy experts caution there are dangers, however. Purchase-based social networking service Blippy, for example, has inadvertently shared some users' credit card information online. "Ten years ago, people were afraid to buy stuff online. Now they're sharing everything they buy," said Barry Borsboom, creator of Please Rob Me. "Times are changing, and most people might not know where the dangers lie." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—TAIWAN

Data Protection Act’s “Consent” Requirement Criticized (April 22, 2010)

Some media associations are speaking out against a draft personal data protection act, saying it would jeopardize freedom of the press, the Taipai Times reports. The act, which passed a second reading at the Legislative Yuan on Tuesday, would require reporters to gain a person's approval before they could publish a story on that person. A spokeswoman for the self-disciplinary committee at the Satellite Television Broadcasting Association said the act signals a "backtracking democracy." Meanwhile, the National Communications Commission said yesterday it would discuss the serious consequences of a third passage of the draft act, the report states.

Full Story

ONLINE PRIVACY

10 Nations’ Privacy Officials Issue Stern Warning (April 22, 2010)

Privacy officials from 10 nations this week issued a stern warning to Google Inc. and other Internet companies about their privacy practices, reports TVNZ. New Zealand Privacy Commissioner Marie Shroff was one of the signatories of a letter sent to Google CEO Eric Schmidt, urging him to better protect users' data and set an example "as a leader in the online world." The data protection commissioners of Canada, France, Germany, Ireland, Israel, Italy, the Netherlands, Spain and the United Kingdom also signed the letter, which asserted that Google's rollout of its Buzz social networking service "violated the fundamental principle that individuals should be able to control the use of their personal information."
Full Story

DATA LOSS—AUSTRALIA

Telstra Patches Site after Breach Revealed (April 22, 2010)

A telecommunications company recently took down a promotional Web site that could have exposed the dates of birth of 700 customers, ZDNet reports. A Telstra marketing campaign sent letters to customers inviting them to visit a unique URL which, when visited, produced a form that had been pre-populated with their personal information. But one customer said he was able to modify the URL to view other customers' account information as well, including their dates of birth in some cases. A Telstra spokesperson said the company would be reviewing its policy and "making checks to make sure that any such forms in the future are rigorously tested and are not able to be abused in this way."
Full Story

PRIVACY LAW—NEW ZEALAND

National Day of Protest Planned (April 22, 2010)

A group that is opposed to the Search and Surveillance Bill has organized a national day of protest to take place on Saturday, according to a press release. The Stop the Bill group has also organized protests to be held in Auckland, Wellington and Christchurch. The Search and Surveillance Bill would expand police and government powers and has been criticized by the nation's privacy and human rights commissioners, according to the press release. Group spokesperson Batch Hales said, "Any legislation that reduces our basic right to privacy and removes civil liberties by extending the power of the state has to be fought by all of us."
Full Story

ONLINE PRIVACY

Site Shows Governments’ Requests for User Data (April 22, 2010)

Google released a tool this week that reveals the number of data requests it receives from governments, the Sydney Morning Herald reports. During the six-month period ending December 31, 2009, the Australian government requested user data from Google on 155 occasions. According to the company, the tool is part of an overall effort toward increased transparency. The governments that made the most requests for user information during the six-month period were Brazil, the United States and Great Britain, respectively. Australian Privacy Commissioner Karen Curtis told ABC News that she welcomes the list, noting that it "adds transparency of how and when people's personal information may be disclosed."
Full Story

DATA PROTECTION—SOUTH KOREA

Calls for Independent Privacy Agency Grow (April 22, 2010)

Advocates and opposition lawmakers are calling for an independent body to manage private data, reports Korea Times. They say the government has proved inept when it comes to protecting personal information, and citizens' private details would be better entrusted to an independent agency. The Ministry of Public Administration disagrees and the standstill is delaying passage of the nation's new personal Information Protection Law, the report states. That law will mandate breach notifications. "The lagging discussions are certainly a letdown," said Lee Deok-hyun of the Knowledge Information Security Industry Association. "If we don't establish the personal privacy law now, companies will stop pretending they are interested."
Full Story

