|
|
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 |
Subscribe to the RSS feed › 
Australian business needs to recognise its own interests in international privacy protection and take a more active part in the debate.
The recent partial endorsement by the Australian Law Reform Commission of the APEC approach to privacy protection of personal information that crosses national borders (see media statement of 11 August 2008) is likely to enliven public discussion of options for international privacy protection. Already, Chris Connolly has published a critique of APEC's accountability principle under which the exporter of personal information remains accountable for its privacy protection. ('Asia-Pacific Region at the Privacy Crossroads (2008)', Chris Connolly, Galexia).
It is this principle that, subject to some qualifications, has been adopted in the privacy report of the Australian Law Reform Commission. One of the qualifications is that the exporter should not be accountable where the laws of the receiving jurisdiction are rated as ‘adequate'.
Rating is to be done by the Australian Government which, under current administrative arrangements, means Senator Faulkner supported by the Department of the Prime Minister and Cabinet. Thus, the concept of ‘adequacy', which derives from the European Union's Privacy Directive, enters by the back door.
In a digital environment, approval of a data transfer makes about as much sense as approval of an ocean current.
In its preoccupation with a perceived threat to its independence arising out of the recommendation for a private right of action for invasion of privacy, the media commentary on the ALRC's Privacy Report has missed its most significant aspects.
Among its many recommendations, the following deserve wide public discussion: regulating cross-border data flows; rationalisation of exemptions and exceptions; and uniform privacy principles and national consistency.
Regulating cross-border data flows
The existing law, which is based on the 1980 OECD Privacy Principles, regulates cross-border data flow by requiring an assessment of the level of privacy protection that will be provided to the data in the jurisdiction to which it is being transferred. While some flexibility is built into the tests, the basic concept is that privacy protection in the receiving jurisdiction should be similar to that in Australia. This approach was also taken, in a more bureaucratic form, in the European Union's Privacy Directive of 1995.
The upcoming identity conference in New Zealand is going to be a high spot for ID management in this part of the world; indeed anywhere.
In 2 weeks, I will be heading to New Zealand to participate in Managing Identity in New Zealand - Identity Conference 2008. Among the other speakers will be Stefan Brands to talk about Credentica & its purchase by Microsoft, which we first celebrated in A great day for privacy: genuine privacy respecting, user centric Identity Management has hit the mainstream the day after it was announced.
As a consequence, I have been brushing up on latest developments in ID management in New Zealand. The short version of that story is that, at least among the Anglo cultures, the New Zealand government almost certainly takes the prize for seeking to provide privacy respecting, user centric ID management.
See for example igovt public consultation at Vikram Kumar's fabulous Identity & Privacy blog; while you're there have a wander round his site. Martin Stewart-Weeks from Cisco introduced me to the site.
This discussion forum sets out to generate opinions on a new approach to trust and privacy in an era of accelerating technological change. We are seeking input from a wide range of interested people. The current thinking on this project is set out in a working paper developed for the Privacy & Trust Partnership and discussed at a workshop on "Formulating a New Approach to Privacy and Trust in the Information Age", held in Sydney on 4 December 2007 at the State Library of New South Wales.
We are watching a very rapid change in community attitudes on privacy. One of the strongest contributors is the repeated and significant loss of control of personal information by private and public sector organisations around the world. Nearly as many records of personal information about folk in the US have been lost as there are citizens. In the UK this month, in one hit, they got up to a 50 % ratio. Where does Australia stand?
Customers and citizens are beginning to worry. And take action.
CxOs in the wise agency or organisation would be reviewing their security policies and their privacy plans. Most particularly, they might like to consider a disaster plan that is rarely reviewed - their Customer Continuity Plan. In this day and age, any self respecting organisation is likely to have a "Business Continuity Plan" to manage disaster. What does its equivalent "Customer (or Citizen) Continuity Plan" look like? Does it even have one? Or is the customer expected to carry all the risk unassisted?
“Formulating a New Approach to Trust and Privacy in the Information Age” will be held in Sydney on 4 December 2007 at the State Library of New South Wales.
Building on the success of the first conference on the same topic, held earlier this year at NSW Parliament House, the Privacy & Trust Partnership is convening this event with an aim to develop a best practice approach to trust and privacy regulation for the information age. The core objectives of the project are to:
