ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

ONLINE PRIVACY

YouTube Developing Tool To Blur Faces (March 30, 2012)

YouTube is developing a tool that will allow faces in videos uploaded to the site to be blurred, addressing "privacy complaints from people featured without permission in other people's videos," InformationWeek reports. Victoria Grand, YouTube's director of global communications and policy, said currently, when such complaints are received, videos must be removed. "Once the blur tool is made available, video creators will have the option to edit the video in question so the complainant's face is blurred. This will allow the video to remain on YouTube," the report states. YouTube expects to have the technology available for use in online videos within a few months.
Full Story

FINANCIAL PRIVACY—NEW ZEALAND

Credit Reporting Changes Going Into Effect (March 30, 2012)

The Office of the Privacy Commissioner (OPC) has released information in conjunction with changes to New Zealand's credit reporting system.  Privacy Commissioner Marie Shroff explains, "Credit reporters will now be able to gather and share much more financial information about people." The changes to the law also include strengthened consumer protection and a right for New Zealanders to "freeze" their credit reports to "limit the real financial harm and stress that can result from identity fraud and enable people to protect themselves," Shroff notes. The OPC has published detailed fact sheets on key questions about the changes.
Full Story

DATA LOSS—NEW ZEALAND

OPC: Police Breach Violated Privacy Act (March 30, 2012)

The Office of the Privacy Commissioner has ruled that police breached two principles of the Privacy Act after a senior constable used the police National Intelligence Application to access his partner's ex-husband's file 17 times over four years and "used the information for a purpose it was not intended for," The New Zealand Herald reports. Assistant Privacy Commissioner Mike Flahive noted that "police failed to take reasonable steps to ensure the security of the personal information," the report states. To settle a Director of Human Rights Proceedings complaint, police agreed to pay the man $3,500 for emotional harm and $1,232 toward the complainant's legal bill and provide a written apology.
Full Story

EMPLOYEE PRIVACY—AUSTRALIA

Experts Warn Job Seekers About “Worrying Trend” (March 30, 2012)

In the wake of concerns in the U.S. about potential employers using Facebook to screen job applicants, The Australian Financial Review reports that experts "say job seekers should resist a worrying trend for potential employers to demand Facebook account details for a pre-hire peek into their personal lives." Facebook is contending that to require job applicants to provide access to their social networking information is "a violation of privacy and could leave organisations open to legal liabilities including discrimination claim," the report states. Meanwhile, one expert suggests, "We'll see lots of confusion and cases for wrongful dismissal arising out of the use of social media."
Full Story

FINANCIAL PRIVACY—NEW ZEALAND

Credit History Sharing Begins 1 April (March 30, 2012)

Companies will soon have the ability "to collect and swap information showing how much credit someone has and how they are getting on with repayments," Stuff.co.nz reports, noting Privacy Commissioner Marie Shroff has indicated she will be "closely watching how things unfold." The report notes that beginning on Sunday, credit providers will record customers' repayment information and upload it monthly to files held by credit bureaus that can be viewed by various entities with customers' permission. Shroff said the plan is "another example of Big Data. Everything is pretty much collected these days even though it may not be available to the general public," adding, "a lot of companies are making a lot of money."
Full Story

DATA LOSS—NEW ZEALAND

ACC Breach Spurs Investigation, Legal Actions (March 30, 2012)

The Office of the Privacy Commissioner has confirmed that it has commissioned an independent inquiry with the Accident Compensation Corporation (ACC) Board into the recent ACC breach involving the loss of nearly 9,000 records. The New Zealand Herald reports that "ACC Minister Judith Collins is planning legal action against Labour Party politicians Andrew Little and Trevor Mallard and Radio NZ for alleged defamation" in the wake of the Privacy Commission's plan to investigate an e-mail Collins received. Collins has said the commission's investigation is a "very good idea."
Full Story

ONLINE PRIVACY—AUSTRALIA

Expert: Changes in Terms Could Lead to More Gov’t Monitoring (March 30, 2012)

The Age reports on an expert's warnings that the "loosening" of websites' terms and conditions could increase the potential for government surveillance. Web companies replacing phrases such as "court order" with "government request," for example, could lead to fishing expeditions, warns David Vaile of the UNSW Cyberspace Law and Policy Centre. "The whole point of obtaining a court order or search warrant is that it's a very intrusive power and something that is necessary in some circumstances but shouldn't be available on an open-ended basis," he said, adding, "The danger is that without that restraint, it becomes something that is routine."
Full Story

