ANZ Dashboard Digest

Putting its regard for privacy compliance to the fore, the iappANZ Board has this week taken the decision to opt in to the obligations of the new privacy legislation. You will see our new privacy policy, and we welcome any comments as it has been a collaborative effort by some of Australia’s finest privacy minds. We understand that the privacy commissioner will be talking about ways to improve organisations’ privacy policies at the OAIC Privacy Awareness Week Breakfast, so if you are revising yours, it is an event not to be missed. In news this week you will also see that AMSRO has also applied to register a non-mandatory code of practice.

Now that 12 March is over, we are starting to see less of the doomsday reports and more of the innovation which the OAIC encourages. We expect plenty of new ideas in Privacy Awareness Week in May. We are delighted to confirm that the deputy chair of the ACMA will be joining the ALRC and OAIC representatives in our Great Debate on Australia’s direction on serious invasion of privacy in the digital age.

The article by Brenda Aynsley OAM this week, “Sharing the Values to match the technology,” presents a fascinating counterpoint to the call by Tim Berners-Lee and the World Wide Web consortium in their “Web We Want Campaign.” Aynsley examines the important distinction between “trusted” providers and “trustworthy” providers. Trustworthiness is critical because technology projects continue to have one of the highest rates of failure—failure to deliver on promises, on time, on budget—or all three. Risks such as those presented internationally by Heartbleed or the CDA security breach, which threatens the Personally Controlled Electronic Health Record, mean that the concept of trustworthy will become increasingly significant for privacy professionals that either develop or procure technology. Then, of course, as the story on the use of biometric facial recognition technology in Japan shows, trustworthiness in the party deploying the technology is vital. It will be interesting to hear from Tim Rains on trustworthy computing in Privacy Awareness Week. Hope to meet you there.

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

PRIVACY IN CONTEXT

Tell the Authors: What Should We Expect? (July 31, 2013)

In response to The New York Times’ story describing the arrival of our “contextualized” existence—brought forth by predictive search apps—IAPP President and CEO Trevor Hughes, CIPP, asks how we can manage such contextualized environments. At the IAPP Privacy Academy, Robert Scoble and Shel Israel will provide a keynote on their upcoming book on our contextual future and are asking for input on what we should expect with regard to privacy. You are invited to share comments on privacy in context in our Privacy Perspectives discussion to help Scoble and Israel finish their book.
Full Story

HEALTH PRIVACY

The Digital Health Revolution: Promises and Privacy Concerns (July 31, 2013)

The move to electronic health records has been underway for years but has picked up considerable steam of late. Accompanying this sea change are technologies that bring both the promise of increased efficiency and quality of healthcare as well as concerns about the protection and appropriate use of sensitive and personal information. Join Proteus Digital Health Co-Founder and CMO George Savage, Field Fisher Waterhouse Partner Phil Lee, CIPP/E, CIPM, and CDT Health Privacy Project Director Deven McGraw in an IAPP web conference exploring the benefits and risks involved in processing data with a fascinating new technology and its creators’ preemptive moves to address privacy issues.
Full Story

INTERNET OF THINGS

Privacy and the Quantified Self (July 31, 2013)

Deutsche Welle reports on the Quantified Self Movement, noting that many users in Europe log and upload their personal information to the cloud, which raises privacy and data protection concerns. One developer said, “You have to distinguish between a fitness tracking application and wearable sensors and health sensors,” adding, “These fitness tracking apps, and their data, are not as sensitive as diabetes data, and they are also treated differently by the regulatory bodies.” Meanwhile, Venture Beat reports on Saga, a “life-blogging app,” used to passively capture data about users’ daily activities “to learn about your habits and preferences and track your behavior over time.”
Full Story

TRAVELERS’ PRIVACY—JAPAN

Railway Company Apologies for Sharing PII (July 30, 2013)