SOCIAL NETWORKING

Zuckerberg: Building a Web Where the Default is Social (April 22, 2010)

Facebook CEO Mark Zuckerberg this week shed insight on his company's plans to make the Web more social by letting users share personal preferences on external sites across the Internet, TIME reports. The company's new Open Graph suite of products, unveiled this week at its annual developers' conference, includes a "Like" button that Facebook wants every page on the Web to have. "We are building a Web where the default is social," Zuckerberg said. The chairman of Electronic Frontiers Australia told the Sydney Morning Herald that expanding the offering to so many third-party sites will clearly bring privacy concerns.
Full Story

PERSONAL PRIVACY

Forget Big Brother: We’re Recording Ourselves (April 22, 2010)

Is it possible to over examine your life? That's one of the questions Jonathan Liu asks in his Wired report on the phenomenon of recording our online--and offline--lives. From social networking entries to blogs to data applications, "there's a lot of data that's constantly being collected and recorded automatically," Liu writes, adding it is getting "progressively easier and cheaper to do." Currently, he notes, there are ways to record your daily life through video glasses or miniature camcorders small enough to be worn everywhere you go. "Who needs Big Brother when we do all the surveillance ourselves?" he asks.
Full Story

RFID

New Technology Could Provide RFID Privacy (April 22, 2010)

A Canadian researcher is working on technology that could help protect private information contained in RFID tags, PCWorld reports. With the "always-on" RFID technology being embedded into everything from passports to credit cards, security becomes a concern, the report states. "We are building our own RFID cards and adding features to them to make it visible and noticeable when someone is accessing the information," Nicolai Marquardt, a PhD student at the University of Calgary, explained at a conference last week. Marquardt is working with Microsoft Research in the UK on the project, which he says could also make it possible for users to control when the information on the card is being accessed.
Full Story

PRIVACY

Peter Hustinx Receives 2010 Privacy Leadership Award (April 21, 2010)

European Data Protection Supervisor Peter J. Hustinx has received the International Association of Privacy Professionals' 2010 Privacy Leadership Award for his commitment to ensuring individual privacy rights are respected. In a video acceptance speech Hustinx said, "I feel very honored and proud to have received this prestigious award from the International Association of Privacy Professionals." The award recognizes ongoing commitment to furthering privacy policy, promoting recognition of privacy issues and advancing the growth and visibility of the privacy profession. Hustinx has been involved in shaping national and international privacy law for nearly 40 years. He has served as European Data Protection Supervisor since January, 2004.

Full Story

ONLINE PRIVACY

Generational Differences Rooted in Awareness Levels (April 21, 2010)

The Wall Street Journal reports on research findings that suggest young people care about privacy to about the same degree as older adults but are less informed about the rules of the road. "In most cases young people think very much the same as older people when it comes to online privacy," said the co-author of one of the studies, Harvard Law School Professor John Palfrey. But University of California Berkeley and University of Pennsylvania researchers found that while the desire for privacy is similar, kids and teens believe that rules surrounding the privacy of their data are more stringent than they actually are, the report states.

Full Story

ONLINE PRIVACY

Site Grades Privacy of Internet Apps (April 20, 2010)

A Stanford University project has ushered in a Web forum where Internet users can review and compare the privacy and security of Internet and mobile applications, the San Francisco Chronicle  reports. The WhatApp.org site, released in beta last month, grades applications based on reviewers' answers to questions about data collection and openness, for example. One news outlet described it as a mix of Consumer Reports, Yelp and Wikipedia, but with a privacy and security focus. Its creators hope the site will bring more attention to the issues. "We've been saying this for a while," said McAfee Labs director David Marcus. "If developers use security and privacy correctly, they can be used as a competitive advantage."

