ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

DATA PROTECTION

Suspected Hacktivists Arrested Worldwide (February 29, 2012)

In a sweep conducted by Interpol's Latin American Working Group of Experts on Information Technology Crime, 25 suspected members of the hacker group Anonymous were arrested in Argentina, Columbia and Spain, reports The Telegraph. The arrestees are suspected of planning attacks against Columbia's Defense Ministry, Chile's Endesa electricity company and others. Interpol began its investigation in mid-February and has seized 250 pieces of IT equipment from 40 locations in 15 cities, the report states.
Full Story

DATA PROTECTION

Study: Privacy and Security Officers Needed (February 28, 2012)

The Sydney Morning Herald reports on a Carnegie Mellon CyLab survey that found companies need both a chief information officer and a chief security officer to adequately protect their data. According to Jody Westby of Carnegie Mellon, 70 percent of senior executives "rarely, never or only occasionally review and approve security and privacy policies...and 59 percent rarely, occasionally or never receive regular reports from IT management." While the number of organizations with a dedicated risk management team has gone up from eight percent to 46 percent in the past two years, just 13 percent of companies employ a privacy officer. "It's no wonder there are so many breaches," says Westby. "Privacy, security and cybercrime are three legs of the same stool. They have to think of them as inter-related."
Full Story

ONLINE PRIVACY—AUSTRALIA

Pilgrim Confirms Company Moving To Fix Tracking (February 24, 2012)

Google Australia has told Privacy Commissioner Timothy Pilgrim it is working to address a link between company servers and Apple Safari browsers, The Australian reports. The move comes after it was discovered that advertising companies bypassed Safari privacy settings preventing users from being tracked online. Pilgrim said Google is "working on a solution," adding, "I strongly encourage people to review their Internet browser's privacy settings and make adjustments if necessary." Google Global Communications and Public Policy Chief Rachel Whetstone said, "To enable these features, we created a temporary communication link between Safari browsers and Google's servers, so that we could ascertain whether Safari users were also signed in to Google and had opted for this type of personalisation." (Registration may be required to access this story.)
Full Story

SURVEILLANCE—AUSTRALIA

Figures Reveal Agency Access During Investigations (February 24, 2012)

The Sydney Morning Herald reports on figures released by the Attorney-General's Department revealing that state and federal agencies accessed telecommunications data and Internet logs more than 250,000 times during investigations in 2010-2011. According to the report, warrants were not needed to access the data--including phone and Internet account information, call details, location data and visited IP addresses. "There should be a higher standard of proof," said Sen. Scott Ludlam, "or a higher standard of cause needing to be shown, to track down your every location through your life than there is for reading your e-mail."
Full Story

SOCIAL NETWORKING—NEW ZEALAND

Expert: Recent Breach a “Big Issue” for New Zealanders (February 24, 2012)

A tech expert told The New Zealand Herald that the recent confirmation by Twitter that its mobile phone app collected users' address book contents "is a big deal for New Zealanders who are used to good privacy protection." Telecommunications Users Association Chief Executive Paul Brislen said, "We've got such good privacy laws, and we're used to companies gathering information for one purpose, they can't use it for something else. So, we're quite used to that here, and of course this is an American company, so none of it applies." Assistant Privacy Commissioner Katrine Evans said, "It's common for social networking services to offer to search through existing contact lists, but companies need to be extremely clear in telling their customers what they're going to do with that information."
Full Story

PRIVACY LAW—CHINA

China Privacy Rules Come Into Effect Next Month (February 24, 2012)

A Morrison Foerster client alert discusses legislative changes issued by China's Ministry of Industry and Information Technology (MIIT) on the collection, storage and use of personal information by Internet companies, effective March 15. MIIT issued Several Regulations on Standardizing Marker Order for Internet Information Services in December 2011, which "cast a relatively broad net," the report states, including prior consent requirements for collecting or sharing personal information, requirements for data storage and sanctions for misuse that include "rectification orders, warnings and penalties ranging from RMB10,000 to RMB30,000."
Full Story

PRIVACY LAW—AUSTRALIA

Organizations Split on Breach Notification Law (February 22, 2012)

Responding to questions put forth by the Australian government as part of its cyber discussion paper, organizations laid out disparate views on how breach notification should be handled, reports ZDNet. The Office of the Australian Information Commissioner, the Australian Privacy Foundation (APF) and the Australian Information Security Association all submitted comments in support of a breach notification law, while telcos Telstra and Opus and the Internet Industry Association (IIA) sided with voluntary notification--with the IIA stating that a notification law would bring jurisdictional problems for local businesses. The APF comments dispute that reasoning, noting, "One does not have to dig particularly deep to be struck by the inadequacy of how Australian conflict of laws rules treat consumers."
Full Story

