ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

PRIVACY LAW—CHINA

Cabinet OKs Draft Data Protection Bill Changes (August 31, 2012)
China’s Executive Yuan has approved draft legislation that seeks to make improvements on a 2010 amendment to the Personal Data Protection Act, The China Post reports. The proposed changes would require data collectors to inform consumers prior to processing such data. The bill will go before the Legislature Yuan for final approval, the report states.

DATA RETENTION—AUSTRALIA

Inquiry Finds Strong Opposition to Retention Reform (August 30, 2012)

A parliamentary inquiry has revealed strong opposition to the government’s proposed data retention reforms, itnews reports. The Parliamentary Joint Committee on Intelligence and Security published 177 public submissions representing thousands of individuals and organisations, and the report states not many were in support of the proposals. In support, the NSW government said, “Fundamental reform is…required, not to increase powers, but to ensure that existing powers are not rendered completely ineffective.”  Meanwhile, Victoria’s acting privacy commissioner said the proposed reforms are “characteristic of a police state,” while others have claimed the move is an “Orwellian intrusion.”
Full Story

DATA PROTECTION—NEW ZEALAND

ACC Report May Lead to Wider Review (August 30, 2012)

The New Zealand Herald reports that last week’s independent report on the breach by the Accident Compensation Corporation (ACC) may lead to a wider overhaul of all government agencies’ handling of private information. Former Australian Privacy Commissioner Malcolm Crompton, CIPP/US, said the individual who made the breach known had done the public “a service by making sure that we pay attention to the proper governance of personal information.”
Full Story

PRIVACY LAW—NEW ZEALAND

Commissioner: Privacy Laws Not at Fault in Teacher Scandal (August 30, 2012)

New Zealand Privacy Commissioner Marie Shroff has said she does not believe existing privacy laws are to blame in the case of a Northland deputy principal who allegedly abused his students, 3news.co.nz reports. “There are many ways under which information can be shared,” Shroff said. “In my personal view, it’s got more to do with patch protection and people perhaps not trusting another agency with some particularly sensitive information.” The news comes a week after a report from the minister of education revealed a sex offender had stolen an individual’s identity to teach.
Full Story

PRIVACY LAW—HONG KONG

Analysing the Personal Data (Privacy) Ordinance Amendments (August 30, 2012)

In July, Hong Kong’s Personal Data (Privacy)(Amendment) Ordinance, which finalised the amendments to the Personal Data (Privacy) Ordinance, was gazetted. In this exclusive for The Privacy Advisor, Mayer Brown Partner Sara Or analyses the new finalised amendments. “Data users will have to review and update their existing data protection policies and procedures and relevant contracts and forms with clients, employees and data processors in compliance with the new or revised requirements,” Or writes. (IAPP member login required.) Editor’s Note: The IAPP will host a KnowledgeNet event in Hong Kong on Tuesday, 18 September.
Full Story

HEALTHCARE PRIVACY—CHINA

Draft Law Would Protect Privacy of Mentally Ill (August 30, 2012)

Xinhua reports on draft legislation pertaining to mental health in China’s bi-monthly session of the Standing Committee of the National People’s Congress that would include provisions to protect patients’ privacy and allow patients to challenge institutions that violate their privacy. The draft law would mandate that institutions and individuals protect and secure patients’ private data unless data-sharing is necessary to abide legal obligations, the report states. Patients and their relatives would also be able to file lawsuits against the government, medical institutions and individuals if patients believe their rights have been violated.
Full Story

PRIVACY LAW—THAILAND

Opinion: Telemarketing Abuse Prompts Need for Privacy Law (August 30, 2012)

Bangkok Post reports on the lack of a privacy law in Thailand to help prevent the sale and misuse of personal information by telemarketers and other firms. The report states that “people were able to get personal information from various institutions with help from insiders,” which is “almost certainly against the law, but the next phase—selling the data—is not. This is because Thailand has no law to protect such data.” The report notes that a law has been under consideration “for more than a decade,” but “the privacy protection bill has moved at a snail’s pace because consumer protection is sometimes considered anti-business and isn’t high on politicians’ agenda.”
Full Story

