IAPP-GDPR Web Banners-300x250-FINAL

ALRC Proposes Overhaul of 'Complex and Costly' Privacy Laws
The Australian Law Reform Commission (ALRC) has released a blueprint with 301 proposals for overhauling Australia's complex and costly privacy laws and practices.

Releasing Discussion Paper 72, Review of Australian Privacy Law, ALRC President Professor David Weisbrot said it was the product of the largest public consultation process in ALRC history.

"We have received over 300 submissions and held over 170 meetings to date, including with business, consumers, young people, health officials, technology experts and privacy advocates and regulators.

"The clearest message from the community is that we must streamline our unnecessarily complex system. The federal Privacy Act sets out different principles for private organisations and for government agencies. On top of that, each state and territory has its own privacy laws or guidelines and some also have separate laws on health privacy.

"The ALRC is proposing there be a single set of privacy principles for information-handling across all sectors, and all levels of government. This will make it easier and less expensive for organisations to comply, and much more simple for people to understand their rights.

"The protection of personal information stored or processed overseas, as is now routine, is another serious concern. The ALRC wants to ensure that such information has at least the same level of protection as is provided domestically. We propose that a government agency or company that transfers personal information overseas without consent should remain accountable for any breach of privacy that occurs as a result of the transfer," Weisbrot said.

Commissioner in charge of the Inquiry, Professor Les McCrimmon, said that the ALRC also is proposing a new system of data breach notification.

"There is currently no requirement to notify individuals when there has been unauthorised access to their information, such as when lists of credit card details are inadvertently published. Where there is a real risk of serious harm to individuals, we say they must be notified," McCrimmon said.

McCrimmon added that the ALRC also proposes the removal of the exemption for political parties from the Privacy Act. "Political parties and MPs should be required to take the same level of care when handling personal information as any other agency or organisation."

Other key proposals include:

  • Introducing a new statutory cause of action where an individual's reasonable expectation of privacy has been breached;
  • Abolishing the fee for 'silent' telephone numbers;
  • Expanding the enforcement powers of the Privacy Commissioner;
  • Imposing civil penalties for serious breaches of the Act; and
  • Introducing a more comprehensive system of credit reporting.

Review of Australian Privacy Law is available at no cost from the ALRC Web site, The ALRC is seeking community feedback on these proposals before a final report and recommendations are completed in March 2008. Submissions close on Dec. 7, 2007.

Luis Salazar Appointed Consumer Privacy Ombudsman
Greenberg Traurig Shareholder Luis Salazar, CIPP, has been apointed by the U.S. Department of Justice as the consumer privacy ombudsman in the Tweeter Audio/Sound Advice Chapter 11 reorganization. Salazar is only the fifth person nationwide to hold such a position. The position was created as a result of the Privacy Policy Enforcement in Bankruptcy Act (PPEBA) (Bankruptcy Code Sections 363(b)(1) and 332), a law which Salazar drafted in 2001.  

The PPEBA, which was passed by Congress as part of the recent Bankruptcy Code amendments, is the first national lawthat specifically enforces commercial privacy policies, limits the sale of private consumer data, and creates a consumer privacy ombudsman to advise bankruptcy courts in enforcing privacy laws and restrictions. In his role as consumer privacy ombudsman, Salazar advocated to protect consumers' private information by requiring the purchaser of Tweeter/ Sound Advice to comply with the company's existing privacy policy, while also giving consumers notice of the transfer of their data and an opportunity to opt-out of the transfer.

Salazar focuses his practice on corporate counseling and crisis management, data privacy and security laws and regulation, and startups and early stage businesses. Salazar is widely published in the areas of crisis management, data privacy and security law, and bankruptcy. He is a noted authority on the fiduciary duties of directors and officers and defending management against Deepening Insolvency claims. A seasoned trial attorney, Salazar has tried more than 100 discrete matters in federal and state courts throughout the country, on behalf of plaintiffs, defendants, debtors and creditors in a wide variety of actions.

John Kropf Named New DHS Deputy Chief Privacy Officer
The Department of Homeland Security (DHS) Privacy Office has named John Kropf, CIPP/G, to serve as its new Deputy Chief Privacy Officer.

Kropf will serve as a key adviser to DHS's Chief Privacy Officer, Hugo Teufel, III, CIPP/G, and other DHS leadership on issues related to compliance with privacy laws, DHS policies, as well as programs and agreements that adhere to fair information principles. He also will serve as chief operation officer and policy strategist for the Privacy Office.

Kropf previously served as the office's Director of International Privacy Policy, where he represented the department on U.S. government delegations to the Organization for Economic Cooperation and Development (OECD), Asia-Pacific Economic Cooperation (APEC) and various international negotiations, as well as followed global developments in privacy. He will continue to have overall responsibility for international privacy policy as a senior adviser.

Kropf brings 19 years of federal service to the job including experience as an international lawyer and information law litigator at the Depart-ment of State, and an immigration attorney in the Department of Justice's Honors Program.

The Center for Information Policy Leadership at Hunton & Williams Appoints IAPP Members to New Executive Committee

The Center for Information Policy Leadership at Hunton & Williams LLP recently announced the election of a new Executive Committee to advise the center on fulfilling its mission to encourage and inform responsible information governance in today's digital society. The Executive Committee will represent more than 40 center member companies from around the world.

"With the continuing growth of the Center and its global presence, we recognize an increased need for a governance structure for the organization," said Martin Abrams, Executive Director of the Center, commenting on the organization's 6-year history.

The Executive Committee members are privacy leaders who bring a wealth of experience to center discussions. Each member will advise on specific areas of the center's work, and provide guidance and direction as the organization grows and stakes out new initiatives.

The Committee includes IAPP members Scott Taylor, CIPP, Chief Privacy Officer, Hewlett Packard, Chair of the Executive Committee; Harriet Pearson, CIPP, Vice President, Regulatory Policy and Chief Privacy Officer, IBM; Andrew Roth, Chief Privacy Officer, American Express; Lynn Goldstein, CIPP, Senior Vice President and Chief Privacy Officer, JPMorgan Chase; and Jennifer Barrett, Global Privacy Officer, Acxiom.

NASCIO Brief Highlights Creating Cultural Change in State Government Through IT Security Awareness and Training

The National Association of State Chief Information Officers (NASCIO), which represents the chief information officers (CIOs) of the states, recently unveiled the research brief, "IT Security Awareness and Training: Changing the Culture of State Government," which highlights how IT security awareness and training activities, if conducted on a consistent basis, can instill cultural change within state government. The brief is a product of NASCIO's Information Security and Privacy Committee. 

Most state government employees use technology to do their daily work, yet they may not realize the dramatic consequences that can flow from one mistake. As data breaches and security incidents that originate from within state government appear to be on the rise, cultural change is needed toward a more security-conscious state workforce. All state employees need to understand that IT security is everyone's job and know how to use the state's IT resources in a way that minimizes security risks. 

"To implement or enhance current awareness and training efforts, State CIOs need examples of what other states are doing in this area. This brief provides numerous examples of other states' awareness and training efforts and serves as a way for State CIOs to share their best practices in order to help all states achieve a heightened culture of IT security," said Thomas Jarrett, CIO, State of Delaware and Co-Chair of NASCIO's Information Security and Privacy Committee. 

NASCIO is the premier network and resource for state CIOs and an effective advocate for technology policies at all levels of government.


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»