ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

ONLINE PRIVACY—AUSTRALIA

Tax Office To Examine Online Sellers (July 30, 2010)

Australia's federal privacy commissioner has granted the Australian Tax Office (ATO) permission to examine the data of those who sell items on certain online auction sites, ninemsn.com reports. The ATO wants to crack down on sellers who fail to declare the income on their tax returns and will look at those who have sold more than $20,000 in goods and services over the last three years. The ATO is urging sellers to come forward before being found out. The inquiry is part of a larger crackdown on online businesses, according to the report.
Full Story

ONLINE PRIVACY

100M Social Network Users’ Details Published (July 29, 2010)

Personal information from 100 million Facebook users has been published online by a security consultant who was able to collect data through the site's public directory, BBC News reports. Ron Bowes said he published the list, which contains the URL of every searchable Facebook user profile along with such information as names and unique IDs, to highlight privacy issues, the report states. On the same day that reports of the list surfaced in the international media, Facebook CEO Mark Zuckerberg was meeting privately with U.S. legislators to discuss issues including online privacy. In response to the incident, Facebook has noted that data included in the creation of the list was already public. Simon Davies of Privacy International, however, contends it illustrates confusion over the site's privacy settings.
Full Story

PRIVACY LAW—HONG KONG

Octopus Debacle Has Commissioner Thinking About Law (July 29, 2010)

Hong Kong Privacy Commissioner for Personal Data Roderick Woo Bun has proposed introducing a law to make it a criminal offense for companies to sell customers' personal data, Bloomberg reports. The statement comes after Octopus Holdings' admission on Monday that it has received HK$44 million since January 2006 through the sale of customers' personal information. Woo is conducting an investigation into the matter and is expected to release a preliminary report before his term as commissioner ends on July 31. Octopus, meanwhile, has announced it will no longer engage in such activities.
Full Story

PRIVACY LAW—AUSTRALIA & NEW ZEALAND

APEC Group To Allow Global Enforcement Cooperation (July 29, 2010)

PS News reports on the recent agreement between Australia and members of the Asia-Pacific Economic Cooperation (APEC) to join in forming a global privacy enforcement group. Special Minister of State Sen. Joe Ludwig said the APEC Cross-Border Privacy Enforcement Arrangement, in effect since 16 July, will allow Australia's privacy commissioner to collaborate with foreign privacy enforcement authorities to resolve complaints against overseas companies, the report states. Ludwig said the agreement is in line with the government's proposed privacy reforms, which include cross-border data transfers. "The APEC arrangement will enhance these reforms by making it possible for privacy enforcement authorities to call upon their international colleagues for assistance," Ludwig said. Other members so far include the U.S. Federal Trade Commission and New Zealand's Office of the Privacy Commissioner.  
Full Story

RFID—QUEENSLAND

Go Cards’ Role in Investigation Raises Concerns (July 29, 2010)

Queensland police have reported tracking information through Go Cards in the investigation of a murder, and the exception to the privacy act that allows police to gather and use such public transportation information is triggering privacy concerns, The Sydney Morning Herald reports. Chief Superintendent Mike Condon said strict circumstances govern police access to the data, which police accessed 46 times in the past year to investigate serious crimes, the report states. Australian Council for Civil Liberties President Terry O'Gorman is raising concerns that commuters were not notified police would have access to Go Card data when the system was introduced, stating, "We are sleepwalking in a surveillance society."
Full Story

DATA LOSS—NEW ZEALAND & AUSTRALIA

Pizza Chain’s Database Hacked (July 29, 2010)

Hackers have stolen information from a database containing information on 230,000 customers of Hell Pizza, Softpedia reports. The database contains names, addresses, phone numbers and e-mails, but no credit card details. The hacker had the capability to copy the database directly after logging in with stolen credentials, according to the report. Hell Pizza operates stores in New Zealand, Australia, England and Ireland. The company has contacted the police.
Full Story