Full Story

PRIVACY LAW—NEW ZEALAND

Commissioner Discusses Global Privacy Standards (April 15, 2010)

New Zealand Privacy Commissioner Marie Shroff recently discussed her views on the Madrid Resolution on global standards and the concept of "one world, one standard for privacy in international commerce" with Marty Abrams during a recent interview for the Hunton & Williams Centre for Information Policy Leadership. Shroff spoke in support of an international treaty on information handling, but noted that, "even if we started today, we'd probably be looking at at least 15 years." To date, she said, privacy commissioners and businesses have been taking the lead when it comes to privacy issues, while governments have been slower to act. "We certainly do want to have global standards," she said, adding that when planning for the future, "We should build on what works."
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Will e-Health Pave the Way for RFID Microchips? (April 15, 2010)

Australians will be assigned unique 16-digit e-health identification numbers beginning 1 July, and some privacy advocates worry the next step will be implantable RFID microchips, OpEdNews reports. "All that would be required is a simple distribution of the PositiveID microchip and the necessary RFID scanners into the medical infrastructure," the report states. The current e-health plan is aimed at ensuring correct healthcare information is matched with providers and patients, but opponents fear the result will be increased healthcare privacy breaches. "Staying true to the science of gradualism, we are having an information cage slowly erected around us and we won't know until it is too late to do anything about it," Greg Nikolettos writes. "Maybe the implantable RFID microchips are coming sooner rather than later."
Full Story

SOCIAL NETWORKING—AUSTRALIA

DIAC Staff Reminded of Online “Dos and Don’ts” (April 15, 2010)

The Department of Immigration and Citizenship (DIAC) has released a new social media policy to remind employees of what is acceptable--and unacceptable--when it comes to online interactions. Government News reports that the policy, which provides protocols for the use of such social networking tools as blogs and social media sites, will be incorporated into the agency's revised code of conduct. DIAC secretary Andrew Metcalfe noted that the policy "is designed to protect the identity, safety and privacy of individual employees and their colleagues, and advises them to understand how to use privacy settings and preferences for restricting access and protecting content."
Full Story

DATA PROTECTION

Kirby Looks Forward and Back on Privacy (April 15, 2010)

The Honorable Michael Kirby delivered a keynote address at an event to mark the thirtieth anniversary of the Organisation for Economic Co-operation and Development (OECD) privacy guidelines in Paris last month. Justice Kirby, a former Australian High Court judge, was in charge of the expert group that developed the guidelines, which were the first of their kind when released in 1980. In his speech to those responsible for continuing the development of the OECD privacy guidelines, he looked back at some of the events that informed their development, including a particularly poignant moment at a Paris conference. Looking forward, Justice Kirby said the OECD should take encouragement from the fact that its tasks, "although substantial and difficult, are basically manageable" when held up against some of the world's other challenges.  
Full Story

DATA LOSS—AUSTRALIA

Breach Potentially Exposes Customer Data (April 15, 2010)

A social media software developer detected a breach this week that potentially exposed customer passwords, CRN reports. Atlassian, whose Web site suffered an outage after swarms of customers sought information on the breach, says the passwords of customers who purchased the company's products before July 2008 are at risk. An Atlassian spokesman said the company notified all customers to change usernames and passwords, though no financial information was exposed. Though the company began encrypting its customer database after July 2008, the old database was not taken offline or deleted, the report states. "In hindsight, we should have reset passwords for affected users on their behalf," the spokesman said, adding that the company is investigating the breach.
Full Story

BIOMETRICS—AUSTRALIA

More Clubs Use ID Scanners at Entrance (April 15, 2010)

An increasing number of pubs and clubs are installing high-tech systems in order to keep troublemakers out, reports ABC News. The systems scan patrons' IDs and photographs and then matches them against a national database. Some clubs are collecting patrons' fingerprints as well. The practice is legal, but Privacy Commissioner Karen Curtis says there is potential for information abuse. "Our greatest concern about the scanning of ID information is the risk of what can happen to it because whenever information is digitized it can be easily used for other purposes," Curtis said.
Full Story

TRAVELLERS’ PRIVACY—AUSTRALIA & NEW ZEALAND

APF: Body Scanner Survey Flawed (April 15, 2010)