HEALTHCARE PRIVACY—ASIA PACIFIC

Expert: Invest in Trust (March 30, 2012)

Healthcare IT adoption will be slowed absent an investment in trust, according to a healthcare executive who spoke at The Economist Healthcare in Asia 2012 conference this week. ZDNet reports on the comments of IBM's Farhana Nakhooda, who said healthcare IT is "not a technology issue at all (but) a people issue." The public needs to feel confident that their medical data is secure, Nakhooda said, pointing to the financial industry's success in building consumer confidence. Because the healthcare industry is about "delivery of care and the human touch," IT alone cannot fix the trust problem, Nakhooda said. "You could build the most amazing healthcare IT system in the world, but no one uses it."
Full Story

DATA LOSS—AUSTRALIA

Oz Data Breach Costs Rising (March 30, 2012)

A security vendor and a privacy research institute have released the results of survey showing that the cost of data breaches in Australia is rising, ZDNet Australia reports. The Cost of Data Breach Study: Australia study, sponsored by Symantec and conducted by the Ponemon Institute, looked at 22 Australian organisations and revealed that the cost per breach has increased from $128 to $138. A similar survey of U.S.-based organisations revealed declining breach costs. "Laws in the U.S. have encouraged companies to make sure...that they put policies, processes and technology in place to help reduce and minimize the risk of a data breach in the first place," said Symantec's Sean Kopelke.
Full Story

CCTV—JAPAN

Scanning 36 Million Faces Per Second (March 30, 2012)

New technology now has the ability to scan through days of CCTV camera footage in seconds "and find any face which has ever walked past it," The Daily Mail reports. Hitachi Hokusai Electric has created the technology, which reportedly can scan 36 million faces per second. "The technology raises the spectre of governments--or other organisations--being able to 'find' anyone instantly simply using a passport photo or a Facebook profile," the report states. The company has suggested it would be appropriate for "customers that have a relatively large-scale surveillance system, such as railways, power companies, law enforcement and large stores."
Full Story

ONLINE PRIVACY

Yahoo Do Not Track Coming Soon (March 29, 2012)

Yahoo says it will implement a do-not-track system by early summer, The Wall Street Journal reports. The tool has been in development for several months, the report states, and it "is in accordance with the Digital Advertising Alliance's principles." In its privacy report issued earlier this week, the U.S. Federal Trade Commission urged commercial data collectors to step up efforts to implement do-not-track mechanisms by year's end. Yahoo said the tool will provide an easy way for users to state their ad preferences. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—NEW ZEALAND

Overhaul Planned for Privacy Laws (March 27, 2012)

Justice Minister Judith Collins has announced the government will "repeal and re-enact the Privacy Act 1993 following a Law Commission report released last year" and amidst ''huge changes to technology,'' Stuff.co.nz reports. Privacy Commissioner Marie Shroff welcomed the plan to update the privacy act, stating "Things have changed enormously since the Privacy Act was passed nearly 20 years ago...The need for reform is urgent. We want people to trust the new ways in which business and government work. They won't do that unless they're sure that their personal information is properly safeguarded."
Full Story

PRIVACY LAW—JAPAN & U.S.

Court Orders Terms Deleted from Search Feature (March 27, 2012)

The Japan Times reports on the Tokyo District Court's approval of a petition to require Google to delete terms from its auto-complete search feature. The petition alleges the feature breached one man's privacy and resulted in the loss of his employment, according to his attorney. The report notes the individual believes that because the auto-complete function provided "words suggesting criminal acts, which he is unfamiliar with" when his name was typed into a browser search that he lost his job and struggled to find employment. "Google has rejected the order, saying that its U.S. headquarters will not be regulated by Japanese law," the report states.
Full Story

DATA LOSS

Verizon: 97 Percent of 2011 Breaches Were Avoidable (March 23, 2012)

Verizon has released its annual report for 2011 on data breaches, COMPUTERWORLD reports. The report was compiled with help from global law enforcement officials and the U.S. Secret Service. The report suggests companies are "continuing to overlook fundamental security precautions." Verizon studied 850 data breaches to compile the report, finding that "97 percent were avoidable" and that, despite companies' claims that hackers' increasing sophistication is what allows breaches to take place, 96 percent of the attacks "were not highly difficult" for the hackers. "Not enough has been done to...force (organizations) to spend" significant amounts on prevention, said Verizon security analyst Marc Spitler.
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Greens Want E-Health Bill Amended (March 23, 2012)

