ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

ONLINE PRIVACY

Yahoo To Ignore Default DNT Settings (October 31, 2012)

Yahoo has announced that it will ignore Internet Explorer 10’s default do-not-track (DNT) settings, InformationWeek reports, indicating the setting “ignores the wishes of its users.” The browser will continue to offer its Ad Interest Manager, which allows users to make choices about the online ads targeted to them, and other tools. “Ultimately, we believe that DNT must map to user intent—not to the intent of one browser creator, plug-in writer or third-party software service,” Yahoo said in a statement.
Full Story

DATA LOSS—NEW ZEALAND

Breaches Hit Gov’t Agencies (October 25, 2012)

The New Zealand Herald reports on three new breaches involving Work and Income New Zealand. Social Development Minister Paula Bennett has said these developments are not part of a systemic issue with the agency, the report states. Prime Minister John Key said the incidents are unacceptable but noted that human mistakes are unavoidable. The privacy commissioner has been notified. Meanwhile, an Auckland District Health Board staff member mistakenly sent personal medical information to a journalist, and last week’s incident involving the Ministry of Social Development prompted a columnist to write “when the New Zealand government is pushing e-government in a big way, it is paramount that the public…have confidence in them.”
Full Story

DATA RETENTION—AUSTRALIA

Cases Against Interception and Security Legislation (October 25, 2012)

COMPUTERWORLD Australia reports on concerns raised by the Parliamentary Joint Committee on Intelligence and Security’s inquiry into new interception legislation. One of the most controversial components of the terms of reference includes “tailored data retention periods for up to two years for parts of a data set, with specific timeframes taking into account agency priorities and privacy and cost impact.” The report includes a selection of concerns raised by organisations such as the Australian Mobile Telecommunications Association, Electronic Frontiers Australia, the Office of the Victorian Privacy Commissioner, Telstra and Vodafone.
Full Story

PRIVACY LAW—AUSTRALIA

Smartphones Spur Discussions of “Right To Sue” (October 25, 2012)

The Sydney Morning Herald reports on concerns that certain smartphone applications may fall under the Telecommunications (Interception and Access) Act 1979. Attorney-General Nicola Roxon has issued a warning on the use of ''spyware'' and is calling for stronger privacy laws amidst the proliferation of various apps, including those that allow individuals to “keep tabs on their partners,” the report states. A spokeswoman for Roxon said the government is considering ''the creation of a new right to sue where serious invasions of privacy occur.”
Full Story

PERSONAL PRIVACY—NEW ZEALAND

Police Minister: Digitally Accessing Photos Violates Privacy (October 25, 2012)

Police want to use smart devices to verify drivers’ identities when they’re not carrying licences, but The New Zealand Herald reports that Police Minister Anne Tolley said the practice would violate the Privacy Act. “It would be almost moving towards a police state," said Tolley, adding it would mean asking every New Zealand driver to agree to waive their rights under the Privacy Act. But Police Association President Greg O'Connor says, “police already have access to driver's licence photographs...Logic dictates police should have access through electronic means as well,” noting the plan to roll out smart devices to police is useless without the ability to access photographs.
Full Story

FINANCIAL PRIVACY

Breach Report: 174 Million Records Compromised in 2011 (October 25, 2012)

According to Verizon’s Data Breach Investigations Report, 174 million records were compromised in 855 data breach incidents in 2011, Out-Law.com reports. Calling it “an all-time low” for data breach protection, the report revealed that 96 percent of organizations required to follow the Payment Card Industry Data Security Standard (PCI DSS) that experienced a breach—according to Verizon’s “caseload”—were not compliant with PCI DSS. The Verizon report stated, “We are seeing a continuing trend whereby more of the organizations that fall in the 96-percent tend to be on the small side,” adding, “In many cases, these organizations have either failed to perform their assessments or failed to meet one or more of the requirements.”
Full Story

DATA PROTECTION—SINGAPORE

Gov’t Considers Banning Free Phone Books (October 25, 2012)