DATA PROTECTION

Wyckoff: Privacy Needs Elevating in Governments (February 22, 2012)

During remarks at an event in Mexico City last fall, the Organisation for Economic Co-operation and Development's (OECD) director of science, technology and industry, Andrew Wyckoff, said the matter of data privacy needs to be elevated within governments. The OECD event, "Current Developments in Privacy Frameworks: Towards Global Interoperability," was held in conjunction with the 33rd International Conference of Data Protection and Privacy Commissioners. In this IAPP exclusive, The Privacy Advisor asks Wyckoff to answer some follow up questions.
Full Story

BEHAVIORAL TARGETING

Predictive Analytics Fueling OBA (February 21, 2012)

In an article for The New York Times, Charles Duhigg takes an in-depth look at how companies collect vast amounts of personal information and use predictive analytics to advertise products to individuals before they know they want them. "A retailer's holy grail" comes when an individual's buying habits are in flux the most--the time around the birth of a child. An analyst working for one retailer told Duhigg, "We knew if we could identify them in the second trimester, there's a good chance we could capture them for years." Habit formation has become a large field of research in medical centers and universities, the report states. "We're living through a golden age of behavioral research," said a representative from Predictive Analytics World. "It's amazing how much we can figure out about how people think now." (Registration may be required to access this story.)
Full Story

FINANCIAL PRIVACY

Researchers Point to Flaw in Online Transaction Encryption (February 17, 2012)
Researchers have found a flaw in the algorithm used to encrypt transactions during online banking and shopping, AFP reports. While a team of U.S. and European researchers noted, "We found that the vast majority of public keys work as intended," their report cautions, "A more disconcerting finding is that two out of every one thousand RSA moduli that we collected offer no security."

HEALTHCARE PRIVACY—HONG KONG

Alliance Pushes for Privacy Protections on EHRs (February 17, 2012)

The Alliance for Patients' Mutual Help Organization has recommended that the government place a safety barrier on Hong Kong's Electronic Health Record (EHR) program to protect patients' sensitive personal information, reports China Daily. The alliance says that implementing a barrier would balance the public service benefits of the system with the individual rights of patients by allowing them to choose which information to disclose to caregivers. A spokeswoman for the Food and Health Bureau said the public consultation period has ended and the bureau is assessing the suggestions.
Full Story

ONLINE PRIVACY—NEW ZEALAND

Auckland Transport To Review Privacy Policy (February 17, 2012)

After more than 50,000 bus passengers received marketing e-mails, Auckland Transport has hired an independent team of lawyers to review its privacy policy, The New Zealand Herald reports. The e-mails were sent by Snapper, the supplier of the public transport "Hop cards," which is claiming it has the right to use the e-mail addresses obtained from the passengers, the report states. A spokeswoman from Auckland Transport said the mass e-mail was "a mistake on the part of Snapper."
Full Story

ONLINE PRIVACY—NEW ZEALAND

Shroff: Privacy Policy Changes Are Positive (February 17, 2012)

New Zealand Privacy Commissioner Marie Shroff says Google's privacy policy changes are a move in the right direction but users should check their privacy settings more carefully, COMPUTERWORLD reports. She said it is important "for privacy policies to be readily understandable and as clear as possible. If these changes do that, then that is a good thing for Google users." Shroff added, "Users need to be aware that Google's business model relies on being able to deliver targeted advertising and that user demographic data provides the raw fuel" for this practice. Shroff "will continue to keep track of these changes and the impact they may have on user privacy."
Full Story

ONLINE PRIVACY—NEW ZEALAND

Lynch: Teach Kids Privacy Along with ABCs (February 17, 2012)

In a Stuff.co.nz feature, Microsoft Chief Privacy Officer Brendon Lynch, CIPP/US, says it's just as important to teach children to be good digital citizens as to safely cross the road. Lynch, who helps Microsoft craft policies and standards around its data collection practices, says his history in the manufacturing sector helped prepare him for his current role, which also includes helping the company develop privacy-enhancing technologies. "There are a lot of similarities between quality management and privacy management. Both require gaining the support of top management; establishing and implementing policies; making it a part of the organisation's culture, and continually adapting to a changing environment," Lynch said. Lynch is on the IAPP board of directors. 
Full Story