Politicians are split across party lines on the results of a Senate inquiry into the government's Personally Controlled E-Health Record (PCEHR) Bills, The Australian reports. The bills will now move to the Senate, but MPs have said they plan to amend the bills before they would be implemented. The Greens have suggested a number of improvements, including greater privacy protections. "The ability of consumers to further protect the privacy of their data may be enhanced" and that the bill may be amended "to make explicit reference to the use of anonymised, aggregate data from the PCEHR system for research and public health purposes," they said. (Registration may be required to access this story.)
Full Story

DATA PROTECTION—QUEENSLAND

Police Patrol Brisbane in Search of Unsecured WiFi (March 23, 2012)

Police in Queensland have launched a program to raise awareness about the importance of protecting wireless networks, The Sydney Morning Herald reports. On Thursday, officers began driving through targeted areas of Brisbane searching for unsecured WiFi networks. "Residents and business owners in targeted areas will then be mailed information about how to effectively secure their connection," the report states, and "police will return to the area some time later to check whether residents have taken heed of the warning." Detective Superintendent Brian Hay said the patrol will help protect citizens from identity crimes. "This is mainly about raising awareness of the issue," Hay said.
Full Story

DATA LOSS—NEW ZEALAND

Man Stole Deceased Children’s IDs, $447,000 (March 23, 2012)

An 82-year-old man was sentenced Thursday at the Auckland District Court for using the identities of dead children to apply for government benefits. Colin Diedrichs, who will spend three years and two months in prison, hid a total of $447,000 in 29 different bank accounts across the span of 22 years. The Department of Internal Affairs eventually caught Diedrichs by using facial recognition software to determine that his face was on more than one passport. Police then became involved. The head of the Social Development Ministry said the system is much more advanced than it was 20 years ago and now applicants are matched against birth and death registries, The New Zealand Herald reports.
Full Story

DATA LOSS—NEW ZEALAND

ACC Controversy Continues (March 23, 2012)

The woman at the center of the Accident Compensation Corporation (ACC) breach involving the loss of nearly 9,000 records has been accused of threatening the company that she would expose a large, highly sensitive file if the company didn't agree to pay her benefits for two years, Stuff.co.nz reports. Whistleblower Bronwyn Pullar denies the ACC's claim, which it made in a report to Minister Judith Collins, adding that it has involved the police. A report suggests that "some mandatory guidelines are needed" so that "agencies would perhaps put more of a priority on ensuring private information remained just that--private."
Full Story

DATA PROTECTION—HONG KONG

Commissioner’s IT Advisor Talks Shop (March 23, 2012)

"If we embed privacy and security in data flow and the data lifecycle before a feasibility study is done, we don't have to sacrifice functionality." That's according to Henry Chang, information technology advisor at the Office of the Privacy Commissioner for Personal Data, who says this can be challenging, however, because the pattern to date has been to embed privacy at the tail-end. Chang handles operations and investigation functions, as well as communications with the IT industry. In this feature for ComputerWeekly Hong Kong, Chang discusses ongoing projects and training the office will provide to IT professionals in the future.
Full Story

ONLINE PRIVACY

HTTPS By Default Headed Toward Users (March 22, 2012)

A Firefox bug that allowed users' search queries to be easily observed has been fixed, according to Mozilla. The bug was discovered by privacy researcher Christopher Soghoian last year, who reported to Mozilla that anyone with Deep Packet Inspection tools--namely ISPs and governments--could easily view a users' HTTP connections. Mozilla has since enabled HTTPS by default, "thereby making privacy protection available to all users of its browser," the report states. A Mozilla spokesperson said it is testing the change and it may be a few months before Firefox users see it. The Electronic Frontier Foundation has been encouraging such changes via its HTTPS Everywhere campaign, InformationWeek reports.
Full Story

SOCIAL NETWORKING

Facebook Is Changing Its Privacy Policy (March 22, 2012)

Social networking site Facebook is set to change its privacy policy and is accepting comments until tomorrow, PC World reports. In addition to changing the name of its privacy policy to a data-use policy, Facebook reserves the right to use all of the information you give it, according to ZDNet. The site says, "removed content may persist in backup copies for a reasonable period of time," and applications will reportedly get more access to personal data. "When you, or others who can see your content and information, use an application, your content and information is shared with the application," Facebook says. An attorney said, "In general, the changes reflect the fact that Facebook is extending its data-collecting tactics in all directions..." The company says it is updating the changes "to make our practices and policies more clear." Meanwhile, researchers have discovered a loophole in the site that reportedly allows stalkers to use a technique called "cloaking."
Full Story