Singapore is considering halting the publication of free telephone directories due to privacy concerns, reports AFP. Concerns about the listing of residential and office numbers has prompted the Infocomm Development Authority of Singapore (IDA) to publish a consultation on whether “it is still necessary to maintain the regulatory requirement for Directory Services.” The IDA notes “increasing public awareness, and concerns, about use and protection of personal data.” Singapore’s Parliament passed a data protection law earlier this month that includes a Do-Not-Call registry, provisions on private-sector use of personal data and the creation of a new enforcement agency, which may fine noncompliant organizations.
Full Story

PRIVACY

FPF Announces Privacy Papers for Policy Makers 2012 (October 25, 2012)

The Future of Privacy Forum (FPF) has announced this year’s selections for its Privacy Papers for Policy Makers. Of the more than 35 entries, eight were selected. The papers cover topics such as Privacy by Design, online behavioral advertising, mobile privacy, government surveillance, de-identification and social networking. FPF Founder and Co-chair Christopher Wolf said, “Improving privacy protection is vitally important in this technology age, so we are delighted to help build a bridge of communication between privacy scholars and privacy policy makers.” FPF Director and Co-chair Jules Polonetsky, CIPP/US, said, “These writings offer some of the most compelling and innovative viewpoints that we hope policy makers consider as they look to address privacy issues.”
Full Story

SURVEILLANCE

UN Wants “Anti-Terror” Internet Surveillance (October 23, 2012)

The United Nations (UN) has released a report calling for more surveillance of Internet traffic and users for the purpose of undermining terrorist activity, CNET News reports. “The Use of the Internet for Terrorist Purposes” states, “One of the major problems confronting all law enforcement agencies is the lack of an internationally agreed framework for retention of data held by ISPs.” The 148-page report notes that terrorists use social networks to spread propaganda. UN Executive Director Yury Fedotov said, “Potential terrorists use advanced communications technology, often involving the Internet, to reach a worldwide audience with relative anonymity and at a low cost.”
Full Story

ONLINE PRIVACY

Microsoft Alters Its Privacy Rules (October 22, 2012)

The New York Times reports on a new policy implemented by Microsoft allowing it “broad leeway” over how it collects and processes information from consumers using its free, web-based services. Unlike Google’s policy changes earlier this year, “Almost no one noticed” Microsoft’s change, the report states, adding, “The difference in the two events illustrates the confusion surrounding Internet consumer privacy.” Consumer Watchdog’s John Simpson said, “What Microsoft is doing is no different from what Google did,” adding, “It allows the combination of data across services in ways a user wouldn’t reasonably expect.” A Microsoft spokesman said, “one thing we don’t do is use the content of our customers’ private communications and documents to create targeted advertising.” (Registration may be required to access this story.)
Full Story

PRIVACY LAW—AUSTRALIA

Pilgrim Supports AG’s Paper, Wants Notification Law (October 18, 2012)

Privacy Commissioner Timothy Pilgrim, in a media release, stated his support of Attorney-General Nicola Roxon’s paper discussing the possibility of a mandatory breach notification law, reports COMPUTERWORLD. “All organisations must embed a culture that values and respects privacy. I believe that mandatory data breach notification will go some way to achieving this,” Pilgrim said. Citing the business incentives of notification, Pilgrim also said that it can be essential in allowing people whose personal information has been compromised to “regain control of their identity.”
Full Story

DATA LOSS—NEW ZEALAND

MSD Chief Calls for Investigation Into Breach (October 18, 2012)

Ministry of Social Development (MSD) Chief Executive Brendan Boyle has called for an investigation after blogger Keith Ng revealed a security flaw in Work and Income data kiosks that allowed unauthorised access to personal and confidential data, reports Stuff.co.nz. Deloitte will carry out the investigation that will look at what happened at the kiosks as well as the MSD’s wider information systems and will make recommendations as to what actions it should take to restore consumer confidence, the report states. Meanwhile, Social Development Minister Paula Bennett and Labour MP Jacinda Ardern have voiced their disappointment over the breach, and Prime Minister John Key has called for a government-wide review of online information.
Full Story

DATA RETENTION—AUSTRALIA

AFP Wants “Non-Content” Data (October 18, 2012)