The Australian Privacy Foundation (APF) is denouncing a recent survey that indicated the majority of residents support full body scans and biometric measures in airports, ARN reports. Robert Clarke of the APF said the survey showed "a serious lack of credibility" because it was commissioned by a company "with explicit interest in the outcome of the survey." The company behind the survey is a supplier of equipment required for scanning and biometrics, the report states. The APF and several civil liberty groups have asked Minister for Transport and Infrastructure Anthony Albanese to conduct a privacy impact assessment on the security technologies. "If it is really going to make a difference, I suppose we can put up with it," Clarke said, "but only if it is proven." Meanwhile, the survey found that two-thirds of New Zealanders are willing to submit to full body electronic scans at airports, but Privacy Commissioner Marie Shroff has said extensive public consultation will be required before the law is changed to permit use of the scanners.
Full Story

GEO PRIVACY

Phone Ads that Follow You? (April 15, 2010)

The advent of Apple's new "iAd" mobile advertising platform is raising concerns about the privacy and security risks involved in such services, the New Zealand Herald  reports. The new ad service makes it easy for developers to embed advertising in their applications--allowing them to target potential customers based on where they are at any given time. For example, the report states, if users remain logged into their social networking sites via their iPhones with the location feature enabled, the site could gather detailed information about their daily activities. Rik Fergusson, a cybersecurity expert, suggests, "If you want to be safe, think very carefully about every time you allow an application to show your location." Apple executives note the new iPhone will include features to help users control their geo privacy.
Full Story

BEHAVIORAL TARGETING

Marketers Are Following You To Build Better Ads (April 15, 2010)

In the age of the Internet, marketers are watching what their customers do online in an effort to better aim ads at potential consumers. The Wall Street Journal reports that major companies are turning to smaller start-ups to help them use social networking data to target their advertising, and the trend is raising concerns among privacy advocates. One company, for example, reports that it tracks five billion online connections to weigh the data included in friend-acquaintance connections. Such ad targeting practices are raising concerns about privacy at the federal level, the report states, with some lawmakers preparing to introduce legislation in the coming weeks to make Web site tactics for collecting information on their users more transparent. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Privacy Changes Will Keep Flash Cookies Off Computers (April 14, 2010)

Adobe Flash Player 10.1 will honor each user's browser privacy setting, which means Flash cookies will no longer be "dropped on computers to track Web activity," NetworkWorld reports. Adobe officials noted in a statement that the enhancements will help users better control their personal information "so that when someone activates private browsing in their browser, it is also activated in Flash Player--meaning there is no local storage of information from that Flash Player session." The changes, which are intended to improve user privacy, could mean difficulties for online merchants and banks that use Flash cookies to identify returning customers, the report states.
Full Story

DATA PROTECTION

Tips to Avoid Identity Theft (April 14, 2010)

A New York Times report offers advice on avoiding data theft such as frequently checking financial statements and credit reports, maintaining updated firewall and spyware on computers and changing security passwords often. In addition, it's wise to limit debit transactions and instead use credit cards, the report states. "If a thief steals a debit card, he's getting your money out of your bank account. It's more difficult to get your money back once it's gone. For credit cards, federal law establishes your maximum liability for unauthorized charges at $50 per card." According to the Identity Theft Resource Center, more than 220 million consumer records were leaked last year in nearly 500 separate breaches. (Registration may be required to access this story.)
Full Story

DATA PROTECTION

Your Conscience, in a Pop-Up Box (April 14, 2010)

A security company has created a way for users to think twice about the data they access. Techworld reports on a data leak prevention system developed by Check Point that can detect when sensitive data is being accessed and potentially misused. If the system senses a user is accessing data subject to certain corporate data policies, it will deploy an e-mail or pop-up box to remind him or her about the policies. A Check Point spokesperson told the Daily Dashboard the user will be given three options: discard, send or review. Regardless of what the user selects, the system logs the fact that a pop-up or e-mail was issued.
Full Story

BIOMETRICS—NEW ZEALAND

Commissioner: Build Privacy into Biometrics (April 13, 2010)