DATA PROTECTION

Are Companies Ready for the Influx of Big Data? (March 21, 2012)

CIO reports on "Big Data" and the "widening gap between companies that understand and exploit Big Data and companies that are aware of it but don't know what to do about it." Collecting such vast amounts of data and making it accessible for various business uses means organizations need to be serious about securing it, one expert says. "I believe the biggest mistake that most people make with security is they leave thinking about it until the very end, until they've done everything else: architecture, design and, in some cases, development. That is always a mistake," he says, adding every piece of data should be considered an asset worth protecting.
Full Story

PRIVACY LAW—PHILIPPINES

Senate Passes Data Privacy Act (March 20, 2012)

The Senate has passed the Data Privacy Act. The bill is based on European Directive 95/46/EC and requires certain data security standards in addition to provisions on the handling of data by business process outsourcers (BPOs), ABS-CBNnews.com reports. The bill's author, Sen. Edgardo Angara, feels it will help spur investment in the Philippines BPO and IT sectors. The act would establish a National Privacy Commission in charge of implementation and enforcement. "Generally, the commission will be mandated to enforce policies that balance the right of the private person to privacy with the need to speed up the utilization of the Internet," Angara said.
Full Story

PRIVACY LAW—SINGAPORE

MICA Issues Paper on Personal Data Protection Bill (March 20, 2012)

The Ministry of Information, Communications and the Arts (MICA) has issued a consultation paper on Singapore's Personal Data Protection Bill, following up on two exercises held last year to gather feedback on the proposed consumer data protection framework and Do Not Call Registry. MICA reports it has included its "responses and clarifications on key feedback received in the previous consultations, as well as detailed proposals for the proposed Personal Data Protection Bill" in the consultation paper. MICA will accept written comments on the paper until April 30.
Full Story

DATA LOSS—VICTORIA

Versey Finds Privacy Act Breaches (March 16, 2012)

Victorian entities have come under fire by the state privacy commissioner for failing to protect the personal details of landholders, The Age reports. Victorian Privacy Commissioner Helen Versey, whose term ended this week, said in a report to Parliament that the incident "highlighted a lack of sound understanding of basic public-sector values." The Victorian Ombudsman started investigating the companies last year after farmers began complaining that a Labor-linked company knew certain details. Compliance Notices were served on the Goulburn-Murray Rural Water Corporation and the Northern Victorian Irrigation Renewal Project last month.
Full Story

PRIVACY—VICTORIA

Bendall Named Acting Commissioner (March 16, 2012)

Anthony Bendall has been appointed to the role of acting privacy commissioner. Bendall will take over for Victorian Privacy Commissioner Helen Versey, whose term ended on 12 March. Bendall has been Deputy Victorian Privacy Commissioner since 2007. Before that, he was a privacy and freedom of information manager for the NSW Department of Education and Training. He has also held roles with the NSW and federal privacy commissioners.
Full Story

DATA LOSS—NEW ZEALAND

ACC Coping with Breach Fallout, Commissioner Issues Victim Advice (March 16, 2012)

ACC Coping with Breach Fallout, Commissioner Issues Victim Advice  

Following its admission that about 9,000 records containing personal information were e-mailed to an unauthorized recipient, the Accident Compensation Corporation (ACC) is apologising to nearly 7,000 affected claimants, and ACC Minister Judith Collins says her agency "poorly handled" its response to the breach, reports The New Zealand Herald. Privacy Commissioner Marie Shroff is investigating the incident, a move the Green Party requested citing the ACC's "regular breaching of people's privacy." Meanwhile, Shroff's office has issued advice to affected ACC claimants, assuring them that the information has since been destroyed and suggesting that claimants unwilling to wait for ACC to confirm whether they've been affected call a toll-free number for help or file a complaint with the ACC directly.
Full Story 

PRIVACY LAW—AUSTRALIA

Committee Hears About Need for Mandatory Breach Notification (March 16, 2012)

Parliament's Joint Select Committee on Cyber-Safety heard from University of Canberra Centre for Internet Safety Director Alastair MacGibbon about the risks Australian consumers face due to a lack of mandatory breach notification laws, COMPUTERWORLD reports. "We don't actually know how many data breaches there are in Australia and how much of our personally identifiable information is out there as there is no compulsion to report breaches to individuals or to a central commonwealth authority like the privacy commissioner," MacGibbon warned. The report notes that mandatory breach notification has been a "topic of debate" for the government for several years.
Full Story