Japan’s national railway system has apologized for sharing its passengers’ travel habits and other personal information with a pre-paid fare card system without user consent, The Wall Street Journal reports. East Japan Railway admitted to selling the data to Suica—one of the pre-paid card businesses. The data included card holders’ ID numbers, ages, genders and where and when passengers got on and off the train. A transportation ministry official, however, said they will not investigate the issue for privacy violations because the railway company “told us that it wasn’t personal information, as it didn’t include names and addresses of users.” The Ministry of Internal Affairs and Communications is looking into the issue and has set up a team to research the matter, the report states. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Mozilla Unveils Personalization Project, Catches Flak (July 26, 2013)

Mozilla yesterday announced on its Labs blog it has begun testing a new personalized browsing experience with Firefox, whereby users choose with which Web sites to share which PII in exchange for personalized content. Elsewhere, the company explained how this fits with its philosophy of “Personalization with Respect.” However, while TechCrunch noted this is still just in the testing stages, AdWeek called the announcement “ironic” in light of the company’s Do Not Track stance, and lined up advertising representatives to say worse: "So the takeaway is that it's OK for Mozilla to track, but not third parties?" asked Alan Chapell, CIPP/US, of Chapell & Associates, co-chair of the Mobile Marketing Association's privacy committee.
Full Story

SURVEILLANCE—AUSTRALIA

Australian Gov’t Considers Joining Merkel’s Agreement (July 25, 2013)

The Australian government is considering participating in a global data protection agreement put forward by German Chancellor Angela Merkel following revelations of the U.S. National Security Agency’s (NSA) PRISM surveillance program, ZDNet reports. A spokesperson for Attorney-General Mark Dreyfus said the government supported “protection of communications and personal information held by private- and public-sector organisations,” but noted a balance needs to be struck between citizens’ privacy and national security. Meanwhile, Australian Federal Police Commissioner Tony Negus says there is no link between the NSA revelations and Australia’s push for a mandatory data retention regime.
Full Story

SURVEILLANCE—NEW ZEALAND

Controversy Surrounds GCSB Changes (July 25, 2013)

United Future leader Peter Dunne expressed support for changes to the Government Communications Security Bureau (GCSB) amendment bill, but some are concerned the changes “do not address flaws,” The New Zealand Herald reports. Rodney Harrison, QC, said the bill is “rushed, ill-concieved and downright dangerous legislation,” adding that the bill's provisions “unnecessarily broaden the function and power of the GCSB.” In an op-ed for The Herald, Toby Manhire writes about reactions to the legislation.
Full Story

DATA PROTECTION—AUSTRALIA

Opinion: Breach Notification “Would Bring Benefits” (July 25, 2013)

Proposed data breach notification legislation in Australia “would bring benefits to both business and the community,” according to Teresa Corbin, head of the Australian Communications Consumer Action Network. In an opinion-piece in The Sunday Morning Herald, Corbin blasts opponents of the proposed law for trying to dodge breach notification, noting that “it is individuals who are the victims of personal information breaches.” Corbin sayds the bill has been a long time coming--more than five years since a review of the nation’s privacy laws. The column comes in response to a column by Jodie Sangster, chief executive of the Australian Direct Marketing Association, calling the proposed data breach notification law a jobs-killer.
Full Story

MOBILE PRIVACY

DAA, NAI Each Release Mobile Privacy Rules (July 25, 2013)

The Digital Advertising Alliance (DAA) has unveiled its long-anticipated mobile privacy code. The rules state that ad networks and other related third parties should provide notification for online behavioral advertising—also known as cross-app advertising—with a provided opt-out. Additionally, ad networks and app developers must obtain opt-in consent from users for geolocation and address-book data collection, MediaPost News reports. The grace period for implementation is expected to be nine to 12 months, potentially longer. The DAA is also working on an AdChoices opt-out icon for mobile apps. DAA counsel Stu Ingis said, “We envision that there will be an app that has the AdChoices icon in it, that consumers can download…Through the app, consumers can exercise choice with respect to all of the third parties.” The Network Advertising Initiative has released its final version of mobile privacy rules as well.
Full Story

PRIVACY RESOURCES

Help with Privacy Impact Assessments (July 25, 2013)

The IAPP online Resource Center has templates, checklists, samples, long forms, short forms, event presentations, guidance—even an evaluation of guidance documents…pretty much anything you need to get going on your own privacy impact assessment. Check out the IAPP member-only resource Close-Up: Conducting a Privacy Impact Assessment. (IAPP member login required.)
Read Now

