ALRC Proposes Overhaul of 'Complex and Costly' Privacy Laws
The Australian Law Reform Commission (ALRC) has released a blueprint with 301 proposals for overhauling Australia's complex and costly privacy laws and practices.

Releasing Discussion Paper 72, Review of Australian Privacy Law, ALRC President Professor David Weisbrot said it was the product of the largest public consultation process in ALRC history.

"We have received over 300 submissions and held over 170 meetings to date, including with business, consumers, young people, health officials, technology experts and privacy advocates and regulators.

"The clearest message from the community is that we must streamline our unnecessarily complex system. The federal Privacy Act sets out different principles for private organisations and for government agencies. On top of that, each state and territory has its own privacy laws or guidelines and some also have separate laws on health privacy.

"The ALRC is proposing there be a single set of privacy principles for information-handling across all sectors, and all levels of government. This will make it easier and less expensive for organisations to comply, and much more simple for people to understand their rights.

"The protection of personal information stored or processed overseas, as is now routine, is another serious concern. The ALRC wants to ensure that such information has at least the same level of protection as is provided domestically. We propose that a government agency or company that transfers personal information overseas without consent should remain accountable for any breach of privacy that occurs as a result of the transfer," Weisbrot said.

Commissioner in charge of the Inquiry, Professor Les McCrimmon, said that the ALRC also is proposing a new system of data breach notification.

"There is currently no requirement to notify individuals when there has been unauthorised access to their information, such as when lists of credit card details are inadvertently published. Where there is a real risk of serious harm to individuals, we say they must be notified," McCrimmon said.

McCrimmon added that the ALRC also proposes the removal of the exemption for political parties from the Privacy Act. "Political parties and MPs should be required to take the same level of care when handling personal information as any other agency or organisation."

Other key proposals include:

  • Introducing a new statutory cause of action where an individual's reasonable expectation of privacy has been breached;
  • Abolishing the fee for 'silent' telephone numbers;
  • Expanding the enforcement powers of the Privacy Commissioner;
  • Imposing civil penalties for serious breaches of the Act; and
  • Introducing a more comprehensive system of credit reporting.

Review of Australian Privacy Law is available at no cost from the ALRC Web site, www.alrc.gov.au. The ALRC is seeking community feedback on these proposals before a final report and recommendations are completed in March 2008. Submissions close on Dec. 7, 2007.

Luis Salazar Appointed Consumer Privacy Ombudsman
Greenberg Traurig Shareholder Luis Salazar, CIPP, has been apointed by the U.S. Department of Justice as the consumer privacy ombudsman in the Tweeter Audio/Sound Advice Chapter 11 reorganization. Salazar is only the fifth person nationwide to hold such a position. The position was created as a result of the Privacy Policy Enforcement in Bankruptcy Act (PPEBA) (Bankruptcy Code Sections 363(b)(1) and 332), a law which Salazar drafted in 2001.  

The PPEBA, which was passed by Congress as part of the recent Bankruptcy Code amendments, is the first national lawthat specifically enforces commercial privacy policies, limits the sale of private consumer data, and creates a consumer privacy ombudsman to advise bankruptcy courts in enforcing privacy laws and restrictions. In his role as consumer privacy ombudsman, Salazar advocated to protect consumers' private information by requiring the purchaser of Tweeter/ Sound Advice to comply with the company's existing privacy policy, while also giving consumers notice of the transfer of their data and an opportunity to opt-out of the transfer.

Salazar focuses his practice on corporate counseling and crisis management, data privacy and security laws and regulation, and startups and early stage businesses. Salazar is widely published in the areas of crisis management, data privacy and security law, and bankruptcy. He is a noted authority on the fiduciary duties of directors and officers and defending management against Deepening Insolvency claims. A seasoned trial attorney, Salazar has tried more than 100 discrete matters in federal and state courts throughout the country, on behalf of plaintiffs, defendants, debtors and creditors in a wide variety of actions.

John Kropf Named New DHS Deputy Chief Privacy Officer
The Department of Homeland Security (DHS) Privacy Office has named John Kropf, CIPP/G, to serve as its new Deputy Chief Privacy Officer.

