Syndicate content Subscribe to the RSS feed  › 
Privacy

The privacy conversation is not moving; The Identity Management debate is

Malcolm Crompton's picture

What is happening in the global debate on how to make it safe for individuals to share personal information (or have it shared), otherwise known as "information privacy"?  What about a significant part of this discussion, developing identity management arrangements for the 21st century that respect the individual, otherwise known as "user centric identity management"?

In my last blog entry, I mused upon whether rationality was returning to the official debate over the "war on terrorism".  I concluded that we might be turning a corner towards a more rational discussion on this issue.

Hence it was interesting to reflect on two events in which I participated earlier in October and muse upon the discussions that unfolded.  One was the 2008 International Conference of Data Protection & Privacy Commissioners.  The other was a Workshop on "ID Management in the Future Digital Society" organised by the European Commission. 

More specifically, are we making progress in the debate on how to keep personal information safe yet all share in the huge benefits from sharing it wisely in a way that respects our privacy and dignity? 

The 2008 Commissioner's Conference was held in the 'Hemicycle' main chamber of the Council of Europe in Strasbourg; the conference website is www.privacyconference2008.org.

Cloud Computing

Martin Duursma

There are several clear advantages of cloud computing for businesses - lower computing costs, increased flexibility, resilience and instant scalability. 

I would like to introduce to you an emerging IT paradigm, cloud computing. Use of Cloud computing in business is new; it's transformative and carries important implications for our business regulatory environment.

The cloud computing paradigm will have enormous impacts on data privacy and data security. We need to establish a regulatory framework for the use of cloud computing in Australian businesses. This framework needs to find a balance between the appealing productivity gains from this new technology and the risks inherent in its use.

We are already seeing concerns within the Australian context over the use of information technology on the web in general. There are clear risks.

For example, in August, the Australian Law Reform Commission (ALRC) made recommendations about "Rewriting Australian Privacy Law for the Information Age"; specifically, one of the recommendations is the "implementation of technology-neutral privacy principles, which should be supported by a technology-aware regulatory framework."

Privacy & Trust

This discussion forum sets out to generate opinions on a new approach to trust and privacy in an era of accelerating technological change. We are seeking input from a wide range of interested people. The current thinking on this project is set out in a working paper developed for the Privacy & Trust Partnership and discussed at a workshop on "Formulating a New Approach to Privacy and Trust in the Information Age", held in Sydney on 4 December 2007 at the State Library of New South Wales.

Virtualisation Technologies: Coping with Constant Change

Paul LancasterThe continued convergence of technologies for security, information management and compliance will make possible a new level of automation for IT - and organisations will be looking to IT to guide them through the process.

There has been a constant stream of change in virtualisation technologies over the past two years.

The first wave of virtualisation focused on specific platforms and hardware such as storage, servers, networks, and desktops. As virtualisation becomes commoditised, the next wave of this technology will change the way software is delivered, managed and consumed at the endpoint, thereby improving user productivity while reducing IT complexity.

Businesses need to use virtualisation to separate out valuable information, manage it easily, protect it completely and control it automatically.

In the last two years there has been a massive information explosion.

Today organisations are dealing with petabytes of data - and the amount is growing.  The amount of stored information is growing at 50 percent a year.

Information is as distributed and mobile as today's workforce. It lives in hard-to-protect unstructured formats - e-mail, spreadsheets, and instant messages.

And as SaaS grows, customers' most sensitive data will often be found in the "cloud."

No decisions can be made by customers today about the management of that data without thinking about how they would secure it as well. We are seeing that securing information and managing information are not only converging, but also being thought about as a common process.

There are a number of key trends that will shape the future approaches customers use to manage the growing volume of information.

1. The ongoing migration from tape to disk is transforming the storage arena.

Operational control is improving - and the administrative burden and manual mishaps that often occur with tape are becoming scarcer.

International Privacy - some myths exposed

Peter FordAustralian business needs to recognise its own interests in international privacy protection and take a more active part in the debate.

The recent partial endorsement by the Australian Law Reform Commission of the APEC approach to privacy protection of personal information that crosses national borders (see media statement of 11 August 2008) is likely to enliven public discussion of options for international privacy protection. Already, Chris Connolly has published a critique of APEC's accountability principle under which the exporter of personal information remains accountable for its privacy protection. ('Asia-Pacific Region at the Privacy Crossroads (2008)', Chris Connolly, Galexia).

It is this principle that, subject to some qualifications, has been adopted in the privacy report of the Australian Law Reform Commission. One of the qualifications is that the exporter should not be accountable where the laws of the receiving jurisdiction are rated as ‘adequate'.

Rating is to be done by the Australian Government which, under current administrative arrangements, means Senator Faulkner supported by the Department of the Prime Minister and Cabinet. Thus, the concept of ‘adequacy', which derives from the European Union's Privacy Directive, enters by the back door.

The Connolly article conveniently summarises the arguments put forward in public commentary on the APEC Privacy Framework. As the former chair of the working group that drafted the Framework, it appears to me that there are three underlying arguments, repeated in the Connolly article, that should not go unchallenged - that implementation of the Framework would be more burdensome than the EU approach, that the EU approach is the only valid one and that the Framework merely reflects the dominance of US business.

Spatial Data

Warwick WatkinsSYDNEY - As the Surveyor General of NSW, I am pleased to introduce the first of a series of discussion forums relating to spatial information. Over the next twelve months, with the assistance of Open Forum, we will initiate a series of conversations relating to spatial information.