Hello, privacy pros.
It's difficult to think of a topic more pressing than the current global pandemic, and it is fitting that I am writing to you from my home after having had my principle place of work evacuated for COVID-19 exposure.
Although the IAPP Global Privacy Summit 2020 has been canceled in the wake of the pandemic, IAPP's online web conferences can help fill the void. Many are free for both members and nonmembers, and with a great online library of recent web conferences and upcoming live events, there is plenty of content to stay current on privacy topics, even while applying social distancing. The IAPP is also still accepting submissions to speak in Sydney at the IAPP ANZ Summit 2020 in November, which we very much expect to be an in-person event. The call for proposals is open until the end of March.
According to Mark Speakman, attorney general of Australia's state of New South Wales, the state could become the first in Australia to introduce mandatory breach notification that would apply to state agencies. iTnews speculates that state-level scheme may mimic Australia's federal Notifiable Data Breach Scheme in some ways, such as by adopting the same harm threshold, but differ in others, such as by imposing a shorter mandatory reporting time frame.
In other news from Australia, an article from Annelies Moens in the March AICD Company Directors Magazine dives into the Australian government's response to the Australian Competition and Consumer Commission's Digital Platforms Inquiry, which recommended a number of changes to Australia's privacy regime. Moens highlights the likelihood of increased fines, as well as the potential for a direct right of action and class actions for violations.
The National Privacy Commission of the Philippines has issued a statement noting the government must continue to balance privacy interests in its handling of the COVID-19 pandemic. EU data protection authorities have also issued guidance, directed principally toward employers, on the use of personal data in the context of the pandemic, and the IAPP research team has rounded up COVID-19 guidance issued by DPAs and compiled it into a helpful chart. Spoiler: It isn't a case study in harmonization, but it's useful for complying on a jurisdiction-by-jurisdiction basis.
Twenty years ago, the world was basking in the relief that Y2K had not been the apocalyptical event it was feared to be. Take a nostalgic look back at the world of privacy in the IAPP's first year, in this article on wireless privacy.
The current pandemic is likely to overshadow much of our day-to-day existence over the coming weeks and months. People around the world and their respective governments are facing unique challenges and implementing varying approaches. Privacy professionals are likely to play a unique role during this crisis, as well-intentioned agencies and organizations may look to collect sensitive personal data from travelers, students, staff and vulnerable populations. We must ensure the proportionality of the extraordinary measures undertaken, even when privacy considerations may seem trivial in contrast with the pandemic threat. We must also ensure that such measures are reevaluated and rolled back when this crisis subsides.
Until next time, I wish you all good health. Now, go wash your hands — you don't know where this email has been.
If you want to comment on this post, you need to login.