IDENTITY THEFT—QUEENSLAND

More Scam Victims Announced (July 29, 2010)

A Queensland man is the most recent victim of a scam involving the creation of sham companies and bank accounts using stolen identities, the Courier-Mail reports. The Australian Federal Police, which is investigating the scam, has not revealed how many identities have been stolen so far, the report states. The scam allegedly began in January with bogus interviews for a courier driver position, according to the report, where those who responded were asked to provide personal documents and sign criminal history and driver's licence check authorisations. Victims who have come forward have reported finding companies and bank accounts set up in their names.
Full Story

DATA RETENTION—AUSTRALIA

Greens to Seek Uncensored Info About Gov’t Plans (July 29, 2010)

The Australia Greens hope to use the upcoming senate inquiry on Internet privacy to push for the release of uncensored documents relating to the government's plans for a potential EU-style data retention directive that would require Internet service providers to record communications data, ZDNet reports. Under a Freedom of Information request, the government last week released documents related to its plans, but much of the text had been blacked out, the report states. Greens communications spokesperson Senator Scott Ludlam said the party will seek uncensored information during the inquiry.
Full Story

ONLINE PRIVACY—AUSTRALIA

Privacy Commission Issues Mobile Phone Guidelines (July 29, 2010)

Three federal agencies have teamed up to release guidelines aimed at helping consumers protect themselves when using mobile phones, The Age reports. The Office of the Privacy Commissioner, Department of Broadband, Communications and the Digital Economy and the Australian Communications and Media Authority released the guidelines this week. "Mobile phones are used for so many different things and the amount of personal information that we store on them can be significant," said Privacy Commissioner Karen Curtis. The guidelines recommend users refrain from conducting sensitive transactions on mobile phones and suggest permanently deleting data from phones upon recycling or replacing them, among other tips.
Full Story

DATA THEFT—HONG KONG

Hospital Missing Data After Theft (July 29, 2010)

The Western District Crime squad is investigating a theft at the Queen Mary Hospital that included computers containing the personal information of patients and volunteers, reports The Standard. The thieves forcibly entered the hospital, stealing two password-protected computers that contained the English names and identity card numbers of about 700 cancer patients, the Chinese names, identity card numbers and telephone numbers of another 80 cancer patients and the Chinese and English names, identity card numbers, phone numbers and addresses of about 40 volunteers. The hospital apologized for the event and pledged to strengthen security measures, the report says.
Full Story

PRIVACY—HONG KONG

Group Criticizes Commissioner Appointment (July 28, 2010)

Critics of the newly named privacy commissioner are pressing the government to revoke his appointment, The Standard reports. Allan Chiang Yam-wang is set to take over as privacy commissioner next week, but former employees of Chiang cite data protection gaffes during his time as postmaster general as reasons for revoking the appointment. "People can see the important role the privacy commissioner played in the recent Octopus cards data saga and past incidents of confidential information leaks by the police and Hospital Authority," said lawyer Lee Cheuk-yan. "How can Chiang, with such a controversial background, gain the trust of the public?"   
Full Story

PRIVACY LAW—AUSTRALIA

New Commissioner Looking Forward to Job Challenges (July 26, 2010)

Australia's new Privacy Commissioner Timothy Pilgrim, who was appointed last week to a five-year term, said he looks forward to the challenges and opportunities his new role will provide. Noting an increase in privacy risks as technology has advanced, Pilgrim said he sees an important part of his job as informing individuals of how privacy-enhancing technologies can be used to protect them from harm, as well as working with companies to encourage the development of such technologies. Australian Information Commissioner Designate Prof. John McMillan said he's delighted with Pilgrim's appointment, adding Pilgrim "brings a wealth of experience in privacy, great respect in and outside government and a strong commitment to the role," noting his contributions in developing the privacy act.
Full Story

PERSONAL PRIVACY—NEW ZEALAND

Companies Prep for Smart Grid, Commission Cautions (July 23, 2010)