PRIVACY IN POPULAR CULTURE

Dressing To Beat Big Brother (July 24, 2013)

Sitting in the closing “Quiz Show” session at the IAPP Canada Privacy Symposium a couple of months back, Ontario Privacy Commissioner Ann Cavoukian got a bit of a laugh with her call for “privacy glasses” or other “Star Trek”-like privacy technology to defeat Google Glass and other wearable computing technologies that might make covert surveillance omnipresent. But wearable privacy technology is already here and hardly a joke (though it is sort of funny).
Full Story

ONLINE PRIVACY

Germany Wants UN Privacy Charter (July 24, 2013)

In response to the NSA disclosures, senior German government officials are lobbying for expansion of the 1966 UN human rights treaty to cover modern forms of communication such as e-mail and social networks, the Associated Press reports. German foreign and justice ministers sent a letter—which was released more broadly on Wednesday—to their European Union counterparts last week: “We want to use the current debate to launch an initiative that would outline the inalienable privacy rights under current conditions.” The letter also suggests convening all 167 parties to the International Covenant on Civil and Political Rights. German data protection authorities have also called for suspension of a key data-sharing agreement between the EU and U.S.
Full Story

INTERNET OF THINGS

Researchers Hack Into Car Computer (July 24, 2013)

Forbes reports on the work of two security experts who have demonstrated how they can hack into an automobile’s computer network to control essential functions, including shutting off the brakes. Charlie Miller, a security engineer at Twitter, and Chris Valasek, an intelligence security director at IOActive, have received a grant from the Pentagon to discover security vulnerabilities in automobiles. “When you lose faith that a car will do what you tell it to do,” Miller said, “it really changes your whole view of how the thing works.” Miller and Valasek plan to share their finding at next month’s Defcon hacker meeting in Las Vegas. A representative from Toyota said the real concern isn’t physically hacking into a car, as the duo have done, but wirelessly hacking into a car. “We believe our systems are robust and secure,” the representative said.
Full Story

PRIVACY ENGINEERING

Communicating Data Collection to Brick-and-Mortar Consumers (July 23, 2013)

In this Privacy Perspectives post, Ilana Westerman and Gabriela Aschenberger, both of Create with Context, explore consumer perceptions of how their data is collected while shopping in brick-and-mortar retail stores. According to their research, only 33 percent of consumers surveyed realized their location data was being collected in participating stores. “The resulting design challenge,” they write, “is to communicate to consumers that data is being collected, provide controls if consumers care to opt out and showcase how data collection can create value for the consumer.”
Full Story

PRIVACY COMMUNITY

Should We Be Thinking of Data as the New Oil? (July 22, 2013)

Big Data is driving the information economy, giving it the increasingly common moniker of "the new oil.” For data artist Jer Thorpe, such a comparison may not be such a good thing. Thorpe was among several artists who presented new ways of visualizing data at the IAPP’s “un-conference,” Navigate. This Privacy Perspectives post, which includes video of his presentation, explores Thorpe’s call for changing the conversation around data.
Full Story

ONLINE PRIVACY

W3C To Miss July Deadline for DNT (July 22, 2013)

The World Wide Web Consortium (W3C) will not meet its “last call” deadline for putting out a Do-Not-Track proposal for public comment, MediaPost News reports. W3C Co-Chair Peter Swire, CIPP/US, said, “There is not a way to get to last call by the end of July,” adding, “Next Wednesday, we will have a discussion about where we are and next steps.” According to the report, the group still has the opportunity to work on the proposals, but “the talks have turned so acrimonious that it seems unlikely the group will ever agree” on a Do-Not-Track standard for headers sent to browsers.
Full Story

ONLINE PRIVACY

Are Consumers Changing Their Browsing Habits? (July 22, 2013)

The Associated Press reports on the changing browsing habits of consumers in light of the recent NSA disclosures. Meanwhile, a new browser add-on has been introduced on Monday that aims to shield consumers from data mining by preventing users from disclosing contact information, CNET News reports. MaskMe, created by Abine, creates and manages “dummy” accounts for a user’s e-mail, phone number, credit card and website logins. According to the company, consumers tend to lose out in the “data-for-service exchange,” while companies win. Abine’s Sarah Downey said, “The real lesson is, 'Stop: Don’t give out your personal information.'”
Full Story

