ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

DATA LOSS—SOUTH KOREA

Breach Affects 35 Million (July 29, 2011)

A hacking operation has compromised the personal information of approximately 35 million South Koreans who use the country's largest social networking site and a major search engine, CNET News reports. The company that runs the Cyworld social networking site and the Nate portal site confirmed that malicious code was used to expose names, phone numbers, e-mail addresses, resident registration numbers and passwords of users. SK Communications, the company that operates the sites, is creating a hotline to help affected individuals avoid phishing scams and spam. 
Full Story

PERSONAL PRIVACY

Technology Increasingly Diminishing Anonymization (July 29, 2011)

CNET News reports on one operating system's collection of millions of devices' location-based data, including laptops, cell phones and other WiFi devices. According to the report, Microsoft collects and publishes such locations--which can be as specific as a street address--to a database intended to help deliver location-based search results such as weather, movie times, maps and directions. Meanwhile, a Stanford researcher lists the ways identity can be linked to data that was initially collected anonymously, and an article in The Economist reports on soon-to-be unveiled research demonstrating the ease with which facial recognition technology can be used to identify "random passersby" and "personal details about them."
Full Story

PRIVACY LAW—AUSTRALIA

Commissioner Backs Gov’t Review of Privacy Laws (July 29, 2011)

Privacy Commissioner Timothy Pilgrim has said the government's review of the 2008 Australian Law Reform Commission report is timely and that existing privacy laws need to keep up with technological advancements, The Australian reports. "The concerns we see from the community are issues around wanting to ensure they are having control over their personal information," Pilgrim says. "This has been heightened in the online environment because people are unsure what is going to happen with their information." Meanwhile, Sen. Nick Xenophon is introducing a bill that would remove Privacy Act exemptions for political parties. As it stands, political parties can track and collect information about voters without having to comply with the Privacy Act.
Full Story

 

PRIVACY LAW—AUSTRALIA

Minister: Privacy and Freedom Balance Possible (July 29, 2011)

Justice Minister Brendan O'Connor says Australia is mature enough to resolve privacy concerns while maintaining freedom of expression and press, reports The Sydney Morning Herald. The country is considering the introduction of a federal law to allow lawsuits after privacy violations. The government will likely release a discussion paper on the topic. With recent headlines on hacking scandals in the media, a debate about the balance between privacy and freedom of expression has been renewed. O'Connor says both are important ideals and that it's "not about one or the other." 
Full Story
 

PRIVACY LAW—AUSTRALIA

Electronic Health Records Cause Privacy Concerns (July 29, 2011)

The Australian reports on growing concerns surrounding the government's unique health identifier system. The IDs include individuals' names, Medicare numbers and dates of birth, which will be used by health providers to access patient records. The Australian Privacy Foundation (APF) said the system is like a "honeypot that those with malicious intent may seek to access." The APF's chairman has also said the government's National E-Health Transition Authority has "refused to involve consumer advocates, including privacy advocates, in any meaningful way for an extended period of years."   
Full Story
 

DATA RETENTION—AUSTRALIA

Gov’t Revisits Data Retention Regime (July 29, 2011)

The federal government is considering data retention legislation that would require Internet service providers to keep records of all subscribers for use by law enforcement officials. Spurred by the European Data Protection Directive, the changes would expand the ability of government agencies to gather, retain and examine the public and private information of citizens, The Australian reports. The committee reviewing the proposal will conduct a cost-benefit and risk analysis, analyse privacy concerns and address the expenses faced by service providers. One senior industry figure said the changes could cost providers "hundreds of millions of dollars," but according to the Internet Industry Association, the industry is "willing and eager" to work with the government on the issue.    
Full Story

PRIVACY LAW—AUSTRALIA

Taxation Office Seeks Privacy Guidelines Exemption (July 29, 2011)

The Australian Taxation Office (ATO) wants to be permanently exempt from privacy regulations requiring the department to delete certain non-matched data within a "practicable" deadline, The Australian reports. The ATO uses automated systems for its data-matching operations to protect against tax fraud and to help other agencies with their investigations. According to the report, the ATO wants guidelines removed that determine the length of time it retains specific investment data of individuals. Privacy Commissioner Timothy Pilgrim says he will review the guidelines "to ensure they reflect current practices."
Full Story

DATA PROTECTION—QUEENSLAND

Audit Urges Departments To Work on Security (July 29, 2011)