DATA PROTECTION—NEW ZEALAND & MALAYSIA

Commissioner Suggests Officers for Malaysia (February 17, 2012)

New Zealand Assistant Privacy Commissioner Katrine Evans has suggested Malaysia hire privacy officers to implement data protection law, reports The Borneo Post Online. At a recent seminar announcing the establishment of the Personal Data Protection Department in Malaysia, Evans said that a privacy officer can help agencies to properly handle personal information. "I don't know whether Malaysia has the requirement for every agency to have a privacy officer, but if it doesn't, you should have one."
Full Story

ONLINE PRIVACY—AUSTRALIA

Opinion: Privacy Laws Threaten Freedoms (February 17, 2012)

In an opinion piece for The Sydney Morning Herald, Chris Berg discusses the borderless Internet and the "inflexible and heavy-handed" laws that threaten to change it to the detriment of freedom of expression and Internet liberties. The U.S. Stop Online Piracy Act (SOPA), for example, was an example of a bad law that could have caused "profound damage" had it not died in Congress, Berg contends. SOPA would have given the U.S. government power to shut down foreign sites that breached copyright. And it's not alone, writes Berg. The EU's "right to be forgotten" would also threaten free speech, which would affect Australians because of firms' global nature, he writes. 
Full Story

PRIVACY LAW—HONG KONG

Commissioner Rules Employee Monitoring Was Intrusive (February 17, 2012)

Privacy Commissioner for Personal Data (PCPD) Allan Chiang has published an investigation report on a case involving the collection of employees' personal data by covert video recording. Two ex-employees of Hong Yip claimed that their privacy was invaded and the Personal Data Ordinance violated when the company recorded them without their knowledge. The company said the recording device was for security purposes, but the commissioner's investigation found that the device was planted to surveill employees on duty, which was highly privacy intrusive, the PCPD said in a press release. In addition, Hong Yip had not developed a privacy policy on employee monitoring or informed its employees
Full Story

PRIVACY—AUSTRALIA

Pilgrim: Cuts May Impact Effectiveness (February 15, 2012)

Australian Privacy Commissioner Timothy Pilgrim is voicing concern about cuts in funding due to an increase in the government's efficiency dividend, which aims to obtain the same output with reduced resources in government agencies. ZDNet reports that an Office of the Australian Information Commissioner (OAIC) spokesperson said the office will allot for the dividend through staff attrition and eliminating possible redundancies, but Pilgrim says the OAIC's workload is increasing and unpredictable, and a staff reduction could affect the office's abilities to meet the needs of the community. "In terms of what we call our own motion investigations...it's hard to anticipate what the level will be at any particular time," said Pilgrim.
Full Story

ONLINE PRIVACY

Experts: Big Data Means Big Decisions (February 15, 2012)

"We live in an age of 'big data,'" which brings with it "immense economic and social value" but also concerns about privacy, write two privacy experts in the Stanford Law Review. Associate Professor at the College of Management School of Law Omer Tene and Future of Privacy Forum Director Jules Polonetsky, CIPP/US, describe the many benefits of big data, while acknowledging a "data deluge" could foment a "regulatory backlash" capable of "dampening the data economy and stifling innovation." Tene and Polonetsky write, "In order to craft a balance between beneficial uses of data and the protection of individual privacy, policymakers must address some of the most fundamental concepts of privacy law, including the definition of 'personally identifiable information,' the role of consent and the principles of purpose limitation and data minimization." Editor's Note: Omer Tene and Jules Polonetsky will both present at next month's Global Privacy Summit.  
Full Story

ONLINE PRIVACY

Protecting and Pricing Personal Data on the Web (February 13, 2012)
The New York Times explores the view of personal data as "the oil of the digital age" and the push to use such data "as a kind of online currency, to be cashed in directly or exchanged for other items of value." The report looks at startups aimed at giving online users control of their information while potentially profiting from it. "Many of the new ideas center on a concept known as the personal data locker," the report states, where users have "a single account with information about themselves.