ONLINE PRIVACY—AUSTRALIA

Study: Citizens Concerned About Data Collection (March 16, 2012)

A nationwide survey of 1,100 people has found that more than 90 percent support regulations giving them control over companies' collection of their personal information online, PHYSORG reports. University of Queensland Centre for Critical and Cultural Studies Personal Information Project Chief Investigator Mark Andrejevic noted that Internet users "are increasingly being asked to consent to the collection of detailed, personal information in exchange for access to online services, but most of us have very little idea about what information is being collected and how it's being used, so we cannot provide informed consent." Respondents want requirements for notice, choice and the option to delete personal information, the report states.
Full Story

SURVEILLANCE—QUEENSLAND

Police Test Drones, Advocates Sound Caution (March 16, 2012)

Queensland Police are testing surveillance drones to the ire of civil liberties advocates. A police spokesman told the Herald Sun, "The Queensland Police (Service)...is in a research-and-testing stage" to determine the viability of the drones, and Police Federation of Australia Chief Executive Mark Burgess said several police jurisdictions are trailling the aircraft, and "The reality is, they will be one of the tools in the armoury." Not so fast, says Australian Council of Civil Liberties President Terry O'Gorman, who says "The potential for abuse is very worrying," and such testing should not be conducted absent "immediate input and oversight" from the Queensland privacy commissioner.
Full Story

DATA LOSS—AUSTRALIA

Commissioner Seeks Additional Breach Info (March 16, 2012)

CHANNELNEWS reports that Privacy Commissioner Timothy Pilgrim is seeking more information from Telstra on its December breach that resulted in details on nearly one million customers being exposed online. At the time, the company was required to file a report on the incident. A spokesperson from the Office of the Australian Information Commissioner has indicated the commissioner "isn't satisfied with the answers the telco provided and has requested further information in a bid to 'clarify' certain issues," the report states. A timeline for when the report is expected has not been released.
Full Story

SURVEILLANCE—NEW ZEALAND

Some Bullish, Others Cautious About Rising Use of CCTV (March 16, 2012)

Radio New Zealand reports on the increasing use of closed-circuit television (CCTV) in public places such as taxis, bars and hotels. The reporter interviews citizens, law enforcement, businesspeople, an academic and others about its use. New Zealand Privacy Commissioner Marie Shroff says CCTV's prevalence in the country combined with the ease of posting CCTV footage to the Internet has created a "convergence issue." She says establishments using CCTV should have robust plans and practices in place for handling and storing the footage gleaned and recommends users heed the CCTV guidelines released by her office in 2009.
Full Story

PERSONAL PRIVACY—VICTORIA

Dispute Over Legality of Sharing Victim’s Data (March 16, 2012)

The Victorian branch of a national Catholic abuse charity has used a small business loophole to claim exemption from privacy requirements that would make it illegal to share a Melbourne victim's data with that region's church-affiliated abuse agency, reports The Age. The victim's lawyer says he reported the incident to Towards Healing's Victorian office so as not to involve the Melbourne archdiocese, and claims that because the agency operates as a health service it is not exempt as a small business. The agency calls the sharing a proper use, not disclosure to a third party, noting, "the complaint should have been made to the Melbourne archdiocese...The referral we made complied with our privacy policy."
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

PCEHR Report Likely Delayed (March 16, 2012)

The Australian reports that the Senate report on the Personally Controlled E-Health Record (PCEHR) system may be delayed for at least another week. Originally due last month and given an extension until Tuesday, the report follows the PCEHR bill's passage through the lower house last month. Independent computer emergency response team AusCERT warned the PCEHR system will be open to hacking. AusCERT said, "There is no reason to think criminals won't actively target PCs at work and home to gain access to systems and data once the PCEHR goes live." Saying his office does not support "the proposed federated governance model," New South Wales Deputy Privacy Commissioner John McAteer expressed concerns that the system will lead to complaint-outcome inconsistencies across state, territory and commonwealth regulators, according to the article. (Registration may be required to access this story.)
Full Story

DATA PROTECTION—AUSTRALIA

Pilgrim: Organisations Need Breach Prevention, Response (March 16, 2012)