ONLINE PRIVACY

What Happens to Our Data After Death? (August 30, 2012)

When it comes to our final wishes for the digital data we amass in the course of our lives, a news.com.au report suggests that “unless you get control over your digital collections and social networking pages now, it will be very difficult for your loved ones to access all of your content once you're gone.” The report examines the ways social networks allow—or don’t allow—loved ones to access or deactivate accounts of the deceased. Quoting Facebook, the report says the best way to sum up what happens to our data after death is, “It's complicated.” Editor's Note: A past feature in Inside 1 to 1: PRIVACY examines the questions around who owns the digital data stored in sites and caches across the web.
Full Story

ONLINE PRIVACY

Privacy Worries Surround UN Internet Regs (August 30, 2012)

“What would online privacy look like if the United Nations (UN) regulated the Internet?” queries Mathew J. Schwartz in this exclusive for The Privacy Advisor. “That’s one question on the minds of privacy advocates as the International Telecommunications Union—a UN agency based in Geneva, Switzerland, that regulated telecommunications and IT issues—approaches the task of helping the UN decide if it should exert more control over Internet governance,” Schwartz writes. According to the report, some proposals “have technologists and—at least in the United States—legislators up in arms, leading to allegations that the renegotiated treaty could allow countries such as China and Russia to more easily censor the Internet.”
Full Story

PRIVACY LAW—PHILIPPINES

BPO Industry Backs Data Privacy Law (August 29, 2012)

The umbrella organization of the IT business process outsourcing (IT-BPO) industry in the Philippines said the recent signing of the Data Privacy Act will increase the confidence of foreign investors, Manila Standard Today reports. Business Processing Association of the Philippines President and CEO Benedict Hernandez said the law brings the country “to international standards of privacy protection.” In a statement, Sen. Edgardo Angara noted the importance of balancing the free flow of information with privacy protections and said the implementation of the new law will require training of experts and added rules and regulations, the report states.
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

OAIC Seeks Public Comment on PCEHR Enforcement (August 29, 2012)

ZDNet reports that the Office of the Australian Information Commissioner (OAIC) is seeking public comment on how it should enforce personally controlled electronic health record (PCEHR) privacy regulations. Together with a set of enforcement guidelines, the OAIC has released a consultation paper. The guidelines detail the OAIC’s enforcement and investigative powers under the PCEHR and Privacy Acts and outline the penalties, enforceable undertakings and injunctions that can be applied in breach cases, the report states. The OAIC is asking if the draft guidelines are acceptable and provide enough clarity. The deadline for public comment is September 18.
Full Story

PRIVACY LAW—AUSTRALIA & U.S.

Experts Consider “Grey” Area of USA PATRIOT Act (August 27, 2012)

COMPUTERWORLD reports on privacy advocates’ belief that the USA PATRIOT Act could apply to data hosted by Rackspace in Australia. “When Rackspace announced the opening of its first data center in Australia, the company emphasized that only Australian laws would apply to hosted data,” the report states, noting this prompted questions by competitors and others regarding the extra-territorial reach of the USA PATRIOT Act. “It is a very grey area,” said Information Integrity Solutions Managing Director Malcolm Crompton, CIPP/US. “Much more insight is needed into questions such as whether and how a company has a link to the U.S. before it is possible to say” how the act would apply.
Full Story 

PERSONAL PRIVACY—AUSTRALIA

Tax Office Wants Access to Real-Time Data (August 24, 2012)

The Australian Tax Office (ATO) is asking for changes to the nation’s phone-tapping laws so investigators can intercept data in real time, iTnews reports. The office has access to stored communications such as voice mail, e-mail and SMS messages under the Telecommunications (Interception and Access) Act 1979, the report states. “Access to real-time telecommunications data would enable our investigators to quickly identify those involved in suspected fraud, establish an association between two or more people, prove that two or more people have communicated at a particular time and by what means or show that a person was at a location at a particular time,” said the ATO.
Full Story

PRIVACY LAW

Legislative Discrepancies Lead To Costs for ISPs (August 24, 2012)