Privacy Commissioner Marie Shroff believes that when it comes to biometrics, privacy should be built in from the beginning of the design, Computerworld reports. Speaking at a recent Biometrics Institute conference, Shroff noted that while biometrics do not currently have specific regulation under New Zealand's Privacy Act, regulation is "never off the table." Shroff said that may not be necessary, however, if biometrics developers and vendors focus on privacy principles when creating systems and managing data. Aaron Baker of the Department of Labour's immigration unit, which is participating in a five-country collaborative development of biometrics-aided immigration procedures with Australia, the UK, Canada and the U.S., said privacy will be built into any such system.
Full Story

PRIVACY LAW—NEW ZEALAND

Law Would Give Banks Access to Validation System (April 12, 2010)

New Zealand's government will introduce legislation this year to allow private sector access to its data validation service, reports the New Zealand Herald. The law would let financial institutions validate individuals' identities by cross-checking them with information on the Interior Ministry's site, which includes citizens' personal details but not those of a sensitive nature, according to Internal Affairs Minister Nathan Guy. Giving banks access to the system is expected to help them comply with certain laws and track terrorism financing, the report states. Privacy Commissioner Marie Shroff said, "So far we are satisfied that it appears to be on the right track, and we will be keeping closely involved with its development."
Full Story

DATA LOSS—AUSTRALIA

Data Breaches Cost $2 Million Each (April 8, 2010)

The 2009 Australian Cost of a Data Breach Study has found that the average data breach results in financial losses of almost $2 million, with companies spending an average of $123 on each compromised record. The Australian reports that while the government is planning to reform the nation's privacy laws, mandatory data breach notification will not be addressed for some time. Although the government has not passed laws "requiring organisations and government agencies to notify customers, employees and other affected individuals when a breach of protected personal information occurs due to human error, technology problems or malicious acts," the study concludes that organisations must do more to defend against increasing data breach threats.
Full Story

GENETIC PRIVACY—NEW SOUTH WALES

DNA Evidence Rules Raise Privacy Concerns (April 8, 2010)

Privacy concerns are among the factors prompting a New South Wales state government review into the rules governing the use of DNA as evidence. The Sydney Morning Herald reports that the decision comes in the wake of legal doubts about the strength of DNA-based convictions and questions related to privacy protection. Premier Kristina Keneally has announced that the six-month review to be chaired by Graham Barr, a former Supreme Court justice, will be aimed in part at addressing growing fears about the privacy implications of the 42,750 DNA samples collected and stored in NSW as well as the approximately 500,000 being stored across Australia, the report states.
Full Story

PERSONAL PRIVACY—NEW ZEALAND

Commission Concerned about Insurance Form Questions (April 8, 2010)

New Zealand's Privacy Commission has voiced concern about questions insurance companies are asking their customers, MedIndia reports. BNZ Bank and AMP Insurance companies have reportedly asked customers questions of a sexual nature. An AMP spokesman said the questions help the company gauge awareness of risks of HIV and AIDS. An Investment Savings and Insurance Association executive said those types of questions help companies assess the risk of the people they insure, the report states. Those concerned about the questions are told to alert the commission.
Full Story

ONLINE PRIVACY—AUSTRALIA

Opinion: Internet Will Be Regulated to Address Privacy and Other Concerns (April 8, 2010)

When it comes to such issues as privacy, cybersecurity and child protection, an "Internet Policy 3.0" to provide regulation could be on the way. In an Op-Ed for The Australian, Mark Day explains that while there are differing points of view in Australia and the U.S. on the nature of the Internet, the consensus is the same: regulation is needed. Communications Minister Stephen Conroy suggests the "argument that the Internet is some mystical creation that no laws should apply to--that is a recipe for anarchy..." From privacy concerns to online transactions and from hacking to cybersecurity, Day suggests "some significant changes may be in store" for the Internet.
Full Story

PRIVACY LAW—MALAYSIA

House Passes Data Protection Bill (April 6, 2010)

Malaysia's Lower House of Parliament yesterday passed The Personal Data Protection Bill, Bernama.com reports. The bill seeks to prevent data theft and misuse of personal data. It will bring the appointment of a personal data protection commissioner, and will require credit agencies to apply to the commissioner's office before they can store individuals' personal data in databases. It will also establish a code of practice to regulate dealings with personal information. The bill will now move to Parliament's Upper House. If passed into law, offenders could face two-year jail terms, fines of up to RM200,000, or both.
Full Story