DATA PROTECTION—AUSTRALIA & EU

Expert: Australia Needs Stronger Laws (February 10, 2012)

In an interview with ZDNet Australia, the Council of Europe Head of Data Protection and Cybercrime Division Alexander Seger said that without stronger data privacy laws, Australia may miss opportunities to provide services to European citizens. While this data can be processed in any country, Seger says, "it makes it very difficult if that country does not have data protection standards in place," adding, "It would actually be illegal..." While Australia has taken the lead in providing offshore forensic services, Seger says it could be more proactive in data protection.
Full Story

TRAVELLERS’ PRIVACY—AUSTRALIA & NEW ZEALAND

Bill Requires Passengers To Submit to Scanning (February 10, 2012)

After successful trials in Sydney and Melbourne last year, the Australian government will introduce legislation this week to implement full body scanning in all Australian airports, and some are taking issue with the bill's absence of an opt-out for travellers, reports ABC. Transport Minister Anthony Albanese says the scanners are "perfectly safe" and will show a generic outline of a body--only identifying "the spot on the outline where there's something that needs to be checked." Civil liberties advocates say the public should have another option to the scanner--such as a pat-down as in Europe and the U.S.--and are bringing into question the effectiveness of the scanners. Meanwhile, New Zealand's Transport Minister says his office will be monitoring the efficacy of the scanners.
Full Story

PRIVACY LAW—NEW ZEALAND

Shroff Supports Privacy Amendment Bill (February 10, 2012)

After its first reading in front of Parliament, Privacy Commissioner Marie Shroff expressed her support of the Privacy (Information Sharing) Amendment Bill, which she says "should allow agencies to be clearer about when they can share information in the public interest." The bill includes two recommendations; the first widens government agencies' discretion to share information when a person is at "serious" and "imminent" risk, and the second lays out protections to enable better data-sharing agreements to be made. The protections include considerations to be taken into account prior to making agreements, strengthening the privacy commissioner's role and requiring departments to make public reports on their activities.
Full Story

DATA PROTECTION—VICTORIA

Portable Device Survey Shows Little Improvement (February 10, 2012)

Victoria Privacy Commissioner Helen Versey is expressing disappointment over the results of a recent survey intended to gauge improvement in the security of portable storage devices (PSDs) based on a 2008 survey of the same organisations. The 2011 Portable Storage Devices Privacy Survey showed "Seven organisations...still had no documented policies and procedures to control the use of PSDs, despite the fact that I recommended in the first survey report that, at a minimum, organisations require them," Versey said. "It is difficult to see how organisations that have obligations to manage personal information properly can ignore this significant data security risk. They do so at their peril," she added.
Full Story

DATA LOSS—AUSTRALIA

Commissioner Gives Telstra More Time (February 10, 2012)

After a data breach compromising the personal information of 800,000 Telstra customers, Privacy Commissioner Timothy Pilgrim requested the company supply his office with a report outlining how the breach happened; what data was compromised, if any, and what steps the company has taken to prevent future breaches. Technology Spectator reports that Telstra requested more time to produce the report, which the commissioner has granted. The report on the investigation by the Office of Federal Privacy Commissioner was expected to have been released in January but will now be delayed until March, according to the report.   
Full Story

PRIVACY LAW—AUSTRALIA

Two Companies Receive Formal Spam Warnings (February 10, 2012)

The Australian Communications and Media Authority (ACMA) has formally warned two Sydney-based businesses that they have violated the Spam Act by sending marketing materials to people without consent. An ACMA press release states that the businesses have not worked to improve their practices after ACMA attempts to inform them of their obligations under the act. One of the companies also did not include an opt-out method in its messages, which is required under the law.
Full Story

ONLINE PRIVACY—NEW ZEALAND

IP Cameras Come Under Scrutiny (February 10, 2012)

Experts are reacting to a New Zealand Herald article describing the potential for hackers to access home camera systems via the Internet. One police official noted that consumers using IP cameras should do their homework and make sure "it has robust security protocol." Privacy Commissioner Marie Shroff said that companies offering IP cameras for residential users "would need to have strict security safeguards, including using encryption and strong password protection." She added that users "would need to be aware of the risks of filming and storing images via the Internet, such as the possibility of being hacked."
Full Story

ONLINE PRIVACY

Pilgrim Among Regulators Eyeing Google Changes (February 10, 2012)

Google's new plan to consolidate its 60 privacy policies into one that allows for information sharing across all its products has regulators worldwide scrutinising the change--including Australia Privacy Commissioner Timothy Pilgrim. Noting that aggregating user data is a "complex trend," Pilgrim says his office was briefed on the change by Google. The review is expected to be complete in a few weeks, reports Technology Spectator. EU officials requested that Google delay the launch of the new system until they can fully analyse it, but the company said that it "extensively pre-briefed" data protection authorities and already notified 350 million account holders of the change.
Full Story