SURVEILLANCE—AUSTRALIA

FBI Accesses Telstra (July 18, 2013)

The Sydney Morning Herald reports that Telstra, more than 10 years ago, agreed to store electronic communications it transmitted between Asia and the U.S. in a secret agreement with the U.S. Federal Bureau of Investigation and Department of Justice. As of last Friday, Telstra did not disclose if it has had or currently has similar agreements with other intelligence agencies. Greens Sen. Scott Ludlam said the agreement was “an extraordinary breach of trust, invasion of privacy and erosion of Australia’s sovereignty.” Some telecommunications specialists, however, have said Telstra had no choice but to comply.
Full Story

SURVEILLANCE—NEW ZEALAND

Calls to Curb GCSB Amendment (July 18, 2013)

Privacy Commissioner Marie Shroff has urged a delay of the passage of the Government Communications Security Bureau (GCSB) Amendment Bill, The New Zealand Herald reports. Though her office “has no mandate to comment on the collection and use of data by intelligence agencies,” Shroff said, “Effective oversight is required to ensure that it is collected and used appropriately, not as the tool of mass surveillance that it has the capacity to be, if unchecked.” The bill would expand the legal powers granted to New Zealand intelligence agencies. Other groups, including the Human Rights Commission, are also saying that the GCSB’s powers should be “demonstrably necessary and justified.”
Full Story

DATA PROTECTION—AUSTRALIA

Opinion: Is Mandatory Breach Reporting a Job Killer? (July 18, 2013)

For ADMA Chief Executive Jodie Sangster, the proposed mandatory data breach notification legislation may not be the answer. In a column for The Sydney Morning Herald, Sangster notes there is not “a clear definition of ‘serious harm’ in the legislation…(which) will likely cause organisations to adopt the most risk-averse internal policy setting.” As a consequence, there will be “over-reporting of relatively minor data errors” and “those with the most sophisticated data-management systems” will get penalised, while small- to medium-sized businesses will take a “hear no evil, see no evil” approach, she writes.
Full Story

SURVEILLANCE—QUEENSLAND

Melbourne Road Imaging Project, Privacy Invasion? (July 18, 2013)

The City of Melbourne has contracted a company to “capture and deliver” 3D imagery using car-mounted video cameras to aid in maintaining public roads, The Sydney Morning Herald reports. One resident, however, says the cameras are peering over fences into private yards and "could see what was happening in everybody's backyard along there…It's a total invasion of privacy.” According to a city spokesperson, the project hasn’t been publicised because it is “intended to capture City of Melbourne assets and property frontages visible from public roads only…Community privacy is protected as the images are not being made available to the public and are only being for used for council purposes."
Full Story

BYOD

Survey: Employees Mistrust Policies; Some Orgs Don’t Have Them At All (July 18, 2013)
An online survey of almost 3,000 employees in the U.S., UK and Germany showed that when it comes to “bring your own device (BYOD),” only 30 percent said they trust their employer to keep personal information private and not use it against them, The Telegraph reports. The survey indicated a level of confusion over what constitutes personal information. Meanwhile, ZDNet cites Acronis' 2013 Data Protection Trends Research report indicating the majority of Australian organizations don’t have a BYOD policy and 33 percent don’t allow personal devices into the corporate network.

CLOUD COMPUTING

Get Some Guidance in the Resource Center (July 18, 2013)

“Businesses continue to be responsible for protecting their customers’ data, regardless of the cloud services they may engage,” write Megan Brister and Alain Rocan, CIPP/C, in their exclusive for The Privacy Advisor. If you’re considering using—or you’re already using—cloud computing, take a look at the tools, guidance and articles in the IAPP’s Close-Up: Cloud Computing to make sure you’re covering your bases. With guidance from organizations including the UK ICO, NIST, PCI DSS and the Cloud Security Alliance, as well as IAPP exclusive content, you’ll find the information you need to make the best choices for your data. (IAPP member login required.)
Read More