ONLINE PRIVACY

Professional Reference Hub in Beta (April 6, 2010)

A new Web site designed to help employers find out more about job candidates has some concerned about its potential for damaging professional reputations, reports San Diego Entertainer. Currently in beta and only accessible through Facebook, the Unvarnished site lets individuals create profiles of themselves or someone else. Other users can then build upon the profiles anonymously, adding feedback on professional performance. Once created, the profiles cannot be removed, the report states. Critics say the site could damage the professional patinas of "unsuspecting individuals."  
Full Story

DATA PROTECTION

UN Privacy Treaty Possible (April 5, 2010)

New Zealand Privacy Commissioner Marie Shroff says that huge increases in international data flows necessitate global privacy standards and enforcement, reports Stuff.co.nz. "We have to look at whether and how we can regulate to provide certainty for businesses and protections for individual citizens," Shroff says. A United Nations treaty might be a way to get there, according to the report. Such a treaty could address issues including search engine data collection, call centre outsourcing and payment card privacy. Shroff says she hopes it would apply to government uses of information as well, since "One of the drivers of international data flows is counterterrorism."
Full Story

SOCIAL NETWORKING

Digital Suicide: Saying Goodbye to Online Life (April 5, 2010)

There's a new movement afoot among some social networking users to take back privacy by ending their online lives. The Globe and Mail reports on recent instances where users have decided to become "digital dropouts." Reasons behind the decision to say goodbye have ranged from concerns about online friends tracking users into their offline lives to social networking interactions becoming "someone else's entertainment." While two of the most recent online suicide sites, Web 2.0 Suicide Machine and Seppukoo, are now defunct, experts agree many issues come into play when making the decision of whether to delete or not to delete online information.
Full Story

PRIVACY—AUSTRALIA

Commissioner Urges Organisations to Publicise Privacy (April 1, 2010)

Australian Privacy Commissioner Karen Curtis is calling for businesses and government agencies across the country to publicise their commitment to good privacy practices. "While so many organisations have good practices in place to protect their customers' data, they could be doing so much more to convey this message to their client base," Curtis said. The announcement comes in anticipation of Privacy Awareness Week, 2-8 May 2010, which will include various activities aimed at raising awareness of privacy rights. As Curtis put it, "Privacy Awareness Week is an opportunity for organisations to demonstrate to customers that the trust they have in the privacy practices of the organisation is not misplaced."
Full Story

STUDENT PRIVACY—AUSTRALIA

Principals Voicing Online School Site Concerns (April 1, 2010)

A survey commissioned by the Australian Education Union (AEU) has revealed that more than 87 percent of the 1,166 public school principals who responded are dissatisfied with the government's new My School site, the Sydney Morning Herald reports. The site, which publishes information such as test results, attendance rates and socio-economic profiles for each of the nation's schools, recently had AEU representatives questioning whether individual privacy could be compromised. Angelo Gavrielatos, the union's president, said data on the site has not only made it difficult for some schools to retain teachers, but has also led to instances of student bullying.
Full Story

PERSONAL PRIVACY—AUSTRALIA

Is There a Generational Gap When it Comes to Privacy? (April 1, 2010)

Privacy and cyber-safety experts weighed in on ABC Radio National's "Life Matters" on questions of generational differences in perceptions of privacy and the implications of sharing personal information online. "I think the fundamentals of privacy are still the same, in that privacy is about people having control and deciding who knows what about them," said Victoria Privacy Commissioner Helen Versey. "I think that the problem is that the technology means that they are prone to lose control...because they don't understand the technology." Hugh Stephens of the commission's Youth Advisory Group described the pressure to be a part of social networking even at the college level. "So many things are done online these days," he said, "it's almost ostracizing to try to remove yourself from them." Privacy Victoria will host a conference in May geared toward youth privacy.
Full Story