Speaking at a recent privacy law conference, Australian Privacy Commissioner Timothy Pilgrim warned that organisations need to update their privacy practices to ensure appropriate measures have been taken to protect and respond to data breaches, Pro Bono Australia reports. Pilgrim said, "All it takes is a single careless incident to cause a massive data breach," adding that in addition to implementing "robust information security measures," organisations need to have "contingency plans in place so that if a data breach occurs, they can deal with it swiftly, mitigating any risk of harm that the breach may cause." Reputational damage can be greater if an organisation fails to swiftly notify and respond to an incident, Pilgrim added.
Full Story

MOBILE PRIVACY—AUSTRALIA

Commissioner Warns Apps Mine Personal Data (March 16, 2012)

Australian Privacy Commissioner Timothy Pilgrim is warning that companies are using mobile apps to mine users' personal information, and because many apps are developed and deployed overseas, there is little that Australian regulators can do to prevent the practice, The Daily Telegraph reports. Pilgrim said, "The question of whether or not apps are covered by the Australian Privacy Act depends on a number of factors such as whether the app developer is carrying on a business in Australia and collects or holds that information in Australia." Pilgrim has also called on app developers to provide more transparency in how they collect and process personal data as well as provide users with notice and consent mechanisms.
Full Story

MOBILE PRIVACY

Networking Apps Raise Concerns (March 13, 2012)

"I'm completely convinced that in five or 10 years you'll be able to walk into a room and know everyone's name, where everyone works and what people you know in common," Paul Davison, founder of Highlight, tells Businessweek of the ambient social networking app, which connects to Facebook and alerts users when they are in range of their online friends--or friends of friends. Highlight is one of many such apps, The Sydney Morning Herald reports, noting that an ambient social networking app "knows the locations of all its users" and, when users are close by, "checks for commonalities...or hidden social connections, like sharing a group of friends."
Full Story

PRIVACY—AUSTRALIA

Former Privacy Commissioner Wins 2012 Privacy Leadership Award (March 9, 2012)

Former Australian Privacy Commissioner Malcolm Crompton, CIPP/US, has been honored with the International Association of Privacy Professionals 2012 Privacy Leadership Award at the IAPP Global Privacy Summit on Thursday. IAPP President and CEO Trevor Hughes, CIPP/US, said Crompton "has consistently and effectively been a champion for privacy and accountability in Australia and around the world, and today we recognise his tremendous work and many years of leadership." Crompton, who is managing director of Information Integrity Solutions Pty Ltd., said, "I am privileged to receive this prestigious award from the IAPP. It is a true honor to be recognised by my peers and the association as a thought leader in the field of privacy. I look forward to continuing to contribute to the protection of privacy and user-controlled identity management."
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

As PCEHR Moves Forward, Concerns Persist (March 9, 2012)

Although the proposed user-controlled e-Health legislation passed in the Lower House last week, The Australian reports on continuing privacy concerns surrounding the e-health record (PCEHR) system. Australian Privacy Foundation Chairman Roger Clarke said the Health Department "has earned no trust whatsoever because it has consistently excluded consumers and privacy advocates from consultations and ignored most of their communications." NSW Deputy Privacy Commissioner John McAteer has commented, "This office does not support the proposed federated governance model...We suggest again that there should be a separate PCEHR privacy framework applying equally to all participants," while Privacy Commissioner Timothy Pilgrim said there are "outstanding issues" to deal with in terms of PCEHR. (Registration may be required to access this story.)
Full Story

BIOMETRICS—AUSTRALIA

Defence Force Considering Biometric Database (March 9, 2012)

The Australian Defence Force "has sounded out industry experts who might be able to build an Australian Automated Biometric Information System" on enemy combatants, The Australian reports. "Defence complies with relevant commonwealth privacy legislation and has internal policies governing the collection, storage and use of biometrics from foreign nationals," a spokesman said. The Office of the Australian Information Commissioner has not yet published guidelines on the handling of biometric data, the report states, noting that while the privacy commissioner has confirmed that "anything meeting the definition of personal information" falls under the Privacy Act, intelligence agencies are exempt from the act's operation. (Registration may be required to access this story.)
Full Story

PRIVACY—NEW SOUTH WALES

Inaugural Newsletter Updates Privacy Activities (March 9, 2012)

The Information and Privacy Commission recently released its inaugural monthly newsletter to highlight current issues and developments in privacy. The focus for the present year "will be very much upon working with public-sector agencies and community stakeholders," write Information Commissioner Deirdre O'Donnell and Privacy Commissioner Elizabeth Coombs, "to increase awareness and appropriate management of...privacy." Additional topics include the upcoming Privacy Awareness Week and a revised protocol on assessing privacy codes of practice.
Full Story