An audit has revealed shortcomings in Queensland government departments' cybersecurity efforts, the Courier Mail reports. Auditor-General Glenn Pool has warned state officials to shore up security after finding that six of seven networks audited had insufficient controls and half of them "identified that there had been some form of network security compromise in the previous two years," Poole said, adding, "Given the threats to security due to the Internet and constant technological advancement, (these bodies) need to give more attention to network security. If the issues (in the 2009 audit) had been addressed, it is likely some security compromises may not have occurred."
Full Story
 

GEO PRIVACY—AUSTRALIA

Parents Use SIM Cards To Track Their Children (July 29, 2011)

Parents who are concerned about their children's whereabouts and safety are using GPS-tracking SIM cards that send back location coordinates. The technology also provides an SOS option if the user needs to call for help and can be configured to warn parents if their child has left a designated area, the Herald Sun reports. The technology is an improvement on previous GPS systems because parents can keep track of their children more directly instead of through websites, but, according to the report, privacy advocates are concerned that it could be an invasion of privacy. 
Full Story
 

PRIVACY LAW—AUSTRALIA

Opinion: Reform Process Must Be Fair, Balanced (July 29, 2011)

In a blog for Open Forum, former Privacy Commissioner Malcolm Crompton, CIPP, discusses last week's announcement by Privacy Minister Brendan O'Connor on a new push to reform the Privacy Act. "I have been on the record since 2000 with the clear view that the exemptions to the Privacy Act need reconsideration," Crompton writes, noting that the Australian Law Reform Commission has held a similar view. "Now that the process has been revived, it will be essential that the discussion is fact-based and balanced. In particular, the media exemption, the political process exemption and the statutory cause of action all need to be considered objectively," he writes. 
Full Story

DATA PROTECTION—AUSTRALIA

Opinion: Privacy Is Under Attack (July 29, 2011)

"We have very little privacy left anyway." That's Mungo MacCallum's response to recent discussions about privacy rights following reported phone hacking scandals. MacCallum writes in a recent ABC feature that Australians hand over a multitude of personal details all the time in the form of tax file numbers, Medicare cards, credit cards and bank accounts. Commercial surveillance cameras and security apparatus mean that "Big Brother is not only watching you and listening to you," but may soon be able to touch people too, MacCallum writes. 
Full Story
 

SURVEILLANCE—NEW ZEALAND

School Defends Camera Placement (July 29, 2011)

A high school principal has said his school will strategically place cameras in school restrooms to help prevent "tagging" and smoking, TVNZ reports. The privacy commissioner's office says schools need to be "very careful" about camera use and provided placement recommendations, adding that there would need to be "extraordinary circumstances" to make the case for using restroom cameras. The principal said the school is trying to limit transgressions and "create a nicer place" for the students.
Full Story
 

BIOMETRICS

Social Network Addressing Concerns (July 27, 2011)

Reuters reports on Facebook's efforts to simplify the opt-out process for users to disable its "Tag Suggestions" facial recognition feature in the wake of privacy concerns. Connecticut AG George Jepsen has issued a statement following his request for a meeting with Facebook officials to discuss the social network's privacy approach. He said the company "has made significant changes that will provide better service and greater privacy protection to its users," referring to the series of ads advising users of their privacy settings and how to disable the facial recognition feature.  
Full Story

PRIVACY LAW—AUSTRALIA

Commissioner Makes Case for Enforcement Authority (July 27, 2011)

Australian Privacy Commissioner Timothy Pilgrim says the pending changes to the country's privacy legislation would help him hold organizations accountable to data theft victims. Speaking at a panel held by the IAPP ANZ, Pilgrim added, "I can use the powers available to me to require the organization to provide information about what it's done" to resolve a data breach, but "I can't force the company to do anything at the end of the day." Pilgrim also revealed that there has been a 27-percent increase in data breaches in the past year and warned that the number reflects "responsible companies" that voluntarily disclosed an incident, The Sydney Morning Herald reports. Pilgrim warns, "We simply don't know the extent of the data breaches that go on."     
Full Story

PRIVACY

Opinion: Right to Privacy Definitions Need Updating (July 26, 2011)
In The Wall Street Journal, L. Gordon Crovitz writes that in light of a phone hacking scandal, definitions of the right to privacy need to be updated. The debate surrounding the right to privacy in recent years has focused on new media, he writes, "but when we post details about ourselves on social media or reply to online marketing, we are choosing to become less private." Hacking phones is "a clear-cut violation of privacy," Crovitz writes, "but the clarity of this violation highlights how much ambiguity there is in other claimed areas of privacy."