Internet service providers (ISPs) have become “increasingly implicated in a complex situation as differing laws arise across different jurisdictions,” says Pauline Reich, a law professor and founder-director of the Asia-Pacific Cyberlaw, Cybercrime and Internet Security Research Institute Japan. The Council of Europe has requested ISPs voluntarily grant law enforcement agencies access to data on individuals for investigations, which jurisdictions have interpreted in various ways. As countries navigate “the complicated privacy debate,” ISPs and telcos could see greater costs, including monetary costs incurred from lawsuits and a loss of public trust if customers understand their data may be shared, ZDNet reports.
Full Story

DATA PROTECTION—NEW ZEALAND

ACC, Auditor General Reports Issued (August 23, 2012)

An independent report on New Zealand’s Accident Compensation Corporation (ACC) has revealed that a data breach was due to “human error” but also “systemic weaknesses within ACC’s culture, systems and processes.” Commissioned by New Zealand Privacy Commissioner Marie Shroff, the Independent Review of ACC’s Privacy and Security Information was undertaken by KPMG and former Australian Privacy Commissioner Malcolm Crompton, CIPP/US. Shroff said the ACC “has elements of privacy protection and security” in place, but they “are not up to the standard expected” of such an organisation, adding, a “culture change” will be necessary, starting “right at the top.” ACC Minister Judith Collins says she agrees with the report’s recommendations. The Auditor General has concluded its investigation and released a report as well. Meanwhile, State Services Commissioner Iain Rennie urged vigilance by public servants processing personal data.
Full Story

PERSONAL PRIVACY—NEW ZEALAND

Bill Means No More Anonymity for Toll Users (August 23, 2012)

A bill introduced last week would remove an existing legal provision related to motorists, The New Zealand Herald reports. The Government’s Land Transport Management Amendment Bill would allow for the collection of personal information from motorists who use toll roads by not allowing them to pay anonymously. According to the report, civil liberties advocates and the privacy commissioner are concerned. A spokesman for the transport minister said the anonymous system “no longer reflects the working realities of modern tolling systems, which collect vehicle information needed to apply tolls without disrupting traffic.” A NZ Transport Agency official said those concerned about privacy could use non-toll roads.
Full Story

PRIVACY LAW—AUSTRALIA

Senate Passes Cybercrime Legislation (August 23, 2012)

The Cybercrime Legislation Amendment Bill 2011 has passed the Australian Senate, ZDNet reports. The bill amends the Mutual Assistance in Criminal Matters Act 1987, the Criminal Code Act 1995, the Telecommunications (Interception and Access) Act 1979 and the Telecommunications Act 1997 and has incited concern among Internet service providers about their new data retention responsibilities. The bill was amended before its passage to include privacy protections at the recommendation of the Joint Select Committee on Cyber-Safety. Australia now joins the 34 nations who’ve acceded to the Council of Europe Convention on Cybercrime, the report states.
Full Story

IDENTITY THEFT—NEW ZEALAND

Sex Offender Stole Identity To Teach (August 23, 2012)

A report from Minister of Education Hekia Parata has revealed that convicted sex offender Te Rito Henry Miki was able to teach after he stole the identity of a teacher listed on the New Zealand Teachers’ Council website. Parata said the incident was the result of “serious failings across the whole system.” A committee has since made 35 recommendations on how to prevent similar incidents from occurring, including sharing data on teachers’ name changes. Pending the passage of the Privacy (Information Sharing) Bill, agencies will consider whether the Department of Internal Affairs may share name-change information with the New Zealand Teachers’ Council and the Ministry of Education, The New Zealand Herald reports.
Full Story

EMPLOYEE PRIVACY—AUSTRALIA

Lawyers Urge Business To Adopt Social Media Policies (August 23, 2012)

Lawyers have warned Australian businesses to enact a social media policy or risk liability, Australian Financial Review reports. The warnings follow various lawsuits in Australia and abroad involving social media posts. Companies need explicit policies on social media, which should also appear in employee contracts, the lawyers said. “It’s a policy issue,” said one lawyer. Another said, “If the employee or agent of a business posts personal information about an employee on the business’s Facebook site using the business records of personal information, the business may breach the Privacy Act 2001.” Proper monitoring systems and policies can help mitigate this risk, he said.
Full Story