The New Zealand Herald reports on electricity companies' ramping up efforts to replace ageing technology in preparation for the smart grid. New Zealand's government plans to spend $1.5 billion in infrastructure projects for the grid, which will digitize consumer energy information, in some cases down to the appliance level. Privacy Commissioner Marie Shroff told the Daily Dashboard that though the new technology will benefit consumers, companies need to think about privacy from the start and have solid policies in place about data collection and retention. "People need to know, for example, is your power company finding out what time you're at home, when you have showers, when you use your heating? Will that information be forwarded to other businesses?"
Full Story

PRIVACY LAW—AUSTRALIA

Government Takes Steps To Implement ALRC Reforms (July 23, 2010)

The recent release of draft legislation by Sen. Joe Ludwig marks the government's first formal step toward implementing changes proposed by the Australian Law Reform Commission (ALRC) to update laws that protect personal information, explains Matthew Hall of Swaab Attorneys. The ALRC recommendations focus on an array of issues including making the privacy act more accessible and enhancing the privacy commissioner's powers, Hall notes, explaining that not all recommendations have been accepted at this time. "A key recommendation of the ALRC, accepted by the government, is to unify the current Information Privacy Principles and the National Privacy Principles," Hall writes, noting they will be replaced with 13 Australian Privacy Principles applying to all agencies and organisations, if the bill passes. The committee is accepting input on the draft through 27 July. (Registration may be required to access this story.)
Full Story

BIOMETRICS—AUSTRALIA

Institute Details Responsible Use of Biometrics (July 23, 2010)

The not-for-profit Biometrics Institute has released an information sheet that provides guidance to pubs and clubs on the
responsible use of biometrics, Security Access reports. Establishments with a turnover greater than $3 million per year that are using or considering such biometrics as finger, iris or facial scans or voice prints must comply with the Australian Privacy Act, the report notes. "We are seeing more and more reports about the use of biometrics in pubs and clubs and want to help those organisations with questions they need to ask before introducing biometrics," said Biometrics Institute GeneralManager Isabelle Moeller.
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Medicare Breaches Result In E-Mail Warnings (July 23, 2010)

Medicare employees who viewed confidential client records will not lose their jobs, The Australian reports, with most of the privacy breaches resulting only in e-mail warnings. In a six-month period, 51 staff members had "unauthorised access" to client information, the report states, with 16 of those cases labeled as serious privacy breaches and the remaining 35 deemed conflict of information" breaches involving access to personal or family files. While several employees resigned, the strictest sanction imposed on those who remained "was a reduction of salary in one instance," according to the report. Eleven employees received counseling and the remaining 31 staff members received an e-mailed "unauthorised access detection notice" and notes on their employee records.
Full Story

RFID—HONG KONG

Octopus Holdings Admits Sharing Data (July 23, 2010)

In the wake of recent allegations, Octopus Holdings has admitted it shared the personal information of 2.4 million customers
with two merchant partners involved in its rewards program, The Standard reports. Prior to the announcement, the Hong Kong
Monetary Authority (HKMA) had issued a statement differentiating between the Octopus Card (OCL), which is "an authorised
institution under the Banking Ordinance and supervised by the HKMA" and Octopus Rewards (ORL), which is not, stating it would
"collect from OCL further information about its dealings with ORL." Legislator Wong Kwok-hing has asked how much data was
provided to other organisations, while Privacy Commissioner Roderick Woo Bun is investigating whether the company violated the Personal Data Ordinance. Octopus Holdings is setting up a special committee to review its protection policy, the report states, and is taking additional steps to protect customer data.
Full Story

PRIVACY LAW—AUSTRALIA

New Privacy Commissioner Appointed (July 22, 2010)