MOBILE PRIVACY—AUSTRALIA

Opinion: Privacy Is At Risk (March 9, 2012)

The Sydney Morning Herald explores the way data can be accessed online and through mobile apps. "If you use a smartphone and download apps, as more than a third of Australians do now...It's easy and quick to click on the 'OK' button. But do you know what's happening once you do? This is where you suddenly discover that what you thought you knew about your online privacy is wrong--or at best, incomplete...the edifices of privacy that we once thought we understood are melting like ice in a heatwave." Meanwhile, a CSO blog suggests that when it comes to privacy, "We don't appreciate it until it's gone."
Full Story

DATA PROTECTION

Survey: InfoSec Increasingly Important (March 8, 2012)

Consumers are growing more aware and concerned about how companies protect their data, according to a survey released this week. Edelman Global Chair of Technology Pete Pedersen says companies should exercise transparency and be proactive if a breach occurs. The survey, conducted on behalf of Edelman by StrategyOne, sampled 4,050 adult consumers in seven countries and found that 90 percent of consumers are concerned about data security and 80 percent said they know more today about data protection than they did five years ago. Pedersen said one of the most surprising discoveries was that 84 percent of respondents said security was important to them, but only 33 percent said they expected companies to adequately protect their data.
Full Story

PRIVACY

Privacy Pro Garners All Five CIPP Certifications (March 8, 2012)

Shortly after the unveiling of the IAPP's newest certification--the CIPP/E--Accenture North American Director of Legal Services and Data Privacy Compliance Benjamin Hayes, CIPP/US, CIPP/G, CIPP/C, CIPP/IT, CIPP/E, became the first IAPP member to achieve all five certifications. In this exclusive for The Privacy Advisor, Hayes discusses what the certifications mean not only for his job but for aspiring privacy professionals and what achieving a "blackbelt" in privacy might mean.
Full Story

PRIVACY

2012 Salary Survey Examines Trends (March 7, 2012)

The IAPP's 2012 Privacy Professionals Role, Function and Salary Survey, which is being released at the Global Privacy Summit, examines compensation levels and key trends as reported by respondents from the organization's diverse membership. This year's survey includes data and comparisons on issues including how privacy professionals allocate their time across different responsibilities, what career paths they are pursuing and their placement within their organizations. Other information included in the survey includes which industry sectors are most represented by privacy professionals; the size of organizations with in-house privacy staff, and what privacy professionals report as the most time-consuming tasks they oversee in their work.
Full Story

PRIVACY LAW—ASIA PACIFIC

Authorities Want Answers From Google (March 5, 2012)

A working group of the Asia Pacific Privacy Authorities (APPA) has written a letter to Google to raise concerns about changes to its privacy policy. The APPA Technology Working Group says users should be able "to control the way in which their information is aggregated and shared online, especially members of minorities or at-risk groups." The group wants to know how the changes will affect existing users and if users will have easy access to privacy tools. It also wants clarification on policies on sensitive information and the timeframe for data deletion following a user request. Google responded that its "approach to privacy has not changed" and users' data remains private.
Full Story

ONLINE PRIVACY

Philosophical Questions at the Heart of OBA Issues (March 5, 2012)

In The Atlantic, Alexis Madrigal explores the relationship between our "digital and physical selves," which he says is at the heart of consumers' concerns about online data collection. Currently, data collectors do not connect your online tracking data to your name, but "If and when that wall breaks down, the numbers may overwhelm the name. The unconsciously created profile may mean more than the examined self I've sought to build," Madrigal writes. In an interview with The Inquirer, Jeffrey Rosen says this version of the future is not inevitable, but "Privacy is not for the passive...This is an area where civic engagement and protest work." For marketers, he says, "It's a constant tug-of-war. There is huge economic pressure to see how much tracking people will accept."
Full Story

DATA LOSS—AUSTRALIA

Soldiers’ Details Posted Online, Investigation Pending (March 5, 2012)

ABC News reports that the Australian Defense Force is under investigation for a privacy breach affecting up to 80 soldiers. Medical information, discipline records and psychology reports were posted online and publicly available for several months. "I got called crazy based on the stuff about my post traumatic stress disorder," one soldier said. Former New South Wales Privacy Commissioner Chris Puplick said, "From what I've seen, I think it's a shocking breach--the fact that this sort of information is so easily accessible to people who have no reason and indeed no right to have that." The soldier has complained to the Australian privacy commissioner, and an investigation is underway.
Full Story