PRIVACY LAW—PHILIPPINES

Data Privacy Law Signed (August 23, 2012)
President Benigno Aquino has signed the Data Privacy Act 2012, ABS-CBN News reports. The bill is also known as “An Act Protecting Individual Information in Information and Communication Systems in the Government and the Private Sector.” The bill is based on the European Directive and requires data security standards by business process outsourcers. The president did not veto any of the bill's provisions, the report states. Some lawmakers have said the law will spur investment in the Philippines.

PRIVACY LAW—NEW ZEALAND

Commission Recommends Cyber-Bullying Laws (August 16, 2012)

Privacy Commissioner Marie Shroff has issued a statement supporting the Law Commission's recommendations for new laws to fight cyber-bullying. The Law Commission's proposals include amending the Privacy Act to ensure that it can be readily applied to digital communications and a “new electronic communications offence for those aged 14 and over,” The National Business Review reports. "Our laws need to be updated to tackle the digital age," Shroff said, noting, “The read-write web has huge benefits, but it also creates the potential for greater misuses of the technology. This includes people posting information about others that causes severe distress, including cyber-bullying and online impersonation.”
Full Story

DATA PROTECTION—NEW ZEALAND

ACC Minister To Enforce Zero Tolerance Policy (August 16, 2012)

ACC Minister Judith Collins says she wants staff who breach a new “zero tolerance” policy on privacy breaches to be fired. Collins expressed frustration with the ACC’s neglect of privacy among its “top priorities.” The ACC has revealed that 11 staff members were reprimanded for “serious misconduct” since 2010, Stuff.co.nz reports. The news follows a March ACC breach involving 6,500 clients. An investigation by the privacy commissioner and the auditor general will be released within weeks, and Collins says new board members and a new chairperson will be put in place soon, adding, the new hires will be expected to bring about “the cultural change that I expect from ACC.”
Full Story

BIG DATA—VICTORIA

Big Data Raises Regulatory Concerns (August 16, 2012)

The Australian Financial Review reports on Big Data from the perspective of businesses, consumers and regulators. Acting Victorian Privacy Commissioner Anthony Bendall is concerned about Big Data as “the next big headache for government regulators with far-reaching implications for citizens,” the report states. “Big Data gets talked about a lot more in terms of questions it raises than answers, to be honest,” Bendall says, noting that privacy legislation is out of sync with modern technology when it comes to Big Data and, “If we don’t change the regulations, there’s a chance there’ll be a regulatory backlash that will impede researchers.”
Full Story

DATA LOSS—AUSTRALIA

Anonymous: “ASIO Down. DSD, You’re Next!” (August 16, 2012)

The hacker group Anonymous claims to have shut down the public website of the Australia Security Intelligence Organisation (ASIO) and has threatened that its next target is the Defense Signals Directorate (DSD), reports The Australian. ASIO says that while it experienced “technical issues with its public website,” no classified data is held on the site and “disruption would not represent a risk to ASIO’s business.” A DSD spokeswoman says that organisation is "aware of recent hacktivist group activity,” but the site remains online and contains no classified information. The privacy commissioner is currently investigating hacking incidents at AAPT and Melbourne IT—for which Anonymous has claimed responsibility. (Registration may be required to access this story.)
Full Story

TRAVELLERS’ PRIVACY—AUSTRALIA

Body Scanners Come To All International Airports (August 16, 2012)

The Sydney Morning Herald reports that body-scanning equipment will be rolled out to all Australian international airports starting in November. Parliament passed laws on the technology this week, and Transport Minister Anthony Albanese has reassured those concerned about privacy that the images taken by the machines won’t be copied or stored. An amendment to allow passengers to opt out of the screening was defeated by the government. Meanwhile, the Green Party continues to push for passengers to be allowed to opt out without a physical or medical reason.
Full Story

PRIVACY LAW—AUSTRALIA

Groups Voice Concern Over Government’s Amendments (August 16, 2012)