Timothy Pilgrim has been appointed to a five-year term as Australia's new privacy commissioner. Sen. Joe Ludwig announced the appointment in a press release issued Thursday. Pilgrim, who has been deputy privacy commissioner since 1998, replaces former commissioner Karen Curtis, whose six-year term expired this month. Ludwig praised Curtis for her significant contributions to privacy in Australia and said that Pilgrim's "experience and operational knowledge of the office will be of great assistance when the office transitions to form part of the new Office of the Australian Information Commissioner, which will open its doors on November 1, 2010." Ludwig also announced the appointments of Barbara Robertson, Michael Kidd and Joan Sheedy as part-time members of the Privacy Advisory Committee.
Full Story

ONLINE PRIVACY

Tips for Managing Your Online Information (July 22, 2010)

This week's New York Times Magazine features a report by Jeffrey Rosen on the challenges of living life in this age when the Internet has records of almost everything we do and forgets none of it. Rosen is now inviting readers to submit their questions to two of the experts he interviewed for his article, Michael Fertik of ReputationDefender, a company that offers its clients options for managing their online reputations, and Prof. Paul Ohm of the University of Colorado, who has suggested ways new laws could be drafted to limit how companies use online information to influence employment decisions. Questions on managing online information will be accepted until July 25, the report notes, with answers to be posted July 26 and 27.
Full Story

RFID

The Benefits of Information vs. Loss of Privacy (July 21, 2010)

From using RFID devices in student identification cards to track attendance at university classes to card-based customer loyalty programs, controversies around the use of RFID center on the balance between privacy and information. "RFID, and electronic storage and transmission of information more broadly, often evokes concerns about breaches of privacy. In practice, the technology often replaces tracking methods prone to security lapses," Rebecca Walberg writes in a report published in The Vancouver Sun. While some experts suggests RFID is not a threat to privacy, given that programs such as customer rewards require user consent, others, like Prof. Yeona Jang of McGill University, caution, "there are privacy issues that need to be addressed accordingly, as technology advances."
Full Story

ONLINE PRIVACY

The Economic Value of Privacy (July 20, 2010)

While at least one startup is banking on consumers wanting to use their personal information as "virtual currency that can be traded," making personal information a commodity poses challenges, Steve Lohr writes in The New York Times. According to M. Ryan Calo of Stanford Law School, "There is no way to know in advance what the value of this information is." Citing last year's "What Is Privacy Worth?" study by three Carnegie Mellon researchers, Lohr points out that the value of privacy is shaped by people's expectations, as summed up by Alessandro Acquisti, one of the study's authors, who notes, "When you have privacy, you value it more, but when the starting point is that we feel we don't have privacy, we value privacy far less." (Registration may be required to access this story.)
Full Story

BIOMETRICS—JAPAN

Facial Recognition Billboards Are Here (July 20, 2010)

A consortium of 11 railway companies has installed 27 facial recognition-enabled billboards in subway stations around Tokyo as a one-year pilot project that will collect data on passersby, reports CNET News. A spokesperson for the Digital Signage Promotion Project said, "The camera can distinguish a person's sex and approximate age, even if the person only walks by in front of the display, at least if he or she looks at the screen for a second." The information gleaned could then be used by marketers to strategically schedule their marketing campaigns and tailor them by gender. Project officials say they won't store images taken by the billboard cameras.
Full Story

DATA PROTECTION

APEC Launches New Privacy Enforcement Initiative (July 16, 2010)

The Asia-Pacific Economic Cooperation (APEC) has launched an initiative to help boost consumer trust in e-commerce by fortifying enforcement of regional data privacy laws, ZDNet reports. The APEC Cross-border Privacy Enforcement Arrangement (CPEA) will serve as a platform for authorities to engage in information sharing, evidence collection and complaints handling, among other imperatives. Its participants include the Office of the Privacy Commissioner of Australia, the Office of the Privacy Commissioner of New Zealand and the U.S. Federal Trade Commission (FTC). The announcement follows the recent establishment of the Global Privacy Enforcement Network (GPEN). Yael Weinman of the U.S. FTC told the Daily Dashboard that while the GPEN "is a less formal, global network designed to facilitate cooperation among its participants," the CPEA "is a more structured regional arrangement, setting out specific procedures and mechanisms for cooperation among participating privacy enforcement authorities in APEC member economies."
Full Story