SURVEILLANCE—QUEENSLAND

Drones Will Survey Beaches, Aid Authorities (March 2, 2012)

In a 12-month trial in Queensland, drones will keep a lookout for beachgoers in trouble, sending real-time video to a lifesaver with a laptop, reports The Australian, and according to Victoria Police, they will become more common in law enforcement as well. Privacy advocates across the globe are voicing concern, with some noting the lack of regulations for this technology. Privacy Commissioner Timothy Pilgrim recommends any organisation "contemplating the use of this sort of technology should undertake a privacy impact assessment," adding, "They will need to make sure that they comply not only with relevant privacy laws but also with the community's expectations about their right to privacy." (Registration may be required to access this story.)
Full Story

GENETIC PRIVACY—NEW ZEALAND

Proposals Would Protect Infant Blood Cards (March 2, 2012)

New Zealand Privacy Commissioner Marie Shroff has proposed changes to the Health Information Privacy Code that would improve protections on genetic information contained in blood samples taken from newborns, reports New Zealand Doctor. The main use of the samples is to diagnose disorders in newborns, and under the proposal, all other uses would fall under conditions such as family consent. "The proposed changes to the code will provide the public with reassurance that millions of bloodspot cards are not going to be turned into an involuntary DNA database," said Shroff in a media release. The proposal is open to comment through 13 April.
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

PCEHR: What Is It, and How Will It Change Care? (March 2, 2012)

The Conversation offers an overview of the Personally Controlled Electronic Health Record system planned to launch 1 July of this year, including concerns ranging from "privacy to governance and liability, through to doubts about whether anyone would actually use the system." The largest impact the system will have, states the report, will be the "legislation and infrastructure that will benefit all e-health projects" including "a unique healthcare identifier for each patient and healthcare provider...standards that specify how different systems will talk to each other and a way for all people accessing these systems to be authenticated."
Full Story

PRIVACY LAW—HONG KONG

Commissioner Pleased with Amendments (March 2, 2012)

After initial objections to the proposed Personal Data (Privacy) (Amendment) Bill 2011, Privacy Commissioner for Personal Data Allan Chiang says he is "pleased that the administration has finally agreed to delete the provisions regarding 'delayed notification' and 'deemed consent,'" according to a media statement. "Under the amended proposal, if an organisation uses or sells a customer's personal data, it must receive written consent or the customer must not have not opted out. "Ideally, we prefer that the customer's reply could take the form of 'opt-in'... However, as it would take time for the consumer market to adjust to an 'opt-in' regime," Chiang said, in the interest of protecting consumer data, "I accept the 'opt-out' regime as a transitional arrangement."
Full Story

ONLINE PRIVACY

Google Implements New Privacy Policy (March 1, 2012)

Amidst concerns from privacy advocates and regulators, Google today implemented its new privacy policy, RTÉ reports. A group of U.S. and European consumer advocacy groups made last-minute appeals to the company to suspend the changes. Trans Atlantic Consumer Dialogue sent Google CEO Larry Page a letter appealing the move. "Going forward with this plan will be a mistake. We ask you to reconsider," the letter said. "You record virtually every event of a Google user, in far more detail than consumers understand...It is both unfair and unwise for you to 'change the terms of the bargain' as you propose to do." Ireland Data Protection Commissioner Billy Hawkes said there will be issues to consider, the report states. Meanwhile, Japan has expressed concern over the changes, and France's data protection authority has also sent a letter to Page, writing, "Our preliminary analysis shows that Google's new policy does not meet the requirements of the European directive on data protection, especially regarding the information provided to data subjects." Editor's Note: Irish Data Protection Commissioner Billy Hawkes will deliver a keynote address at the upcoming IAPP Data Protection Intensive in London.
Full Story

PRIVACY LAW—MALAYSIA

Data Protection Act Will Safeguard Personal Data (March 1, 2012)

Expected to go into effect in June, the Malaysian Personal Data Protection Act will make such practices as disclosing or processing personal data without consent; selling data; unlawful collection of data, and failure to register data punishable offenses, reports Bernama. Organizations found in violation of the act will be subject to fines of up to RM500,000 and up to three years in prison, depending on the type of incident. "The newly-appointed Director-General of the Personal Data Protection Department, Abu Hassan Ismail, said the department accepted the challenges in implementing the act," the report states.
Full Story