ONLINE PRIVACY

What Thriving Cities Can Teach Us About Online Privacy (July 17, 2013)

Pointing to Edward Glaeser’s book, Triumph of the City: How our Greatest Invention Makes Us Richer, Smarter, Greener, Healthier and Happier, David Hoffman, CIPP/US, equates the Internet to “myriad ‘virtual cities'” in its need for policies that protect individuals but also foster collaboration and innovation. “Given the close connection between our online and physical interactions, there is much we can learn about encouraging successful online collaboration and innovation from the policies that have supported growth of the world’s great cities,” Hoffman writes for Privacy Perspectives.
Full Story

PRIVACY LAW—ASIA

Asia Pacific Privacy and Data Protection: Recent Developments (July 17, 2013)

Just a few years ago there were only a few Asia Pacific countries with standalone data protection or privacy laws in force. The landscape, however, is changing, with an increasing number of jurisdictions introducing new laws and regulations—and changing existing ones—and more are sure to follow. Ken Chia, CIPP/IT, and Jacqueline Wong of Baker & McKenzie, and James Kim at Kim, Choi & Lim, are putting together a free teleconference for IAPP members, looking at new responsibilities and requirements your organization must undertake in this part of the world. Click through to register and get your questions answered.
Full Story

GENETIC PRIVACY

Debate Lacking in Nascent DNA Collection (July 16, 2013)

The Associated Press reports on the flourishing collection of DNA by governments around the world and the lack of public debate about the privacy and ethical issues raised by such collection. Yaniv Erlich of MIT’s Whitehead Institute for Biomedical Research said there is a lot of upside to having DNA databases, but said, “our work shows there are privacy limitations.” Others have warned of “mission creep” where law enforcement use DNA to gather data on racial origins, medical history and psychological profiles. A University of Baltimore forensics professor said, “There’s got to be a debate… Do we want to have a society where 5 percent of the crime is unsolved, or do we want to have a society where 100 percent of the crime is solved" but privacy goes extinct? "What's the trade-off?"
Full Story

ONLINE PRIVACY

Industry’s Proposed DNT Solution Stirs Controversy (July 15, 2013)

AdAge reports on a recent proposal from the ad industry on the Worldwide Web Consortium’s Do-Not-Track signal that would allow firms to continue collecting data on users even after a user opted out of tracking. The tradeoff is that the firms would agree to strip the data of certain information. One expert says such a proposal “ignores the fact that if you collect multiple data points about a unique identifier, you can eventually determine…personal characteristics.” Mike Zaneis of the Interactive Advertising Bureau (IAB) said IAB publishers have seen the number of users sending Do-Not-Track signals “creeping up” to about 20 percent “because anybody could send a DNT flag.” But Mozilla Chief Privacy Officer Alex Fowler has asked for proof on those numbers.
Full Story

PRIVACY LAW

Regulating Technology or Behavior? (July 12, 2013)

“An absolute certainty on which everybody seems to agree is that legislating takes longer than programing,” writes Eduardo Ustaran, CIPP/E, in this Privacy Perspectives blog post. According to one survey, the average time it takes to develop a mobile app is less than five months. “However you look at it, it is difficult to imagine a law being devised, crafted and passed at the same speed at which software developers and engineers do their work,” Ustaran writes, adding, “but whilst technology is always changing, there is something that has not really changed that much for thousands of years: human behavior.”
Full Story

CLOUD COMPUTING—AUSTRALIA

Gov’t Releases Cloud Security and Privacy Requirements (July 11, 2013)

CIO reports that the federal government has issued provisions for public-sector agencies using the cloud. Attorney-General Mark Dreyfus said the requirements will assist government agencies with deciding where to store personal information and will require them to seek government approval prior to storing personal information in the cloud. Dreyfus said, “This is to ensure that sufficient measures have been taken to mitigate potential risks to the security of that information.”
Full Story

HEALTHCARE PRIVACY—NEW ZEALAND

Four Health Workers Fired for Unauthorised Access (July 11, 2013)