The Australian Privacy Foundation (APF) says the government’s proposed amendments to privacy legislation are a “lost opportunity” in improving areas such as credit reporting and off-shore data protection, iTnews reports. Nigel Waters of the APF told a Senate inquiry last week that the bill would “significantly weaken” Australians’ privacy protections, the report states. “While we are impatient for reform, we sadly feel that there are so many flaws in this package that it should not be enacted,” he said. The amendments may have implications on a variety of industries, say groups such as the Australian Information Industry Association, philanthropic services and the Interactive Advertising Bureau.
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Experts: E-Health System Is Not User-Friendly (August 16, 2012)

Doctors, consumers and privacy advocates say the audit trail in the recently launched eHealth system intended to show consumers who has accessed their medical records is unreadable by consumers, reports The Australian. An e-Health consultant and medico accessed his own audit trail and deemed the results, which he posted on his blog, “incomprehensible.” While Australian Privacy Foundation spokeswoman Juanita Fernando noted, “How the heck is a consumer expected to interpret machine addresses? That's all they've got to track their record." Consumers Health Forum’s Carol Bennett says making the audit user-friendly should be a high priority “so it can generate confidence that consumers have the ability to have control over who accesses their record." (Registration may be required to access this story.)
Full Story

DATA LOSS—AUSTRALIA

AFP: No Shame in Reporting Breaches (August 16, 2012)

ZDNet reports on comments from Brad Marden of the Australian Federal Police (AFP) High Tech Crime Operations that if organisations have put the right security into place, they should not be ashamed to report breaches. "If your house is broken into, nobody thinks worse of you because you got broken into,” he said, adding, that it is when organisations attempt to cover up a breach that they “get far worse publicity in the long run." The report also details ways the AFP is willing to work with organisations to address online crime.
Full Story

PRIVACY—NEW ZEALAND

Minister Discounts Criticism, File Closed (August 16, 2012)

Director of the Office of Human Rights Proceedings Robert Hesketh has closed the file on Social Development Minister Paula Bennett’s 2010 disclosure of a welfare recipient’s personal details, reports The New Zealand Herald. Bennett has maintained that she did not breach privacy and recently said that if faced with the same circumstances, “I'd make another look at it and make a decision based on what the recommendations are and the rules are around privacy." This statement concerns Green Party leader Metiria Turei, who said it “puts all New Zealand beneficiaries at risk..."
Full Story

PRIVACY LAW—HONG KONG

Commissioner Reminds Candidates of Election Season Rules (August 16, 2012)

Privacy Commissioner for Personal Data Allan Chiang is reminding candidates of the 2012 Legislative Council Election that they must comply with the Personal Data (Privacy) Ordinance. In 2011, the commissioner received 119 complaints about electioneering activities, including that individuals’ data was used without their consent, and names and addresses were not concealed in mass e-mails sent to voters. Two of those cases were resolved through mediation. The commissioner reminds candidates to only collect necessary information, inform individuals of the collection’s purpose and safeguard the data against unrelated parties.
Full Story

PRIVACY LAW—AUSTRALIA

Australia Delays Internet Security Plan (August 16, 2012)
The Australian government has tabled an initiative that would have stored the web history of Australians for up to two years, The Sydney Morning Herald reports. Attorney-General Nicola Roxon has referred a discussion paper on the expanded governmental surveillance powers to a parliamentary committee, which will stall the plans until after the next election. Roxon recently said she’s not yet convinced the data protection proposals have merit. Supporters of the reforms are concerned with the delay, with one security official saying the reforms “are urgently needed to deal with a rapidly evolving security environment.”