PRIVACY LAW—AUSTRALIA

Privacy Commissioner Gets Fining Powers (July 16, 2010)

Australian businesses will face fines for privacy breaches in the future, News.com.au reports. Special Minister of State Joe
Ludwig said amendments to the Privacy Act would introduce civil penalties for "serious breaches when other enforcement
measures are not sufficient." Ludwig is currently leading an effort to modernize the 22-year-old law. "We will make sanctions
available to the privacy commissioner for the first time," he said. "I agree we do need the ability of the commissioner to
have a sanctions regime in place to deal with serious or systemic breaches of privacy." He said breach fines would be
significant enough to "act as a deterrent."  
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Commissioner Investigating PSR (July 16, 2010)

Privacy Commissioner Karen Curtis is investigating the Professional Services Review (PSR) to find out if it knowingly breached
guidelines by inappropriately using and not protecting data from the Medicare Benefits Schedule and the Pharmaceutical
Benefits Scheme, reports The Australian. Commissioner Curtis told the newspaper that her office is "undertaking an own-motion
investigation into the Professional Services Review." A PSR spokeswoman said the commissioner has "asked PSR to respond to
some questions," however both parties refrained from further comment as the matter is "the subject of an investigation." PSR
is the Medicare system's investigative arm and is under orders to see that medical dollars are appropriately spent.
Full Story

DATA PROTECTION—NEW ZEALAND

Black Box Evidence Concerns Commissioner (July 16, 2010)

The Motor Industry Association expects the number of vehicles containing black boxes to continue to grow as technology
advances. The boxes allow investigators to extract data on a vehicles' speed before or after a crash. The New Zealand Herald
reports on two recent cases involving the introduction of black box data as evidence in court, demonstrating speed as a factor
in the crashes. But Privacy Commissioner Marie Shroff has concerns that drivers may not know their vehicles are equipped with
technology that could be used to prosecute them, the report states. A Motor Industry Association executive said when it comes
to privacy, "We have these issues with technology all the time."
Full Story

RFID—HONG KONG

Lawmakers To Tangle with Octopus (July 16, 2010)

Lawmakers want to know how Octopus Cards uses its customers' personal information, and they are poised to invoke the Powers
and Privileges Act to force disclosure if the company does not divulge the information willingly, China Daily reports. The
stored-value cards maker said the company is in strict compliance with privacy law, but legislators want to get to the bottom
of allegations that the company freely sells customers' personal data for profit. "This is a very serious problem and the
Legislative Council needs to look into this in depth," said Wong Kwok-hing of the Hong Kong Federation of Trade Unions.
Full Story

SOCIAL NETWORKING

Int’l Companies Must Navigate Patchwork Laws (July 14, 2010)

CNET News reports on the complications companies face in complying with data protection and privacy laws across national borders. The operational reality of platforms such as Facebook, for example, "is challenged to the breaking point by the patchwork of privacy laws in different countries," said Paul Bond, a data protection attorney with Reed Smith. However, changing privacy policies to comply with various jurisdictional laws can create more problems than solutions for users, according to attorney Francoise Gilbert of IT Law Group. "What all of these people are asking is that it be more simple, more understandable, so it should not be more complex. If it's more complex, then everybody has lost."
Full Story

ONLINE PRIVACY

Study: Consumer v. Marketer Expectations (July 13, 2010)

A recently released study shows that when it comes to new technology, consumers have higher privacy expectations than marketers and most often prefer an opt-in method for collecting personal information. The University of Massachusetts Amherst study looked at cookies, RFID, text messaging, pop-up ads, telemarketing, SPAM, biometrics and loyalty cards. This is the first study to directly compare the privacy expectations of consumers and marketers. The researchers also discovered that many consumers don't understand the tools used by online companies and marketers and don't know how much, or how often, detailed information is gathered about them.
Full Story