During a Senate Estimates hearing this week, the Australian Federal Police (AFP) shed light on the type of communications traffic it would like Internet service providers (ISPs) to retain under proposed legislative amendments on data retention, ZDNet reports. The AFP said it would like ISPs to retain “non-content” data such as “phone numbers called or texted, an e-mail address, location, duration of communications, billing information and the ‘Internet identifier,’” the report states. Secretary for the Department of the Attorney-General Roger Wilkins said the proposed model “does not include web browsing.” Meanwhile, The Australian reports that the Peter Slipper case has raised questions about whether private messages are truly private.
Full Story

DATA PROTECTION—NEW ZEALAND

ACC Launches Online Privacy Index (October 18, 2012)

The Accident Compensation Corporation (ACC) has developed a privacy index to measure the reduction of privacy breaches and disclose the implementation of recommendations from the Independent Review of ACC Privacy and Security Information, The New Zealand Herald reports. The ACC plans to publish an updated index on its website monthly. ACC Chief Executive Ralph Stewart said the organisation aims to achieve an index rating of 80 by 2013 and 97.5 by the end of June 2014, the report states. Stewart added, “Publishing the index is a practical way of monitoring ACC’s progress towards making significant changes in the way client information is managed.”
Full Story

DATA PROTECTION—NEW ZEALAND

Commissioner Queries Nightspot ID Check Data Security (October 18, 2012)

New Zealand’s privacy commissioner wants to know how bars and other nightspots are protecting data collected from an identity scanning initiative, Radio New Zealand reports. The Trinity Group is rolling out a trial system that aims to help nightspots keep out potential troublemakers. The group’s managing director said data collected will be deleted once the trial is over, and a supplier said the retained data is encrypted.
Full Story

CCTV—NEW SOUTH WALES

Council Use May Violate Privacy Law (October 18, 2012)

The Sydney Morning Herald reports on a legal case that may complicate the implementation of CCTV cameras in New South Wales. Shoalhaven City Council has spent the past two years defending its installation of 18 CCTV cameras. A Shoalhaven resident claims the cameras capture “personal information,” potentially violating state privacy law. If the Administrative Decisions Tribunal finds that the cameras collect personal information, “It will have the effect of reducing surveillance, and CCTV would no longer be available to assist police,” Shoalhaven City Council has argued.
Full Story

EMPLOYEE PRIVACY—NEW ZEALAND

Man Receives Teacher’s Payslips Via E-mail (October 18, 2012)

A Christchurch man says the Education Ministry has been sending him electronic payslips intended for another person, Stuff.co.nz reports. He says one of the payslips was unsecured, exposing a teacher’s sensitive financial information, including bank account and tax numbers. Other payslips were password-protected. “If I’m getting these, the owner probably isn’t,” the man said. “This is a privacy issue.”
Full Story

PRIVACY LAW

EU Regulators Call for Changes to Google’s Privacy Policy (October 18, 2012)

The New York Times reports on this week’s press conference hosted by the French data protection authority, the CNIL, where regulators called upon Google to clarify its 10-month-old privacy policy or face potential sanctions. In a letter to Google, the regulators noted that the revised privacy policy “did not appear to adhere to Europe’s approach to data collection, which requires explicit prior consent by individuals and that the data collected be kept at a minimum,” the report states. CNIL Chairwoman Isabelle Falque-Pierrotin said the agency will give Google three or four months to respond to the concerns. In a statement provided to the Daily Dashboard, Google Global Privacy Counsel Peter Fleischer said, “We have received the report and are reviewing it now. Our new privacy policy demonstrates our longstanding commitment to protecting our users’ information and creating great products. We are confident that our privacy notices respect European law.” While the U.S. Federal Trade Commission declined Falque-Pierrotin’s request to endorse the EU’s position, Dutch DPA Chairman Jacob Kohnstamm confirmed that privacy regulators from the 27 EU member states, Canada and some countries in Asia participated in the CNIL inquiry and “endorsed the request to Google, which outlines areas for changes to improve protection of personal data.” Google CEO Larry Page has since defended the policy, saying, “Virtually everything we want to do, I think, is somewhat at odds with locking down all of your information for uses you haven’t contemplated yet. That’s something I worry about.” (Registration may be required to access this story.) Editor's Note: Jacob Kohnstamm will deliver a keynote address while Isabelle Falque-Pierrotin will participate in a breakout session on the new European privacy regulation at the upcoming IAPP Data Protection Congress in Brussels, Belgium, in November.
Full Story