MidCentral District Health Board (MDHB) has announced that four staff members have been sacked for inappropriately accessing files, Stuff.co.nz reports. MDHB Deputy Chief Executive Mike Grant said staff members with access “read and complete a comprehensive declaration of confidentiality.” Grant added, “We have implemented a privacy awareness programme to reiterate confidentiality requirements and are upgrading our electronic records system, with patient privacy being an express and important factor."
Full Story

BIOMETRICS—NEW ZEALAND

Facial Recognition for Problem Gamblers Raises Concern (July 11, 2013)

The Department of Internal Affairs has expressed concern that facial recognition technology for problem gamblers in casinos raises privacy issues, Radio News Zealand News reports. The maker of the technology said it’s an opt-in system, but some say some kinks need to be worked out within the system before rolling it out more widely, and there are concerns about who has access to the database that stores the images.
Full Story

DATA LOSS

Breaches Abound in the U.S., UK and Online (July 11, 2013)

Across the U.S. and the UK, data breach incidents, investigations and litigation have been making headlines, and, globally, a videogame maker has reported a breach that may have affected four million of its users. The Privacy Advisor highlights some of the top data breach stories from the past week and includes links to insights on breach trends and how to address a breach if it happens.
Full Story

DATA LOSS—JAPAN

Incorrect Privacy Settings Reveal Internal Gov’t Memos (July 11, 2013)

Japanese government officials and journalists have mistakenly revealed internal memos, draft stories and interview transcripts by reportedly using the incorrect privacy settings in Google Groups, ZDNet reports. Yomiuri Shimbun, a Japanese newspaper, reports it found more than 6,000 cases where public or private organizations revealed nonpublic information, including hospital records, via the wrong privacy settings.
Full Story

ONLINE PRIVACY

Expert: Kids Revel in Online World Because It Feels More Private Than Offline (July 10, 2013)

In an interview with The Guardian, Microsoft researcher danah boyd discusses some of her work. Boyd says she’s frustrated when people assert that kids don’t care about privacy. “It's just that their notions of privacy look very different than adult notions," she says. "Kids don't have the kind of privacy that we assume they do. As adults...we think of the home as a very private space...The thing is, for young people it's not a private space—they have no control. They have no control over who comes in and out of their room, or who comes in and out of their house…the online world feels more private because it feels like it has more control."
Full Story

PRIVACY COMMUNITY

IAPP Resource Center Gets an Upgrade (July 9, 2013)

Check out the latest iteration of the IAPP’s online Resource Center. In our efforts to “define, promote and improve the privacy profession globally,” we are working hard to improve usability and expand our offerings to help you do your job more efficiently. We now have “Close-up” pages that offer tools and research to tackle big issues like BYOD, creating organizational privacy policies and programs, conducting privacy impact assessments and more. The new look is already getting great feedback; let us know what you think—or if there’s something you need, tell us and we’ll do our best to get it. We add new resources all the time, so check back often and stay tuned, there are more changes to come.
IAPP Resource Center

SOCIAL NETWORKING

Facebook Rolls Out Graph Search to Millions (July 8, 2013)

Several hundreds of millions of people will have access to Facebook’s Graph Search beginning this week, six months after its beta testing. Tech Crunch reports on the tool, which is “designed to take any open-ended query and give you links that might have answers,” according to Facebook CEO Mark Zuckerberg. Upon its initial release, the tool prompted concerns that it would compromise the privacy rights of minors. It “makes paying attention to privacy settings much more important if you don’t want embarrassing photos from years ago dredged up or your public contact information scraped,” the report states.
Full Story

BEHAVIORAL TARGETING

A Tracking Method That Privacy Advocates Like? (July 5, 2013)

Twitter will begin using cookies to track users and deliver advertising, but because its program abides by Do-Not-Track settings and has a clear opt-out, privacy advocates are praising it, PC Pro reports. An Electronic Frontier Foundation activist said in a blog post, “We think Twitter is setting an important example for the Internet: It is possible to exist in an ecosystem of tailored advertisements and online tracking while also giving users an easy and meaningful opt-out choice." Meanwhile, Vine, a video-sharing site owned by Twitter, has added privacy settings to its services—including the ability to make Vines private.
Full Story