DATA LOSS

Gamers Urged To Change Passwords After Breach (August 10, 2012)

Blizzard Entertainment is warning gamers to change their passwords due to a security breach of its internal network, CNET News reports. Certain e-mail addresses and scrambled passwords are believed to have been stolen, according to the company.At this time, we've found no evidence that financial information such as credit cards, billing addresses or real names were compromised,” said company President Michael Morhaime in a blog post. “Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.”
Full Story

ONLINE PRIVACY

Google To Include Gmail Content in Web Searches (August 10, 2012)

Google has announced plans to roll out a new feature to a million Gmail users who sign up for it, and after accepting feedback, hopes to give all accountholders the ability to opt in to the feature that would allow contents of users’ Gmail correspondences to be included in their Google searches, reports the Associated Press. The feature is a response to a more people-centered Internet driven by the prevalence of information sharing on social networks, the report states, and may bring with it privacy concerns. To alleviate these concerns, Google will show Gmail communications in a collapsed format that users have to open in order to see details.
Full Story

DATA LOSS—AUSTRALIA

Privacy Commissioner Investigating AAPT Breach (August 9, 2012)

Australian Privacy Commissioner Timothy Pilgram has said his office is investigating Internet service provider AAPT and Melbourne IT after a recent data breach allegedly perpetrated by hacktivist group Anonymous, COMPUTERWORLD reports. Compromised information included documents revealing federal government accounts, data from the Australian Federal Police and names of AAPT staff. Pilgrim said he will look into whether the ISP’s “practices were consistent with the Privacy Act at the time of the incident.”
Full Story

DATA PROTECTION—AUSTRALIA

Hacker, Advocates Agree on Need for Breach Laws (August 9, 2012)

Most companies did not tell their customers when they lost their information until laws required them to do so, a former hacker-turned-security professional advises. The Sydney Morning Herald reports on Kevin Mitnick’s “grim warning for Australia” about the need for data breach notification laws, noting his position is “supported by two security experts and Electronic Frontiers Australia, who all believe that without laws forcing companies to disclose breaches in Australia, most will continue to go unreported.”
Full Story

DATA LOSS—VICTORIA

Commissioner To Ticketing Authority: Fix Glitch (August 9, 2012)

Acting Victorian Privacy Commissioner Anthony Bendall is asking the Victorian Transport Ticketing Authority how it will “fix a glitch that causes Myki vending machines to issue receipts that contain sensitive personal information” including credit card details, The Age reports. Bendall noted that since the authority is subject to Victoria’s Privacy Act, it must ensure customers’ private information is protected from unauthorised access, adding, “I've given them a couple of weeks and asked them (to respond) with either a meeting or a written briefing.”
Full Story

DATA PROTECTION—ASIA PACIFIC

Expert: One in Four Firms Suffered Breach Last Year (August 9, 2012)

A security expert has said that approximately 25 percent of Asia-Pacific firms experienced a data breach last year, Infosecurity Magazine reports. RSM Bird Cameron Information Security Director Jo Stewart-Rattray said that there is a need for a “cross-functional approach to information security” for marketing, human relations and IT departments, and added that data leaks are no longer the “sole bailiwick of IT.” Stewart-Rattray recommended organisations create and implement clear policies around data access and use for the purpose of limiting data breaches.
Full Story

ONLINE PRIVACY

Search Tool Moves Toward Artificial Intelligence (August 9, 2012)

The New York Times reports on a Google search tool that aims to understand human meaning, have spoken conversations and provide results—not only from the Internet but from users’ personal lives. The tool, which is being rolled out to the first million volunteers, will also incorporate a user’s Gmail messages to aid in searches. Google Senior Vice President of Search Amit Singhal said the moves are “baby steps in the direction of making search truly universal” and toward building in artificial intelligence. The company emphasized that users can turn the search tool off. Singhal added, “We have to do this very carefully; we know that.” (Registration may be required to access this story.)
Full Story

PRIVACY LAW—AUSTRALIA

Privacy Commissioner Wants Payload Data Deleted (August 8, 2012)
The Australian Privacy Commissioner has called on Google to destroy data collected from open WiFi networks, iTnews reports. The commissioner sent a letter to Google’s Australian head of public policy and government affairs ordering its immediate destruction, the report states. “I do not require Google to retain the additional payload data, and unless there is lawful purpose for its retention, Google should immediately destroy the data,” Pilgrim wrote. “Further, I also request that Google undertakes an audit to ensure that no other disks containing this data exist and to advise me once this audit is completed.” Commissioners from the UK, France and other jurisdictions have made similar requests.