PRIVACY

Privacy Leads 2011 Concerns (July 26, 2011)

ReadWriteWeb reports on privacy concerns as a top trend of 2011 so far. The report looks at privacy-focused social networks and examines concerns about smartphones and a do-not-track mechanism. The report predicts that, in response to Google's social network that allows users to publish information to targeted "circles," Facebook will likely enable selective sharing by the year's end. The report also notes researchers' revelation that smartphones are capable of storing user location data, noting a survey by TRUSTe indicating that 77 percent of respondents don't want their location data shared. 
Full Story

PERSONAL PRIVACY—NEW ZEALAND

Complaints About Survey Rolling In (July 22, 2011)

Privacy Commissioner Marie Shroff and others have received complaints about the NZ Post's survey asking citizens more than 50 questions about their hobbies and preferences to be used for marketing purposes, reports The Timaru Herald. Though it has been redesigned since a similar 2009 survey that Shroff deemed a "systematic, large-scale breach," she still has concerns. "The survey attempts to collect a massive amount of detailed and sensitive personal information using a competition to entice New Zealanders to participate," Shroff said in a letter to the NZ Post. A NZ Post spokesman says that the company has taken Shroff's concerns seriously but it disagrees with her view of the survey. 
Full Story

DATA LOSS—SOUTH AUSTRALIA

Gov’t Investigating Medical Testing Company Breach (July 22, 2011)

Australia's largest drug and alcohol testing company inadvertently made the personal details of people who had ordered paternity and drug tests accessible online, sparking a government investigation. MedVet, which is owned by the South Australian government, published to the Internet hundreds of customer names, addresses and products ordered, and while it pledged to do "everything possible" to remove the information, The Australian reports that the data was still available more than 24 hours after the company was alerted to the breach. Privacy Commissioner Timothy Pilgrim said he will investigate the breach and the company's failure to remove the data from the Internet. A MedVet spokesman said the company will notify affected customers once the problem is fixed. 
Full Story
 

PRIVACY LAW—AUSTRALIA

No Government Response to ALRC Proposals (July 22, 2011)

Three years after the Australian Law Reform Commission (ALRC) presented a report proposing the removal of an exemption to the Privacy Act for political parties, among others, the government still has not responded, reports The Australian. According to the ALRC, the parties use voter information they collect to track issues and voting trends, but the report states they are not required to ensure the accuracy of the data or notify individuals of their practices. "It's hard to see...why they couldn't gather and use that information on the same basis that others do," said Andrew Stewart of Baker & McKenzie.
Full Story

FINANCIAL PRIVACY—NEW ZEALAND

Survey: 50 Percent Aren’t Interested in Credit Report (July 22, 2011)

As Privacy Commissioner Marie Shroff begins hearing oral submissions in Auckland on proposed changes to the credit reporting law, a recent survey shows that one in 10 New Zealanders has tried to obtain their credit information, the New Zealand Herald reports. The proposed changes include giving credit reporters additional tools to assess credit worthiness and allow identity theft victims to institute a "credit freeze." The TNS Global survey for credit reporting agency Dun & Bradstreet found that nearly half of respondents have no interest in obtaining a credit report, and the same number did not know they were entitled to a copy.
Full Story
 

PERSONAL PRIVACY—AUSTRALIA

Census Opt-Out Raises Concerns (July 22, 2011)

While some may choose to opt out of having their census responses archived, historians are among those urging them not to do so. One expert suggests such documents should be automatically archived, as is done in the U.S., and held for 99 years before they are made public. Acting New South Wales Privacy Commissioner John McAteer noted that, in many jurisdictions, privacy does not continue indefinitely after a person dies. ''In NSW, a person's information isn't personal if they have been dead for 30 years or more,'' he said. ''Rightly or wrongly, the government has said privacy continues after death--but only so far."
Full Story
 

PRIVACY LAW—AUSTRALIA & NEW ZEALAND

Opinion: Country Needs Data Breach Notification (July 22, 2011)