PRIVACY LAW

Opinion: With Piracy and Privacy, Corporations Win (February 10, 2012)

In a New Zealand Herald op-ed, Gehan Gunasekara compares intellectual property rights with privacy rights, pairing raids by authorities on file-sharing websites with Google's ability to profit off user data--made plain in its upcoming policy change. "The law in both instances determined who gets to profit from the use of information...and in both cases, corporate power was able to trump the rights of individuals," writes Gunasekara. While Google recently received what Gunasekara calls "a rap over the knuckles with a wet bus ticket," for exposing user data, Kim Dotcom faces extradition and a trial for alleged file sharing. Until coordinated privacy occurs, writes Gunasekara, "the privacy of personal information is not taken anywhere nearly as seriously as is intellectual property piracy."
Full Story

CHILDREN’S PRIVACY

Expert: Don’t Stalk Your Kids Online (February 10, 2012)

Harvard researcher and New York University Prof. danah boyd, is in Australia to lecture on teens' online privacy. The Sydney Morning Herald reports that boyd is a proponent of allowing teens to explore the Internet without parental supervision, saying, ''The kind of public life we see online has never existed before," and "Children's ability to roam has been destroyed...Being a successful adult in society requires social skills. And we desperately need to give youth space to learn them.'' Parents and educators should focus on educating and communicating, says boyd. ''The way forward is to have open conversations, to really have a dialogue of trust."
Full Story

DATA LOSS

Breach Study: Little Self-Detection, Third Parties Pose Risks (February 10, 2012)

The 2012 Global Security Report by Trustwave SpiderLabs shows that 84 percent of organisations facing a breach were notified by a regulator, law enforcement or the public prior to discovering it on their own, reports CSO. In these cases, the hackers had on average 173.5 days to access the organisation's data; however, in self-identified cases, the organisation knew of the breach 43 days after the initial attack. The study also found that the food and beverage industry is the hardest hit by breach incidents--making up 44 percent of breaches investigated by SpiderLabs in 2011--and that third-party remote-access applications are the most common point of entry for hackers, reports Infosecurity. CIO reports that in 76 percent of breaches analysed, a "third-party responsible for system support, development and/or maintenance introduced the security deficiencies exploited by attackers."
Full Story

MOBILE PRIVACY

App Maker Apologizes for Lack of Transparency (February 9, 2012)

Mobile app maker Path apologized after it was discovered that its software automatically uploaded address books to company servers without user consent, PC Magazine reports. The issue was discovered and disseminated by a developer who noticed the default operation uploaded contacts' full names and e-mail addresses. Path Chief Executive Dave Morin said the company made a mistake but the transmission was done over an encrypted connection and stored securely on company servers. Path has also released a new version of the software that allows users to opt in or out of sharing the data. A report by The Washington Post notes, "Path is learning what several app and social networking companies have learned about user privacy: transparency is key."
Full Story

SOCIAL NETWORKING

Facebook To Unveil New Advertising Format (February 9, 2012)

Financial Times reports on Facebook's new Timeline advertising feature and its new privacy implications. Users who opt in to use features from companies such as some music, movie and news providers will not be able to opt out of their activity being used for paid advertising, the report states. An analyst from the Altimeter Group said, "There will be a user hue and cry. There will be further reminders that Facebook is using information about users and using their data to sell them to advertisers," but added, "People care more about getting free media than they do about their privacy." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—NEW ZEALAND

Information Sharing Bill Passes First Reading (February 8, 2012)
A bill that will lower the threshold for sharing of individuals' personal information has passed its first reading in Parliament, reports The New Zealand Herald. Greens oppose the bill, which would apply to both public and private agencies, saying it erodes privacy rights.

SOCIAL NETWORKING

Activist: Facebook Will Release Data (February 8, 2012)

An Austrian privacy activist group has said Facebook will release more information about the data it collects from users, Reuters reports. The comment came following a six-hour meeting on Monday between Europe V. Facebook and executives from the social network. "We have a fixed commitment that we will finally know what Facebook stores in the background," said Max Schrems, who heads up the activist group, adding, "that means a list of all categories of data that are clicked on by users." While Facebook has declined to comment specifically on Schrems' statements, the company has said it was "a very constructive meeting," the report states.
Full Story