PRIVACY LAW—AUSTRALIA

Senate Fails To Pass Breach Notification Reform Before Break (July 3, 2013)

The Australian Senate has failed to pass mandatory data breach notification reform laws, which were expected to go into effect by March of next year. The Senate has now taken its break until the next election. The proposed law was described by the Australian Law Reform Commission in 2008 as a “long-overdue measure,” Business Spectator reports. The Senate did pass laws last week requiring commonwealth public officials to report suspected wrongdoing, reports The Register. Meanwhile, a new report says that many Australian data-driven firms are using consumer data to support existing beliefs rather than “achieve fresh insights.” Financial Review cautions that the bill’s failure “should not let companies off the hook.”
Full Story

SURVEILLANCE—AUSTRALIA & NEW ZEALAND

Whitepaper, Experts Offer Spying Insights, Opinions (July 3, 2013)

Lawyers Weekly reports on a new whitepaper by Baker & McKenzie’s Adrian Lawrence and the University of New South Wales Cyberspace Law and Policy Centre’s David Vaile exploring issues around data sovereignty and the cloud in the wake of U.S. National Security Agency reports. “We’re not suggesting we’re going from blissful ignorance to blind panic about data jurisdiction in one jump,” said Vaile. Their whitepaper suggests, “U.S. authorities will not apply particular self-restraint in scenarios involving foreign jurisdictions and U.S. interests” and includes ways Australian data can be accessed if hosted in the U.S. rather than Australia. Meanwhile, Kim Dotcom, speaking at a New Zealand Institute of IT Professionals event, said, "If the truth would come out and you would all know what they are already doing today on a massive scale against New Zealand citizens, you would be devastated.” In a feature for The New Zealand Herald, Paul G. Buchanan writes that when it comes to the GCSB bill, "An inquiry into the NZ intelligence community is needed before new legislation.”
Full Story

PRIVACY LAW—AUSTRALIA

Privacy Act Changes Impact Media, Security (July 3, 2013)

Changes to the Privacy Act mean digital media outlets must be transparent about the type of data they collect on individuals and the way that they use it or face fines of more than $1 million, reports ABC. A PriceWaterhouseCoopers report outlines the challenges this may pose as traditional, and struggling, print media moves into the mobile and social networking sphere. David Wiadrowski of PriceWaterhouseCoopers says that just managing “this huge digital footprint” poses a challenge for companies, and “the onus on companies to be more open and more transparent about how they're managing the consumers' data is becoming very, very important.” Meanwhile, Gartner Australia Research Director Rob McMillan suggests the changes could also mean a shift in security spending.
Full Story

HEALTHCARE PRIVACY—NEW ZEALAND

Hospital Staff Facing Disciplinary Action (July 3, 2013)

APNZ reports that staff members from three district health boards (DHBs) are facing disciplinary action after they inappropriately accessed a cricketer’s medical records. “Four staff members were working at Canterbury DHB, one at South Canterbury DHB and two at West Coast DHB,” the report states, noting Canterbury DHB Chief Executive David Meates confirmed three of his staff members are facing disciplinary action. Meates said the DHB has apologised to the individual whose records were accessed, adding, “This incident is unacceptable...It is, however, reassuring that our system of checks and balances has worked in bringing this to our attention.”
Full Story

ONLINE PRIVACY

Do-Not-Track Continues To Spark Fires (July 3, 2013)

Microsoft’s newest version of Internet Explorer (IE) allows users to grant permission for specific websites to log their movements, IT Pro reports. IE11 was debuted in the Windows 8.1 preview last week and features a default Do-Not-Track setting with a “user-granted exceptions” option. Meanwhile, following criticism over its plans to move forward with a project to block third-party cookies in the Firefox browser, Mozilla’s Harvey Anderson said  there’s “no constitutional right that allows people to modify my computer.” The Digital Advertising Alliance has called the proposal “draconian.”
Full Story

DATA PROTECTION

Security Company Releases Privacy Product (July 3, 2013)