Writing for ZDNet, Michael Lee reports that "Australia is falling far behind with its progress on holding organisations accountable for breaches," with countries like the U.S., UK, Canada and New Zealand having already implemented or close to implementing some measure of mandatory breach notification laws. Though it has yet to enact breach notification legislation, Lee points out that New Zealand is "currently discussing the issue," while a report from its law commission is expected in the near future. "Australia currently doesn't have any legislation to force companies to disclose breaches," Lee writes, "even though it was recommended as part of the law commission's report on privacy, released in 2008."
Full Story

INFORMATION ACCESS—VICTORIA

Opinion: Media Ethics Required for Health Data (July 22, 2011)

Two laws govern information privacy in Victoria--one specifically covers health records, and for good reason, writes Beth Wilson in The Sydney Morning Herald. "The parliament of the day took the view that our health information is different...it can be extremely sensitive, intimate and prone to misuse for discriminatory purposes," Wilson writes. And while the media is exempt from privacy laws, recent decisions to publish people's health information say "a lot about the values of the publishing organisation." Media has an ethical responsibility to treat health information sensitively, according to Wilson, and "freedom of the press is a privilege that must be respected and used responsibly."
Full Story

PRIVACY LAW—HONG KONG

Commissioner Releases Proposal for Data User Returns (July 22, 2011)

The privacy commissioner of Hong Kong has released a document seeking comments on a proposal that would require data users to disclose their activities to the Office of the Privacy Commissioner for Personal Data, Hunton & Williams' Privacy and Information Security Law Blog reports. The proposal would be under the authority of the Hong Kong Privacy Ordinance, granting the privacy commissioner the means to require data users to submit data user returns. In its current state, the proposal would require data users to disclose the type and nature of the personal data they control in those returns. The proposal would affect data users in the banking, telecommunications and insurance industries as well as users with large databases.
Full Story

PRIVACY LAW—AUSTRALIA

Government To Consider Privacy Statute (July 21, 2011)

Privacy Minister Brendan O'Connor has announced the government is considering a statutory right for people to sue for ''serious invasions" of their privacy and has called for the public's input on a right to privacy. While the government has said it will not regulate media ethics, many--including former Prime Minister Paul Keating--have been urging the implementation of the Australian Law Reform Commission's recommendations for federal legislation allowing individuals to seek damages when their privacy is violated. The Australian reports, however, that major media organizations are opposing today's announcement of the government's "plan to enshrine a right to privacy in Australian law."
Full Story
 

PRIVACY LAW—PHILIPPINES

Senator: Bill Needs To Strike Right Balance (July 21, 2011)

The Data Privacy Act of 2011 has been approved by the Lower House, and various groups have lobbied for its passage, but Sen. Edgardo Angara wants to make sure it "does not overreach its intentions to improve data privacy in the country." Newsbytes.ph reports that some believe the bill is key to the Philippines' competitiveness in the IT and business outsourcing industries. Angara says the bill needs to encourage "industry expansion while putting in place adequate controls that would protect the public from abuse."
Full Story

SOCIAL NETWORKING—AUSTRALIA & U.S.

AGs To Discuss Parental Access, Suppression Orders (July 21, 2011)

Australia's attorneys general are looking into whether laws should be created to give parents access to their children's social networking accounts, reports The Australian. In spite of privacy concerns, "We need to look at the policing that occurs, who can and should do it and how do you do it," said South Australian Attorney General John Rau. But one privacy advocate says a knee-jerk reaction could "undermine an existing law and relationships between children and parents." Meanwhile, a study in the U.S. indicates that 55 percent of parents there use social media to keep an eye on their children. 
Full Story

SOCIAL NETWORKING

Opinion: New Site Puts Privacy First (July 19, 2011)

A new social networking site has learned the lessons of past privacy mishaps and made privacy the "No. 1 feature of its new service," says Nick Bilton in The New York Times. Google launched its new social network Google+ last month and now has 10 million users whose posts are private by default, the report states. Breaches of user privacy on other sites have rarely led to repercussions, and users have mostly stuck with Facebook because there hasn't been a "viable alternative," Bilton writes, adding, Google seems to have learned "the importance of privacy for consumers online." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—HONG KONG

Data Transfer Bill Introduced (July 18, 2011)

A bill that addresses transfers of personal data for direct marketing purposes has been introduced to Hong Kong's Legislative Council for final approval, Inside Privacy reports. The Personal Data (Amendment) Bill 2011 addresses concerns about recent data transfers of customer information for direct marketing without users' consent and acts on proposals from an April public discussions report. If the bill passes the Legislative Council, it would require Hong Kong companies making data transfers for direct marketing purposes to alert data subjects of the transfer's purpose as well as the type of data to be transferred and to whom. It would also allow the privacy commissioner to assist data subjects seeking legal redress after breaches.
Full Story