PRIVACY LAW—SINGAPORE

Parliament Passes Personal Data Protection Bill (October 16, 2012)

The Singapore Parliament has passed a personal data protection bill aimed at protecting information in the private sector, ZDNet reports. The bill includes a Do-Not-Call registry and the creation of a new enforcement agency—the Personal Data Protection Commission (PDPC)—to regulate private-sector use of personal data. Slated to become official in January, the act will require individuals be informed of and provide consent to the processing of their data by private organizations, and individuals may seek compensation through private rights of action, the report states. The PDPC may fine noncompliant organizations up to S$1 million.
Full Story

PERSONAL PRIVACY—HONG KONG

App Allows for Criminal Records Searches (October 15, 2012)

Time Out reports on a mobile app that allows users to search for individuals’ and companies’ criminal histories. Do No Evil costs $1 per search and scans more than two million litigation records by name and address. The report quotes a man who said the app violated his privacy, preventing him from gaining employment based on his past. The Office of the Privacy Commissioner for Personal Data has received inquiries on the app, a spokesman said, but hasn’t received official complaints.
Full Story

DATA RETENTION—AUSTRALIA

Attorney-General Reps To Meet with Parliament on Data Retention (October 11, 2012)

Representatives of the Attorney-General will appear before a joint parliamentary committee Friday to answer questions about plans to require Internet Service providers and other carriers retain data customer data for two years, The Australian reports. Meanwhile, Shadow Communications Minister Malcolm Turnbull is voicing his opposition to the proposed law. Meanwhile, a document recently released under freedom of information laws indicates that a preliminary privacy impact assessment of proposed reforms to the Telecommunications (Interception and Access) Act submitted to the Attorney General's Department last year recommended that a mandatory data retention regime be kept to a maximum of six months. (Registration may be required to access this story.)
Full Story

PRIVACY—VICTORIA

Commissioner’s Report: Complaints on the Rise (October 11, 2012)

The Office of the Victorian Privacy Commissioner (OVPC) says complaints related to inappropriate disclosure of personal information and data security have risen during financial year 2011-12, TechWorld reports. Of the 109 complaints total, 75 were new and 34 carried over from the year before. “This exceeds the 100 complaints handled in the previous financial year and is the highest number of complaints handled since the establishment of the OVPC,” the commissioner’s report says. Complaints against government departments remained the most common, comprising 45 percent.
Full Story

CHILDREN’S PRIVACY—NEW ZEALAND

Gov’t Database Would Track 30,000 At-Risk Children (October 11, 2012)

The New Zealand Herald reports on a government plan to create a database of 30,000 at-risk children to be accessed by health, school and social workers. High-risk adults will be added to the database as well, in an effort to curb child cruelty. Social Development Minister Paula Bennett said parents will not be informed whether their child's information is stored in the database, but can make requests for information under the Privacy Act. She added efforts to protect privacy are underway; some teachers would only have partial access, and records on database activity would be maintained.
Full Story

DATA PROTECTION—AUSTRALIA

Telecom Directed To Comply with Privacy Clause (October 11, 2012)

The Australian Communications and Media Authority (ACMA) has directed Telstra to comply with new consumer protection rules, Australian Financial Review reports. In its first action since the code was registered last month, the ACMA has told the company to comply with the privacy clause in the Telecommunications Consumer Protections Code, the report states. Commenting on the lack of a fine, the ACMA said the direction is appropriate following Telstra’s reaction to a breach earlier this year. “Given Telstra has proactively taken steps to remedy its processes with a view to preventing such an incident from happening again, a direction with respect to the specific code provision is the appropriate measure,” said ACMA’s chairman.
Full Story

DATA LOSS—NEW ZEALAND

High Court Overrules Tribunal’s Decision Following Breaches (October 11, 2012)