ONLINE PRIVACY

Internet Explorer 10 To Keep DNT By Default (August 8, 2012)

Microsoft has announced it will keep its default do-not-track (DNT) setting in Internet Explorer 10 (IE10), Ars Technica reports. Microsoft Chief Privacy Officer Brendon Lynch, CIPP/US, said, “Customers will receive prominent notice that the selection of Express Settings turns DNT on.” Users will also have the option to opt out of DNT in the customize setting. Lynch added, “Our approach to DNT in IE10 is part of our commitment to privacy by design and putting people first…We believe consumers should have more control over how data about their online behavior is tracked, shared and used.”
Full Story

CLOUD COMPUTING

The Cloud and Its Privacy Risks (August 8, 2012)

TECHNEWSWORLD reports that privacy in the cloud “may be an illusion,” and businesses relying on the cloud should be aware of its privacy risks. Laws in the U.S., EU and elsewhere allow government agencies access to cloud data, and Mutual Legal Assistance Treaties facilitate cooperation across borders, allowing law enforcement to request data in any country that is a part of such a treaty. The report points to a recent whitepaper that concludes “it is not possible to isolate data in the cloud from governmental access based on the physical location of the cloud service provider or its facilities.”
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

E-Health Reforms Expand Commissioner’s Powers (August 6, 2012)

FutureGov reports on Australia’s rollout of new privacy safeguards in the Personally Controlled Electronic Health Records program. Under the reforms, which expand upon existing obligations under Australia’s Privacy Act 1988, Australian Privacy Commissioner Timothy Pilgrim may seek civil penalties and enforce undertakings by organizations that fail to protect patient records. Healthcare providers are now obligated to refrain from collecting more patient information than is necessary and to ensure staff are appropriately trained in data protection. The reforms expand Pilgrim’s powers and allow consumers to make decisions about who sees their records and what information is shared with third parties.
Full Story

PRIVACY LAW—HONG KONG

New Ordinance Will Change Privacy Landscape (August 6, 2012)

Following Hong Kong’s Personal Data (Privacy) (Amendment) Ordinance (PDPAO) publication in the Government Gazette earlier this month, DLA Piper analyzes the key amendments that will be implemented in several phases, starting October 1. Key amendments of the PDPAO include the regulation of the use of personal data for direct marketing; regulation of third-party processors; new powers for the data protection authority to assist in civil actions and to verify data user returns’ accuracy, and new rules against unauthorized personal data disclosure and repeated violations of an enforcement notice. Provisions related to direct marketing and new regulatory powers are slated to go into effect in 2013. Editor’s Note: The Privacy Advisor recently caught up with Hong Kong Privacy Commissioner for Personal Data Allan Chiang for a Q&A.
Full Story

PRIVACY LAW—AUSTRALIA

Commissioner, Advocates Troubled by Proposals (August 2, 2012)

Australian Privacy Commissioner Timothy Pilgrim has said the federal government’s proposed amendments to Australian privacy legislation could “unintentionally” weaken protections already provided for individuals under the law, iTNews reports. Pilgrim said in a submission to a Senate inquiry that the proposal “could broaden the scope for collection of user information by companies and water down regulatory wording,” the report states. The Australian Privacy Foundation has also submitted concerns that the proposals are “consumer-hostile” and should be withdrawn, adding the proposals were “cherry-picked” from the Australian Law Reform Commission’s 2008 recommendations.
Full Story

PRIVACY—NEW ZEALAND

Former ACC Head Denies Official’s Claims (August 2, 2012)

The New Zealand Herald reports that former ACC Chairman John Judge said he has not tarnished an investigation into the leak of a sensitive e-mail. ACC Minister Judith Collins claims that Judge has erased material on his computers. The investigation is being led by the privacy commissioner.
Full Story

DATA PROTECTION—AUSTRALIA

Company Fails Fundamental Security Checks (August 2, 2012)