DATA PROTECTION

Outsourcers Working to Allay Fears (July 18, 2011)

With reports of large-scale data breaches attracting media attention, companies that outsource services are looking for ways to assure customers that sensitive data is being adequately protected. ComputerWeekly reports that according to PricewaterhouseCoopers (PwC), many outsourcers are using independent reports to show that they have robust protections in place, and this increased trust and transparency has become a competitive advantage. "Companies are increasingly looking for comfort that the operational activities that they have outsourced, be it transaction processing, logistics management or cloud computing, are being properly controlled," said Neil Hewitt of PwC.
Full Story

PRIVACY LAW—KOREA

Lawyer To File Class-Action Following Data Collection (July 15, 2011)

A South Korean lawyer who recently received compensation from a mobile phone company for its collection of location data without consent says that he will now file a class-action lawsuit against the company, The Wall Street Journal reports. An administrative court in South Korea ordered Apple to pay attorney Kim Hyung-seok, an order the company complied with, according to a spokesman. Now, Kim has established a website seeking other plaintiffs for the forthcoming class-action. "I never agreed that my location can be tracked through iPhone," Kim said, calling the data collection "an obvious invasion of privacy." (Registration may be required to access this article.)
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Commissioner Recommends e-Health Laws (July 15, 2011)

Privacy Commissioner Timothy Pilgrim is considering e-health records laws aimed at limiting the use and disclosure of data, keeping storage of e-health records in Australia and providing penalties for privacy breaches, iTnews reports. Pilgrim has made a total of 32 recommendations on the operation of the government's planned e-health system, the report states, with some requiring legislation to clarify e-health record management and responsibility. In recommending keeping e-health records in Australia, Pilgrim noted, "The storage of data in other jurisdictions may reduce the security of data, for example, where local laws authorise access to information."
Full Story

PRIVACY LAW—NEW ZEALAND

Shroff Holds Hearing on Proposed Credit Reporting Changes (July 15, 2011)

Privacy Commissioner Marie Shroff has opened a hearing to get feedback on proposed changes to the privacy code that would give credit lenders access to 24 months of customers' financial history. Radio New Zealand reports that credit reporting agency Dun and Bradstreet and the Federation of Family Budgeting Services think this would be a good change. Federation Chief Executive Raewyn Fox says that under the current system, many are penalised for one-time occurrences, such as a marriage separation. According to the report, Shroff says it is "feasible to change the code to benefit individuals, the community, the economy and financial services industry."
Full Story
 

DATA PROTECTION—AUSTRALIA & NEW ZEALAND

Shroff & Pilgrim: Vigilance Necessary (July 15, 2011)

In the wake of Britain's News of the World phone hacking scandal, Australian Privacy Commissioner Timothy Pilgrim is urging citizens to be vigilant about protecting their personal information, Canberra Times reports. "I strongly encourage people to make sure that they are vigilant in changing their voicemail passwords regularly to reduce the likelihood that their voicemail can be accessed," Pilgrim said. A spokesman for Attorney-General Robert McClelland said that voicemail hacking can be punishable by up to two years' incarceration, adding, "Australia has robust laws in place to protect the privacy of users of the telecommunications system." New Zealand Privacy Commissioner Marie Shroff suggests mobile phone users use high-quality passwords, according to a Radio New Zealand report.
Full Story

PRIVACY LAW—KOREA

Court Orders $1M Payment for Collecting Data Without Consent (July 14, 2011)

Reuters reports that a mobile phone user has received compensation from a mobile phone company for its collection of location data without consent. Apple released a software update in May to prevent its mobile devices from collecting and storing such data, but a court has ordered Apple Korea to pay $1 million in compensation to an iPhone user whose data was collected. This is "the first payout by the U.S. company over these complaints," the report states, noting the plaintiff's law firm is now planning a class-action lawsuit against the company.
Full Story

ONLINE PRIVACY

Former Google Employee Offers Insight (July 14, 2011)