The Dunedin High Court ruled at a pre-appeal session that the Ministry of Social Development Agency need not follow orders made by the Human Rights Review Tribunal over Work and Income privacy breaches, reports Stuff.co.nz. The tribunal had ordered Work and Income to pay a Dunedin man $17,000 for two breaches of the Privacy Act, but the ministry called the tribunal’s decision excessive and said the tribunal lacked jurisdiction over the matter. An appeal hearing has been set for 7 February.
Full Story

DATA PROTECTION—NEW ZEALAND

Commissioner Orders Payload Data Disk Destroyed (October 11, 2012)

Privacy commissioners in Australia and New Zealand have told Google to destroy a disk of information collected from unsecured WiFi networks during its Street View filming. Google recently reported finding the disk, which it says was missed when it originally handed information over to the commissioners’ offices. “It’s very disappointing that this disk could be overlooked,” said  New Zealand Assistant Commissioner Katrine Evans. “Collecting the information in the first place was a major breach of privacy.” Australian Privacy Commissioner Timothy Pilgrim says he’s asked Google to have an independent third party confirm the data’s deletion. Evans said Google is willing to destroy the disk and has apologised for the mistake.
Full Story

PRIVACY LAW—AUSTRALIA

AG Would Consider a Privacy “Cause of Action” (October 11, 2012)

The Sydney Morning Herald reports the ACT could become the only Australian jurisdiction in which citizens can sue for breach of privacy. Attorney-General Simon Corbell says if he’s re-elected, ACT Labor will consider a “statutory cause of action,” allowing individuals to seek compensation in cases of data breaches. It would be the first civil remedy offered by an Australian government for privacy invasions. Corbell says a cause of action would be a “practical additional mechanism” to protect privacy and may help to “establish social norms as to what is acceptable and unacceptable behaviour, particularly in relation to the use of new technologies.”
Full Story

BIOMETRICS—AUSTRALIA

Banks Consider Move to Biometric Security (October 11, 2012)

Australian banks are considering biometric security systems to improve customer experience and eliminate the need for plastic cards, but privacy concerns may make consumers wary, reports Technology Spectator. With movies highlighting ways to circumvent biometric systems and concern that companies may sell customers’ biometric data, it is unclear what the consumer response will be. Former Privacy Commissioner Malcolm Crompton, CIPP/US, pointed out in a 2003 speech that dependant upon implementation and use, biometric technologies can either be privacy enhancing or privacy invasive.
Full Story

PERSONAL PRIVACY—NEW SOUTH WALES

Concerns Persist on Pubs and Clubs’ Data Collection (October 11, 2012)

Civil libertarians are raising concerns about a new system to store individuals’ details at pubs and clubs, ABC News reports. In an effort to curb violence, establishments in Sydney’s Kings Cross will scan patrons’ IDs as they enter. Cameron Murphy of the New South Wales Council for Civil Liberties has concerns about the plan. “I wouldn’t be comfortable handing over my ID,” he said. “We know that a licence on its own is enough for somebody to use to commit identity theft and fraud.” Australian Privacy Commissioner Timothy Pilgrim has raised concerns about pubs and clubs’ collection of personal information following complaints from patrons.
Full Story

ONLINE PRIVACY

Officials, DAA and Microsoft Battle Over DNT (October 11, 2012)

The Digital Advertising Alliance (DAA) has responded to Microsoft’s new default-on do-not-track (DNT) browser, saying it is not an appropriate standard for customers, reports The Next Web. But Sens. Joe Barton (R-TX) and Edward Markey (D-MA) say the DAA is putting “profits over privacy.” Microsoft is holding its ground, citing a study of its customers that showed 75 percent want the company to turn DNT on for them. Meanwhile, EU Digital Agenda Commissioner Neelie Kroes is voicing her concern about the delay and the “turn taken” in the discussions at the World Wide Web Consortium, which missed a June deadline to come up with a better system for DNT.
Full Story

DATA PROTECTION—HONG KONG

PCPD Reports Violations in Loyalty-Card Programs (October 11, 2012)

Privacy Commissioner for Personal Data Allan Chiang has released investigation reports saying three companies violated customers’ privacy by collecting their Hong Kong Identity Card or passport numbers for a loyalty program, reports The Standard. The numbers were collected in order to create default passwords for the programs’ online services and, according to Chiang’s report, the practice amounts to unnecessary and excessive collection. Citing increased public awareness due to the “Octopus incident,” Chiang said, “I expect that corporations in Hong Kong should have learnt a lesson and paid more attention to data privacy regulations.”
Full Story