ONLINE PRIVACY—AUSTRALIA

Curtis: Build Privacy Into “Smart” Projects (April 1, 2010)

Privacy Commissioner Karen Curtis has warned that privacy protections must be built into smart infrastructure projects, reports Australian Financial Review. Speaking at a recent smart infrastructure conference at Parliament House, Curtis said, "There's a temptation to use this rich new data source for more than it was originally intended. In the privacy world, that's call function creep." She described ways that smart meter data could be used to promote products or aid burglars, for example, at the expense of citizens' privacy. "Most of us think of what we do in our home as sacrosanct," she said. "We don't want to live in a surveillance society." (Registration may be required to access this story.)
Full Story

BIOMETRICS—AUSTRALIA

Is Drinking, Dancing and Fingerprinting Becoming the New Club Scene? (April 1, 2010)

The Office of the Privacy Commissioner is investigating a new biometric identification scanning system being put into place in several of the nation's pubs and clubs, the Sydney Morning Herald reports. The process includes taking patrons' photos and scanning driver's licences and index fingerprints, all of which are stored on a database managed by the firm that installed the scanning systems. The fingerprinting technology is now present in 13 venues nationwide, the report states, and is aimed at improving safety. However, Privacy Commissioner Karen Curtis warns, ''There are major security risks if organisations hold on to large amounts of personal information for lengthy periods of time, including possible identity fraud.''
Full Story

DATA LOSS—NEW ZEALAND

NZICT Supports Standard Data Breach Penalties (April 1, 2010)

In response to new UK legislation that will provide for fines of up to £500,000 ($NZ1.059 million) for data breaches, New Zealand Information and Communication Technologies (NZICT) has announced it would welcome any move focused on improving cyber security,  IT Brief reports. NZICT Group CEO Brett O'Riley said it should be standard practice to have penalties in place for serious data breaches as it would force businesses to take cyber security more seriously. "NZICT is aware of proposals to establish a centre of excellence for cyber security in New Zealand," he said, adding, "we would see it as an opportunity for New Zealand to potentially be a global leader in this space."
Full Story

PRIVACY LAW—AUSTRALIA

Re-register for Do Not Call This Month (April 1, 2010)

The Australian Communications and Media Authority (ACMA) is reminding residents to re-register their phone numbers to keep their Do Not Call status in effect. New South Wales has the highest proportion of landline phone numbers needing to be re-registered before May this year. ACMA Chairman Chris Chapman has announced there are 149,381 home phone numbers in NSW that are yet to be re-registered, followed closely by Victoria with 139,367 and Queensland with 119,159. Numbers listed on the register are valid for three years but are automatically removed if allowed to expire. "It doesn't matter if you registered in the first year but don't remember when," Chapman said. "You can simply re-register now anyway for another three years to avoid those annoying telemarketing calls that drove you to register in the first place."
Full Story

PRIVACY LAW—AUSTRALIA

Vendor: Follow UK’s Lead on Stricter Breach Penalties (April 1, 2010)

An Australian security vendor says the nation should follow the UK's lead in imposing steeper fines for serious data breaches. Starting 6 April, the British ICO will have the authority to levy fines for serious data breaches up to £500,000, SC Magazine reports. "Clearly it would benefit the rest of the world to follow this lead," said a spokesman for security vendor Imperva. However, some experts say the law should differ from that proposed in the UK to put greater emphasis on data security rather than on data breach disclosures. Mandatory disclosure regulations are expected to be introduced as part of ongoing privacy law updates in Australia, the report states.
Full Story

PRIVACY

International Privacy Discussions Could Have Local Impact (April 1, 2010)

In "Two days in Washington, DC, looking at the future of privacy" on OpenForum.com.au, Malcolm Crompton, CIPP, describes the issues raised during discussions at the 10th anniversary of the International Association of Privacy Professionals and the third U.S. Federal Trade Commission (FTC) privacy roundtable. He points out that the role of the privacy professional is only going to become more difficult. Looking forward, Crompton writes, "There will be more talk, but by the end of the year we may well have a view emerging on what is needed. And the reverberations will be felt well beyond the borders of the United States."
Full Story