In an interview with The Wall Street Journal, former Google employee Douglas Edwards offers insight into the company's attitude on privacy and efforts toward creating a social network. Edwards submits that, for Google's founders, privacy was not an issue. "The facts were that Google was not reading e-mail; Google was not targeting e-mail. So, the facts said there was no privacy issue," Edwards said, adding they "didn't understand that people's perception was reality." Edwards also weighed in on Google's efforts to gain ground in social networking. The company sees information created in social networks as "extremely important and valuable," he says, and without access to it, the founders think "Google will be less valuable as an information source." (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING

Privacy Approach May Determine Success (July 13, 2011)

CNNMoney reports on new competition in social networking, and the report says privacy may end up determining the leader. While Facebook holds the major market share, Google's new Google+ is being lauded by testers for its privacy controls. "Web users may benefit from a Facebook-Google rivalry, but for a different reason: The best way for these companies to differentiate their social media offerings is by preserving personal privacy," the report states.
Full Story
 

ONLINE PRIVACY

Cloud Concerns Pervasive (July 12, 2011)

Across jurisdictions, concerns about privacy in the cloud persist. "There is no global law of cyberspace or law of the Internet, although there are separate pieces of legislation relating to privacy, spam, electronic transactions, cybercrime and more," one Australian expert writes, cautioning that recent breaches are a warning to all businesses. Technorati reports that, additionally, concerns about differing regulations, such as the U.S. Patriot Act being at odds with EU data protection rules, are also problematic. "All this could lead to something as drastic as the EU banning--even if only temporarily--U.S. companies from operating cloud services within the EU," the report states.
Full Story
 

ONLINE PRIVACY

Groupon To Collect, Share More User Data (July 11, 2011)

Groupon has e-mailed its 83 million subscribers to announce changes to its privacy policy, including that it will begin collecting more information about its customers to share with its business partners, The Washington Post reports. It will also begin using geolocation information for marketing purposes. The expanded categories of information Groupon will now collect include user habits and interests, which it will share with third parties. It now shares contact, relationship, transaction and mobile location information. The company has also released details on the ways it collects and uses such information. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

It’s a Privacy Policy. It’s a Game. It’s Both! (July 8, 2011)
An online game manufacturer yesterday launched "PrivacyVille," a tutorial on its privacy policy that users play like a game. Players follow along and learn about how Zynga will protect users' personal information, reports CNET News. The company says the game is not meant as a substitute for its official privacy policy and Privacy Center but as an educational tool. Unlike Zynga's other games, PrivacyVille does not require a Zynga or Facebook account, but players earn points redeemable in some of the company's other games that do.

PRIVACY LAW—AUSTRALIA

Commissioner: Breach Due to Human Error, Investigation Closed (July 8, 2011)

Privacy Commissioner Timothy Pilgrim has closed his investigation of Telstra's data breach, saying it "was caused by a one-off human error," and the company "adequately dealt with the matter." ZDNet reports that according to Pilgrim, the incident breached the Privacy Act, but it was "not a result of Telstra failing to have reasonable steps in place to protect the personal information of its customers, as required by the Privacy Act." A Telstra spokesman acknowledged the commissioner's finding and assured that the company has put measures in place to prevent a similar breach in the future.
Full Story

IDENTITY THEFT—AUSTRALIA

Opinion: Companies Should Provide Post-Breach Protection (July 8, 2011)

In a column for The Australian, Angus Luffman, head of consumer risk at Veda Advantage, writes that identity theft and a proliferation of data breaches show that companies need to reduce post-breach data misuse. In addition to having robust data breach prevention policies and procedures in place, "businesses should also be offering identity theft services to customers hit by cyber crime," Luffman writes. He points out that proactive measures to protect customers' data "will not be lost on customers...they need to know a brand has their interests" in mind.
Full Story
 

PRIVACY LAW—HONG KONG

Privacy Bill To Be Introduced in Legislative Council (July 7, 2011)

A bill addressing the transfer of personal data for direct marketing purposes will be introduced in the Hong Kong Legislative Council on July 13, news.gov.hk reports. The Personal Data (Privacy) (Amendment) Bill 2011 acts upon proposals from a public discussions report that was released in April. The bill seeks to address concerns about recent data transfers of customer information for direct marketing without users' consent. Entities transferring customer data for direct marketing would have to provide customers with written notice explaining the nature of the transfer. The bill would also implement a customer opt-out and would impose stiff fines and potential imprisonment for companies that fail to comply.
Full Story

PRIVACY LAW—AUSTRALIA

Commissioner Examines Cookie Directive (July 5, 2011)