Kropf will serve as a key adviser to DHS's Chief Privacy Officer, Hugo Teufel, III, CIPP/G, and other DHS leadership on issues related to compliance with privacy laws, DHS policies, as well as programs and agreements that adhere to fair information principles. He also will serve as chief operation officer and policy strategist for the Privacy Office.

Kropf previously served as the office's Director of International Privacy Policy, where he represented the department on U.S. government delegations to the Organization for Economic Cooperation and Development (OECD), Asia-Pacific Economic Cooperation (APEC) and various international negotiations, as well as followed global developments in privacy. He will continue to have overall responsibility for international privacy policy as a senior adviser.

Kropf brings 19 years of federal service to the job including experience as an international lawyer and information law litigator at the Depart-ment of State, and an immigration attorney in the Department of Justice's Honors Program.

The Center for Information Policy Leadership at Hunton & Williams Appoints IAPP Members to New Executive Committee

The Center for Information Policy Leadership at Hunton & Williams LLP recently announced the election of a new Executive Committee to advise the center on fulfilling its mission to encourage and inform responsible information governance in today's digital society. The Executive Committee will represent more than 40 center member companies from around the world.

"With the continuing growth of the Center and its global presence, we recognize an increased need for a governance structure for the organization," said Martin Abrams, Executive Director of the Center, commenting on the organization's 6-year history.

The Executive Committee members are privacy leaders who bring a wealth of experience to center discussions. Each member will advise on specific areas of the center's work, and provide guidance and direction as the organization grows and stakes out new initiatives.

The Committee includes IAPP members Scott Taylor, CIPP, Chief Privacy Officer, Hewlett Packard, Chair of the Executive Committee; Harriet Pearson, CIPP, Vice President, Regulatory Policy and Chief Privacy Officer, IBM; Andrew Roth, Chief Privacy Officer, American Express; Lynn Goldstein, CIPP, Senior Vice President and Chief Privacy Officer, JPMorgan Chase; and Jennifer Barrett, Global Privacy Officer, Acxiom.

NASCIO Brief Highlights Creating Cultural Change in State Government Through IT Security Awareness and Training

The National Association of State Chief Information Officers (NASCIO), which represents the chief information officers (CIOs) of the states, recently unveiled the research brief, "IT Security Awareness and Training: Changing the Culture of State Government," which highlights how IT security awareness and training activities, if conducted on a consistent basis, can instill cultural change within state government. The brief is a product of NASCIO's Information Security and Privacy Committee. 

Most state government employees use technology to do their daily work, yet they may not realize the dramatic consequences that can flow from one mistake. As data breaches and security incidents that originate from within state government appear to be on the rise, cultural change is needed toward a more security-conscious state workforce. All state employees need to understand that IT security is everyone's job and know how to use the state's IT resources in a way that minimizes security risks. 

"To implement or enhance current awareness and training efforts, State CIOs need examples of what other states are doing in this area. This brief provides numerous examples of other states' awareness and training efforts and serves as a way for State CIOs to share their best practices in order to help all states achieve a heightened culture of IT security," said Thomas Jarrett, CIO, State of Delaware and Co-Chair of NASCIO's Information Security and Privacy Committee. 

NASCIO is the premier network and resource for state CIOs and an effective advocate for technology policies at all levels of government.


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.


The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

IAPP-OneTrust PIA Platform

New U.S. Government Agency privacy impact assessments - free to IAPP members!

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

More Resources »

Europe Data Protection Intensive 2017

The Intensive is sold out! But cancellations do happen—so hurry and get on the wait list in case more seats become available.

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds, unparalleled programs and preeminent networking opportunities.

Canada Privacy Symposium 2017

The Symposium returns to Toronto this spring and registration has opened! Take advantage of Early Bird rates and join your fellow privacy pros for another stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum is sold out! But you can still add your name to the wait list, and we'll keep in touch about your status. Good luck!

Asia Privacy Forum 2017

Call for Speakers open! Join the Forum in Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region.

Privacy. Security. Risk. 2017

We're bringing the best of the best in privacy and infosecurity to sunny San Diego. Early registration for P.S.R. opens May 1.

Europe Data Protection Congress 2017

Call for Speakers open! The Congress is your source for European policy debate, multi-level strategic thinking and thought-provoking discussion. Submit a proposal by March 19.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»