ONLINE PRIVACY—AUSTRALIA

Guilty Finding Prompts Google Apology (July 12, 2010)

Australian Privacy Commissioner Karen Curtis last week determined that Google breached the country's Privacy Act by collecting personal information from unsecured wireless networks using its Street View vehicles, The New Zealand Herald reports. "Collecting personal information in these circumstances is a very serious matter," Curtis said. "Australians should reasonably expect that private communications remain private." Curtis's office lacks the authority to impose penalties for the breach, but the commissioner ordered the company to apologize, which it did in a blog post, where the company's senior vice president of engineering and research said, "this was a mistake for which we are sincerely sorry." Meanwhile, the company says it has removed from its cars any equipment used to collect WiFi data.
Full Story

ONLINE PRIVACY

Study: Online Habits of the Young Will Live On (July 12, 2010)

A study fielded by the Pew Research Center's Internet & American Life Project and Elon University's Imagining the Internet
Center found that most technology experts and stakeholders believe the online sharing habits of the millennial generation will
stay with them throughout their lives. Sixty-seven percent of respondents agreed with a statement that Millenials "will
continue to be ambient broadcasters who disclose a great deal of personal information in order to stay connected and take
advantage of social, economic and political opportunities." Respondents also acknowledged that new social norms and new
definitions of public and private information are already taking shape.
Full Story

ONLINE PRIVACY—AUSTRALIA & NEW ZEALAND

Balancing Privacy and Security in the Cloud (July 9, 2010)

Understanding privacy and security and maintaining the balance between them is critical when it comes to successful cloud computing strategies. That was the message iappANZ President Kevin Shaw shared in an interview with CIO. With cloud computing, Shaw said, "you have to make sure you're looking at privacy in that environment and you understand what your principles are and enforce those." Shaw also spoke about the upcoming iappANZ Australasian Privacy Conference, explaining that the goal will be "to look at issues around privacy and cloud computing from a government perspective, from an advocate perspective, from a business perspective both from the view of the provider and the consumer, from a privacy professionals perspective, and lastly from a technology perspective."
Full Story

ONLINE PRIVACY—NEW ZEALAND

Web Site Used To Steal Cars (July 9, 2010)

Car thieves are using Trade Me, an online classifieds site, to find and steal desirable cars, reports The New Zealand Herald. Thieves scan the site for pictures of vehicles that include number plates and then use the number plate to retrieve the owner's registration information through a post office or other outlet, giving them the owner's address. Though Trade Me took significant steps to protect members' privacy, Chris Budge, trust and safety manager, said, "There's absolutely nothing anyone can do" to stop thieves when a member posts a vehicle photo with a number plate. The Office of the Privacy Commissioner will restrict access to registration information starting 1 November, when people will have to submit an application to the Transport Authority to get registration data.
Full Story

SURVEILLANCE—AUSTRALIA

CCTV: Friend or Foe? (July 9, 2010)

During Tuesday's IQ2 debate, parties argued the value of CCTV cameras, with the affirmative side proposing "Better more cameras than more crime," and the opposition citing lack of effectiveness and privacy concerns. The Sydney Morning Herald reports that Victorian Police Commissioner Christine Nixon dismissed privacy concerns, saying, "in many cases, people don't care about their privacy being protected." But human rights barrister Julian Burnside said having your privacy ''stolen by stealth'' through CCTV is different than the conscious reduction of privacy through social networking. After the debate, about 80 percent of the audience agreed with the opposition, while 19 percent thought more cameras was a good idea, according to the report.
Full Story

GENETIC PRIVACY—AUSTRALIA

The Challenge of Regulating DNA (July 9, 2010)