Privacy Commissioner Timothy Pilgrim has said that his office is looking into the new European Union cookie law that went into effect last May, iTnews reports. Pilgrim noted his office is examining the European rules "to better understand their intent and application" and consider whether the rules apply to current obligations Australian organizations face under the Australian Privacy Act. "We will be reviewing our advice and guidance," Pilgrim says, "based on what we learn from this." Pilgrim says that the government will address new technologies in an ongoing law reform process as the Privacy Act currently covers the collection of personal information but may not apply to cookies, the report states.
Full Story

DATA PROTECTION

OECD Communiqué Pleases Some, Nettles Others (July 1, 2011)
At a high-level meeting on the Internet economy this week, the Organisation for Economic Co-operation and Development released a Communiqué on Principles for Internet Policy-Making, which outlines the OECD's commitment toward promoting the free flow of information; investing in high-speed networks and services; enabling cross-border delivery of services, and strengthening "consistency and effectiveness in privacy protection at a global level," among others areas. While some have lauded the principles--U.S. NTIA Administrator Lawrence E. Strickling described it as a "major achievement that will support the continued innovation...of the global Internet economy"--others have criticized its plans to make Internet service providers more responsible for policing copyright infringement, something the Civil Society Information Society Advisory Council says could "lead to network filtering."

PRIVACY LAW—NEW ZEALAND

Commissioner Pushes for Privacy Act Reforms (July 1, 2011)

Privacy Commissioner Marie Shroff has said that she hopes the Law Commission's study of privacy will spur reforms to the Privacy Act, Computerworld reports. The issue was raised during a discussion of a recent survey that "rented" results to third parties for marketing purposes. Though the survey breached privacy principles, the article states, it did not violate the Privacy Act because no harm was demonstrated. "I hope the Law Commission will look at this issue," Shroff said, noting "generic harms are difficult to deal with, because often they don't raise sufficient harm to one person to enable it to be addressed" as a Privacy Act breach.

Full Story

PERSONAL PRIVACY—NEW ZEALAND

Complaints Continue Over Post Survey (July 1, 2011)

South Auckland MP Su'a William Sio is reminding residents that they don't have to fill out New Zealand Post's Lifestyle survey, which has recently been the subject of controversy and an investigation by Privacy Commissioner Marie Shroff, as the personal information collected may be shared with marketers. "I do not like my personal information being sold off to commercial interests so that they, in return, target me with their advertising or--if sold off to unscrupulous operators--target our community with scams," Sio said. A spokesman for the New Zealand Post says the survey contains the word "voluntary" 11 times, Stuff.co.nz reports. 

Full Story

PRIVACY LAW—NEW SOUTH WALES

Commissioner: University Could Have Avoided Breach (July 1, 2011)

An inquiry into a University of Sydney data breach has determined that the incident was avoidable, ZDNet reports. Acting New South Wales Privacy Commissioner John McAteer said that "with appropriate testing, the flaw was avoidable, and the university had not taken reasonably available steps to avoid the risk that the leaks would eventuate." He concluded that the university had not met its obligations under the Privacy Act. The university has since improved its security practices. As a result, McAteer said, no further action is necessary.

Full Story 

PRIVACY LAW—NEW ZEALAND

Commissioner To Hold Public Hearings on Credit History Plan (July 1, 2011)

Privacy Commissioner Marie Shroff's office received 60 submissions during the public comment period on her proposed changes to the Credit Reporting Privacy Code. Changes to the credit reporting law would include ongoing reporting of repayment history, giving credit reporters additional tools to assess credit worthiness and allowing victims of identity theft to exercise a "credit freeze." Civil liberties proponents have called the plan "risky" for the amount of personal information it will collect. Public hearings will be held beginning 13 July in Auckland and 19 July in Wellington.
Full Story

DATA LOSS—HONG KONG

Artists File Complaint with Commissioner (July 1, 2011)

Privacy Commissioner for Personal Data (PCPD) Allan Chiang will launch an investigation into a complaint filed with his office by three Hong Kong artists. The artists allege that photos were secretly taken of them in their homes by Hong Kong magazines FACE and Sudden Weekly, Asian Fanatics reports. If he concludes that the magazines breached the Personal Data Ordinance, Chiang can serve notice to the violator and order corrective action. "If we can successfully file a lawsuit, we hope the government can write up an amendment and authorise the PCPD to amend the regulations," an artists' guild representative said.

Full Story