PRIVACY LAW—PHILIPPINES

Court Suspends Cybersecurity Law (October 10, 2012)
The Supreme Court of the Philippines has suspended the Cybercrime Prevention Act of 2012, reports The New York Times. The government will respond to 15 petitions filed in opposition to the law, which critics have said could lead to imprisonment for sharing social media posts, the report states. The law “establishes penalties for various computer-related crimes, including child pornography, identity theft, online fraud and illegally accessing computer networks.” One senator called the law’s temporary suspension “the first victory in our battle to defend our freedom and right of expression.” (Registration may be required to access this story.)

ONLINE PRIVACY

Exploring the Privacy of Private Messages (October 5, 2012)

The Wall Street Journal reports on a recent online video allegedly showing that Facebook scans links sent via private messages and registers them as though the user “likes” the page sent. “It’s just one example of how online messages that seem private are often actually examined by computers for data,” the report states, adding, “it is not clear from Facebook’s data use policy that regular users would expect links in their messages to be scanned this way.” Facebook has responded that “absolutely no private information has been exposed,” and users’ privacy settings were not affected. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—AUSTRALIA

ASIC Calls for Additional Phone-Tapping Authority (October 4, 2012)

Greg Tanzer, commissioner of the Australian Securities and Investments Commission (ASIC), has called for greater phone-tapping authority to help stymie financial fraud and insider trading, The Australian Financial Review reports. Tanzer said law enforcement agencies are prohibited from sharing data that could be beneficial to the ASIC “because of restrictions in the Telecommunications Interception and Access Act,” adding, “We consider that situation to be highly inefficient and unjustifiable in principle.” The proposal may raise civil liberty and privacy concerns, the report states. Acting Victoria Privacy Commissioner Anthony Bendall recently said phone call and Internet data retention proposals are “characteristic of a police state.”
Full Story

DATA LOSS—NEW ZEALAND

ACC Breach Victims To Sue (October 4, 2012)

Some victims of the Accident Compensation Corporation’s (ACC) recent breach plan to sue the company in hopes of a higher payout than the proposed $250 that came from ACC with a requirement to sign a confidentiality clause, reports Stuff.co.nz. While class-action claims are not possible in New Zealand, the victims’ lawyer says one positive outcome sets a precedent, forcing the ACC to settle with all other claimants or face them in court individually—racking up court costs. Meanwhile, Inland Revenue Department is apologising for releasing the personal details of about 30 customers and, in light of ACC’s incidents, a Labour spokesman is concerned it may be “just the beginning.”
Full Story

PERSONAL PRIVACY—AUSTRALIA

Commissioner: Nightclubs’ Data Collection Raising Concerns (October 4, 2012)

Privacy Commissioner Timothy Pilgrim says his office is receiving an increasing number of complaints from nightclub patrons being asked to hand over their personal information in order to enter, reports The Sydney Morning Herald. Pilgrim says the clubs need to tell customers what they’re doing with the data, why they’re collecting it and give them access to it; however, Victoria’s acting commissioner says privacy principles are unclear on businesses’ responsibilities if their annual turnover is less than $3 million per year. While Pilgrim has investigated some clubs and says if he finds breaches he will use his powers, the Australian Privacy Foundation says he’s not doing enough.
Full Story

PRIVACY LAW—AUSTRALIA

Pilgrim on Drones and Privacy Tort Laws (October 4, 2012)

While Privacy Commissioner Timothy Pilgrim awaits two laws currently in Parliament that would increase his powers to protect personal data, he questions whether the nation has “a full suite of laws” to cover private drone use. “We have to look at the laws and see if they are keeping up with technology,” Pilgrim said, noting the federal government lacks a coherent response to emerging technologies. The Canberra Times reports that the Gillard administration released a paper in 2011 about people’s right to sue for privacy, and Pilgrim says, “I think there is a strong argument for it to be considered.”
Full Story

BIOMETRICS—AUSTRALIA

Committee Chair Warns of ID Fraud (October 4, 2012)