ONLINE PRIVACY

Search Engine Offering To Pay Users To Share Data (February 8, 2012)

eWeek reports on Google's Screenwise program, which offers to pay Chrome users ages 13 and older up to $25 in gift card codes if they install a browser extension to share data about websites they visit with the company. "What we learn from you, and others like you, will help us improve Google products and services and make a better online experience for everyone," Google wrote. The report notes that amidst recent concerns about changes to its privacy policies, Google has noted that it "will not save your e-mail address or associate it with any other personally identifiable information."
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Advocates Discourage E-Health Rollout in July (February 6, 2012)

The Medical Software Industry Association (MSIA) and the Australian Privacy Foundation have told a Senate inquiry hearing that personally controlled e-health records should not go live July 1. MSIA has requested that a Senate committee subpoena National eHealth Transition Authority (NEHTA) patient safety assessments and says it is "deeply troubled that as a private corporation NEHTA is not subject to freedom of information laws or other standard government controls." The Australian Privacy Foundation says NEHTA has excluded consumer privacy advocates from consultations. Whether the program should be opt-in or opt-out was also debated at the hearing, The Australian reports. (Registration may be required to access this story.)
Full Story

DATA THEFT—AUSTRALIA

Commissioner Opens Probe Into Hack (February 3, 2012)

Responding to two alleged cyberattacks of Fairfax Media microsites, Australian Privacy Commissioner Timothy Pilgrim has initiated an investigation into whether the media company had sufficient security mechanisms in place, SC Magazine reports. The company confirmed that two of its microsites were breached but said that the unencrypted credit card data of approximately 10,000 individuals accessed in the attack did not belong to Fairfax customers. "Due to the nature of the shared systems used by the third party," Fairfax's CEO said, "it is possible the hacker was accessing data from other clients of the third party." Pilgrim said, "My investigation will be looking at the site's compliance with the Privacy Act and in particular whether appropriate data security practices were in place at the time of the alleged hack."
Full Story

HEALTHCARE PRIVACY—NEW ZEALAND

Agencies Working Together To Update Act (February 3, 2012)

The privacy commissioner is working with the Law Commission to update the Privacy Act 1993, nzDoctor.co.nz reports. One recommendation submitted by the Law Commission would lower the "threshold at which personal information held by an agency can be released to another in order to allay a potential threat or harm," the report states. At a conference last year, Privacy Commissioner Marie Shroff said her office supports the amendment as long as health-sector workers do not object. Shroff also told health-sector workers that they will have two opportunities to make amendment submissions--"first in the select committee and then when the bill gets considered by Parliament." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY—AUSTRALIA

Commissioner Warns Students, Businesses About Privacy (February 3, 2012)

Speaking in conjunction with Data Privacy Day, Australian Privacy Commissioner Timothy Pilgrim warned students and business operators about privacy considerations as they march into the coming school and trading year, PSnews reports. Pilgrim said, "I urge students to think very carefully about what they are posting online and who can see it...What you post online today can have long-term effects down the track." To businesses, Pilgrim warned, "The effects of a privacy breach on business reputation can be significant...In 2011, we saw a number of businesses suffer from a loss in consumer confidence after major privacy breaches occurred." 
Full Story

SOCIAL NETWORKING

Privacy Laws, Hacking Are “Risk Factors” in Facebook IPO (February 2, 2012)
In its IPO filing, Facebook said that potential privacy legislation, evolving attitudes around user privacy and cyberattacks, among others, contribute to "risk factors" for its business, The Wall Street Journal reports. The filing mentions privacy 35 times and includes "privacy and sharing settings" as one way the company creates value for users. Facebook expects "to continue to be subject" to future investigations but added that it has "a dedicated team of privacy professionals who are involved in new product and feature development from design through launch; ongoing review and monitoring of the way data is handled by existing features and apps, and rigorous data security practices." Stanford Law School's Ryan Calo said, "It just struck me about how aware they are of the vulnerabilities...They have a narrow path to walk, and their risk factors really dramatize that in a way we hadn't seen before." (Registration may be required to access this story.)

FINANCIAL PRIVACY

This Will Go Down on Your Permanent Record (February 1, 2012)

The New York Times explores one woman's efforts to delete her credit card information from a closed account at an online retailer--finding that, in effect, it is impossible. After hearing of large-scale breaches across the Internet, the woman decided that deleting the information from her closed Blockbuster account would be a safe thing to do; however, a response from customer service informed her that the company keeps her information "for accounting purposes" and it "cannot be removed." The woman's credit card company advised her to change her account number, which she did. (Registration may be required to access this story.)
Full Story