Symantec has released a new privacy product capable of scanning a mobile device for data an application may be leaking about the user. Norton Mobile Security for Android devices checks for “malicious applications, privacy risks and potentially risky behavior.” While Norton’s suite of mobile security products have typically focused on malicious threats, Michael Lin, vice president of Symantec Mobility Solutions, told the IAPP that this latest solution reacts to the fact that “now we are seeing threats impact mobile applications and data being shared without the user’s knowledge or consent.” This latest product aims to “protect users from these types of privacy threats as well.”
Full Story

SURVEILLANCE—QUEENSLAND

Concerns Voiced Over Mount Isa CCTV Project (July 3, 2013)

After releasing information about plans to install CCTV cameras in taxis, Mount Isa Mayor Tony McGrady says residents have expressed concerns. "Some may say it's an invasion on privacy, but we are trying to ensure our CBD and taxi ranks are able to stay a safe place for our people to be," McGrady said, adding, “There always comes a time when you need to sacrifice something.” McGrady plans to hold a meeting to discuss the next steps for the program.
Full Story

BIG DATA—HONG KONG

Experts Talk Tracking, Analytics, Transparency (July 3, 2013)

Representatives from big tech firms and Internet Society Hong Kong spoke at the World Internet Developer Summit about the privacy implications of mobile and web applications, reports The Wall Street Journal. “It used to be the case that no one knew you were a dog on the Internet,” says Postmaster at Twitter Josh Aberant, noting that these days, online tracking of customers is commonplace. SC Leung, chairman of Internet Society Hong Kong, said that while most people are aware of some data collection, much of it flies under consumers’ radar. Leung and Aberant agree that there needs to be more transparency, but Aberant acknowledges a shift has already occurred in the way companies communicate this information to customers. (Registration may be required to access this story.)
Full Story

PRIVACY

What Is Privacy in the Digital Age? (July 2, 2013)

In his most recent Privacy Perspectives installment, Phil Lee, CIPP/E, CIPM, describes his path to the privacy profession. “With privacy, I get to advise on matters that affect people, that concern right or wrong, that are guided by lofty ethical principles about respecting people’s fundamental rights,” he writes. With the growing dichotomy between regulatory mandates and “what, in practice, actually delivers the best protection for people’s personal information,” Lee challenges the privacy profession to “debate and encourage an informed consensus about what privacy really is, and what it should be, in this digital age.” Editor’s Note: For expert insights into the privacy career track and a high-level review of basic privacy laws, register for the IAPP’s web conference, Legal Privacy Primer—First Steps in a Career, to be held July 11.
Full Story

STUDENT PRIVACY

Task Force Tackles Innovation-Privacy Balance in Education (July 2, 2013)

Researchers, innovators and thought leaders all over the world are thinking about education. From danah boyd to Sugata Mitra to the Aspen Institute, they’re discussing ways the Internet, social networks, mobile media and gaming technology are affecting our youth and the way they learn. In this Privacy Advisor exclusive, Microsoft CPO and IAPP Chairman Brendon Lynch, CIPP/US, talks about the Aspen Institute’s new Task Force on Learning and the Internet--of which he’s a member. Noting the group is just beginning its exploration, Lynch says, “as schools are experimenting with their online capabilities, and as they utilize those technologies and solutions, they need to make sure they’re addressing privacy concerns that parents and children may have.”
Full Story

DATA PROTECTION—SOUTH KOREA

Presidential Office Hacked (July 1, 2013)

A hacking attack on the presidential office has resulted in the leak of 100,000 individuals’ personal information, ZDNet reports. The information includes names, birth dates, ID numbers and both online and offline addresses, the report states. Users’ registration numbers—similar to Social Security numbers—were not affected because they were encrypted. The presidential office has issued an apology and is offering compensation to those affected.
Full Story

BIG DATA

Opinion: The Few Are Benefitting From the Many (July 1, 2013)

In an opinion piece for Financial News, Ben Wright discusses the rise of Big Data and questions who owns it. To this point, such a determination has not been made, resulting in the few benefitting “at the expense of the many,” Wright opines. “The financial industry clearly needs to have an open debate about all the data it is generating and amassing. It needs to decide who owns this information, how it should be used and shared and where the balance lies between privacy and the public good.” (Registration may be required to access this story.)
Full Story