The chairman of the Biometrics Institute’s Australian privacy committee has expressed concern about the use of biometric scanners in insecure environments, The Sydney Morning Herald reports. Terry Aulich warned there are “hundreds if not thousands” of identity fraudsters in Australia, saying, “Once you get that technology at a cheap price and it’s going to pubs and clubs, it could fall into the wrong hands…We don’t want it to move into areas where there isn’t appropriate security alongside it.”
Full Story

DATA LOSS—AUSTRALIA

Australia Post Site Breach May Violate Privacy Code (October 4, 2012)

A flaw on Australia Post’s website may have breached the country’s privacy code, news.com.au reports. The flaw exposed the names and addresses of Australia Post’s “Click & Send” service customers, who were able to view the names, addresses and invoices of other customers by changing one or two of the digits in their six-digit shopper ID. “Customers who use the service have been notified via the online site,” said an Australia Post spokesperson, adding that the service has been temporarily disabled.
Full Story

SOCIAL NETWORKING

Facebook Launches Help Center, Talks with Commissioner (October 4, 2012)

Facebook has redesigned its help center and dashboard to help users understand privacy settings, The Washington Post reports. Launched Tuesday, the center aims to help users manage their privacy settings and read about changes to the site, the report states. Meanwhile, the French data protection authority has said Facebook users’ privacy was not breached last week following concerns that private messages were being posted on public profiles. The company says it is in talks with the Australian Privacy Commissioner on the same topic, according to The Australian.
Full Story

DATA PROTECTION—HONG KONG

Chiang Publishes Guidance for Outsourcing (October 4, 2012)

Hong Kong Privacy Commissioner for Personal Data (PCPD) Allan Chiang has published a leaflet with information on new legal obligations for data users outsourcing the processing of personal data to third parties. A PCPD press release outlines the contents of the leaflet, including obligations of data users, ways to comply with the requirements, good practice recommendations and redress for data subjects. Chiang also said that while he “would like to have the power to directly regulate the data processors and sub-contracting activities,” the administration opted for indirect regulation. “We may need to consider reviewing the effectiveness of this indirect regulation approach in due course,” Chiang said.
Full Story

PERSONAL PRIVACY—MALAYSIA

Opinion: Where To Draw the Line on Gov’t Data Sharing (October 4, 2012)

Sri Narayanan writes for FutureGov about the convergence of citizens’ privacy rights and data sharing between government agencies. “One would assume that interagency data sharing to improve efficiency would be a welcomed—if not necessary—feature of government. But at its core, the issue is prickly because it encroaches on a citizen’s right to privacy and his/her ownership of the data.” Contrasting the approaches in Asia and the UK, Narayanan says participants in a briefing on data centre consolidation were not concerned with the technical hurdles of data sharing but questioned the ability to ensure data security.
Full Story

CLOUD COMPUTING

Breaches in the Cloud Have Unique Challenges (October 4, 2012)

In his article for The Privacy Advisor, attorney Thomas Shaw, CIPP, outlines the risks of cloud computing, how to evaluate those risks and how to respond to breaches when they occur. Noting that breach notification laws differ globally, Shaw outlines a series of questions to guide breach responses for data held in the cloud, including who is responsible for reporting the breach, to whom should the breach be reported, how does the cloud service provider know a breach has occurred and what type of evidence should be kept. “With data breaches, all cloud consumers should take the approach that the question is not if they will happen but when—and will I be ready?” Shaw writes.
Full Story

PRIVACY LAW—MALAYSIA & SINGAPORE

Exploring the State of the PDPA (October 1, 2012)

Singapore recently had its first reading of its Personal Data Protection Act in Parliament, prompting Hariati Azizan of The Star Online to query when Malaysia’s Personal Data Protection Act (PDPA) will be enforced. Malaysia's Information, Communications and Culture Minister Datuk Seri Dr Rais Yatim announced in February that the PDPA would be enforced by the middle of 2012. According to the report, enforcement details will be supplied by the ministry “as early as next month.” Meanwhile, a Malaysian government representative said, “Even though the PDPA has not been enforced yet, there are other relevant laws that can be used to take action against the offenders…”
Full Story