Genetic testing may come with great promise, but there are also many ethical, legal and privacy implications to be considered, according to Prof. David Weisbrot, former president of the Australian Law Reform Commission and current member of the National Health and Medical Research Council (NHMRC) Human Genetics Advisory Committee. From incentives for employers to require genetic testing to reduce the costs of sick leave to using DNA to determine whether individuals are eligible for affirmative action programs, there are many questions that the commission and NHMRC have had to address, he writes in The Australian. Australia's Privacy Act was amended to require strong protection for genetic information, he notes, adding that "science must be regulated in the public interest, with social policy more important than technological possibility."
Full Story

SURVEILLANCE—VICTORIA

Police Must Do More To Protect Information (July 9, 2010)

The Australian reports that Victoria's Special Investigations Monitor (SIM), which has oversight of police use of surveillance devices, is raising concerns that there is "no effective and coordinated compliance oversight" of records compiled through surveillance in Victoria. The SIM also alleges that Victoria Police Chief Commissioner Simon Overland failed to honour a promise to complete a statewide audit that would include an examination of ways to improve information security, the report states. The SIM is also raising concerns about the danger of unauthorised access or loss of highly sensitive records.
Full Story

SOCIAL NETWORKING—AUSTRALIA

Use on the Rise, But Without a Map (July 9, 2010)

A report by IDC and Unisys indicates employers expect a rise in companies' use of online media but are struggling to get policies in place. The study showed 41 percent of companies expect to use Twitter for business purposes within 12 months, while 34 percent do not have guidelines for social networking use, reports CIO. Nick Abrahams from Sydney law firm Norton Rose says policies need to take into account both internal and external use. "Internally they must be considered within the context of employee relations...Externally what is said on company Twitter, blog and Facebook sites, and by whom, must also be carefully managed..."
Full Story

DATA LOSS

Study Shows Hotels Hacked at “Disturbing Rate” (July 8, 2010)

A recent study by SpiderLabs found that the hotel industry was involved in 38 percent of all credit card hacking cases last year, reports The New York Times. Anthony Roman, a private security investigator, told the Times that hotels are attractive targets because "the greatest amount of credit card information can be obtained using the most simplified methods." Roman added that most hotel breaches are due to "a failure to equip, or to properly store or transmit, this kind of data, and that starts with the point-of-sale credit card swiping systems." According to the report, tough economic times have forced hotel owners to cut spending, leading to lagging security upgrades and a worsening of the problem. Credit card companies, meanwhile, are pushing for uniform security measures for all retailers. (Registration may be required to access this story.)
Full Story

IDENTITY THEFT—AUSTRALIA

Study: Online Crime Hits One in 10 (July 7, 2010)

A study of 2,500 Australians found that in the past year about one in 10 have experienced online identity theft, and each occurrence cost an average of $1,000. The Sydney Morning Herald reports that, extrapolated nationally, that translates to 1.37 million Internet users and $1.3 billion last year. The most common methods of online fraud, according to the study, include "phishing" e-mails--imitating financial institutions or relaying sob stories--requesting personal or banking information. Despite that 60 percent of the respondents have encountered fraudulent sites or e-mails, the survey found that 69 percent of respondents ages 18-24 do not check a site's security features before handing over sensitive information, while those over 50 are the most diligent.
Full Story

PRIVACY LAW—AUSTRALIA

Submissions Sought On Draft Privacy Principles (July 2, 2010)

The federal government has released its exposure draft of the new Australian Privacy Principles (APPs) to replace the current Information Privacy Principles and National Privacy Principles, with submissions sought until 27 July. Attorney Kaman Tsoi reports that key areas to be impacted by the APPs include privacy policies and notices, direct marketing and biometrics. The APPs also include regulations for offshore data transfers, specifically referencing the cross-border disclosure of personal information. In a related development, the report states, a senate committee will conduct an inquiry into online privacy issues including data collection and social networking. That report is expected by 20 October. (Registration may be required to access this story.)
Full Story