The Sydney Morning Herald reports on concerns about Telstra’s customer verification process. Phone operators are reportedly bypassing password checks and only ask for a customer’s name and date of birth, the report states. One customer filed a complaint with the Telecommunications Industry Ombudsman, but the agency said the Privacy Act was out of its jurisdiction. According to the article, a complaint has been filed with the Office of the Australian Privacy Commissioner. A security expert said it’s time for companies to change their customer verification checks.
Full Story

PERSONAL PRIVACY—NEW ZEALAND

Worker Demands Public Apology After Leak (August 2, 2012)

A Ports of Auckland worker has said he wants a public apology from the organisation after it leaked personal information about his leave of absence due to his wife’s passing, The New Zealand Herald reports. The privacy commission has indicated that the port was responsible for the leak of information posted on a blog site. A port spokesman said they could not comment because the privacy commission is still investigating.
Full Story

DATA PROTECTION—AUSTRALIA

Retailer Association To Provide Privacy Education (August 2, 2012)

In light of a growing number of data breaches affecting retailers and consumers, the Australian Retailers Association (ARA) has developed a set of data protection seminars and webinars to educate businesses on how to limit and mitigate data breach vulnerabilities, Inside Retail reports. A recent report from the Ponemon Institute said the average cost of a data breach to Australian businesses is approximately $2.16 million per incident.
Full Story

DATA RETENTION—AUSTRALIA

Experts Explore ISP Data Retention Proposal (August 2, 2012)

In a ZDNet podcast, three experts discuss the implications of a proposed law mandating Internet service providers store user data for up to two years. Australian Federal Police Assistant Commissioner Neil Gaughan said, “If someone from the Anonymous group is hacking into a company in Australia, through a telco that isn’t keeping IP data, we can’t start an investigation.” Gaughan is joined by Crikey news correspondent Bernard Keane and network engineer Mark Newton.
Full Story

DATA LOSS—SOUTH KOREA

Authorities Arrest Hacking Suspects (August 2, 2012)

South Korean authorities have arrested two computer programmers suspected of hacking into Korea Telecom’s database and stealing personal information, The Verge reports. Korea Telecom says the hacked data includes user names, telephone numbers and resident registration numbers of 8.7 million subscribers, the report states. Police are also investigating seven additional suspects. “We deeply apologise for worrying you,” the company told its subscribers last weekend, adding it will provide additional safeguards.
Full Story

PRIVACY LAW—HONG KONG

PCPD Reports Some Google Privacy Policy Improvements (August 2, 2012)

Hong Kong Privacy Commissioner for Personal Data (PCPD) Allan Chiang has reported some improvements with Google’s privacy policy. A PCPD press release notes there are “now more ways to access privacy-related information.” Chiang noted, “In terms of fully addressing the privacy concerns we have raised, we are far from satisfied with Google’s clarifications and improvements done.” The PCPD added that it will continue to cooperate with other privacy authorities on the issue.
Full Story

PRIVACY LAW

CNIL Investigates Street View Data, Will Australia Follow? (August 2, 2012)

The French data protection authority (CNIL) has asked Google to make undeleted payload data from its Street View project available for analysis, The New York Times reports. The move comes days after the UK’s Information Commissioner’s Office (ICO) announced a similar inquiry. The CNIL said that, like the ICO, it has asked the company to keep the data in question “secure while the necessary investigations are conducted.” CSO has asked the Office of the Australian Privacy Commissioner if they plan to investigate but the agency has not yet responded. (Registration may be required to access this story.)
Full Story

DATA RETENTION—AUSTRALIA

Melbourne IT Investigating Anonymous Hack (August 2, 2012)

Melbourne IT has confirmed it is investigating a data breach that affected its customer AAPT earlier this week, CIO Australia reports. In an act of protest against a proposed Australian data retention law, hacktivist group Anonymous has started publishing consumer data allegedly gleaned from an Australian Internet service provider (ISP). Meanwhile, in a ZDNet report, experts analyse what effect the group’s efforts may have on the proposed data retention bill. One expert says the attack was opportunistic and not an "overly skilled exercise in attacking that system.” Another expert argues that no system is totally secure and the proposed bill would require too much effort and monetary expense for ISPs to handle.
Full Story