HEALTHCARE PRIVACY—QUEENSLAND

Report: Patient Data At Risk (July 2, 2010)

Private information about Queensland Health patients is at risk of being lost or stolen, according to a report by Auditor-General Glenn Poole that determined gaps in protocol at government agencies could have serious privacy and security impacts. Among the concerns raised was the lack of "efforts to review just who had access to medical records and even physical storage facilities," the Courier Mail reports. The audit acknowledged, however, that the Queensland Health system fared better than some other agencies. Looking toward plans to implement e-health, Poole said information technology systems are the "greatest protection" because they make it possible to track electronic access.
Full Story

ONLINE PRIVACY—AUSTRALIA

Experts: Web Analytics Feature Exposes User Info (July 2, 2010)

Privacy experts are raising questions about a feature in Google's Analytics Dashboard that allows Web operators to discover the identity of social network users who have linked to their sites. Smart Company reports that Web sites can potentially visit social network users' online profiles and gather additional information--some of which may be personal in nature. Legal experts say that ability could pose "a significant privacy problem" and that Google needs to work with sites such as Facebook and Twitter to fix the issue. Meanwhile, Colin Jacobs of Electronic Frontiers Australia warns, "Everything is connected, and you need to be careful and make sure your privacy settings are good enough that you're comfortable with what the public can see."
Full Story

RFID—HONG KONG

Octopus Outcry Continues (July 2, 2010)

Privacy concerns over the Octopus Card continue to grow, China Daily reports. With more than 20 million cards in use--and some tied to banking accounts--Central and Western District Councilor Dominic Chan said the company's disclosure statements are too vague, citing its policy that cardholders' personal data could be used for the "marketing of goods and/or services" as well as "other purposes." A recent survey of more than 1,000 people indicated that less than 10 percent had been aware of the card's personal data policy, but about 80 percent considered it unacceptable that their transactions could expose them to direct marketing, the report states. Privacy Commissioner Roderick Woo Bun has said previously that his office will look into the card system.
Full Story

SOCIAL NETWORKING

Facebook: Apps Must Tell Users What Data They Collect (July 2, 2010)

Facebook is now requiring outside applications and Web sites to let users know what data they collect from online profiles before asking permission from users for private information, The Sydney Morning Herald reports. "With this new authorization process, when you log into an application with your Facebook account, the application will only be able to access the public parts of your profile by default," a company spokesman said, calling the new step an effort to provide "more transparency and control over the information you share with third-party applications and Web sites." Critics of the site, meanwhile, are continuing to urge the site to make all user information private by default.
Full Story

GEO PRIVACY

Are Social Networks Getting Too Close For Comfort? (July 2, 2010)

A report published in The New Zealand Herald explores "geosocial networking" and the questions as to just what extent users will be willing to share their exact locations as well as other personal information online. Experts point to interest in such services as Foursquare and Gowalla being divided along generational lines, determining that those under the age of 25--who worry less about privacy--are more likely to be interested in such sites. Referencing plans by some services to allow businesses access to users' locations, the report questions, "if we do decide to embrace the 'check-in,' will we really be willing to surrender a large chunk of our privacy in order to take advantage of freebies and special offers?"
Full Story

GEO PRIVACY

Privacy Breach Reveals Network Users’ Locations (July 1, 2010)

Internet site Foursquare published a notice Wednesday about a privacy breach that shared all users' location information across the Web, regardless of whether they had chosen to opt out of such broadcasts through their privacy settings, Wired reports. The location-based social network was made aware of the data breach on June 20 by "white-hat hacker" Jesper Andersen, the report states, and asked Andersen to give it nine days to address the issue. According to the report, Foursquare sent Andersen an e-mail Tuesday morning that it had fixed that "privacy leak" but had not yet solved two other issues Andersen raised and "was trying to figure out how to balance usability with privacy."
Full Story