While many of us in Australia are focusing on the introduction of mandatory data breach notification rules in February, the coexistence of open data with privacy and the potential for conflict between these two objectives was brought into sharp relief by a media release from the Australian Privacy Foundation recently, calling for a public report into a September 2016 incident. This incident involved health information being released by the government that was not sufficiently encrypted, allowing a team of researchers from Melbourne University to re-identify the data. This highlights, again, the difficulties of applying de-identification techniques in order to use big data sets for public policy purposes while balancing the privacy rights of individuals.
In India, two developments have shown us that the law can either lag behind reality or can seek to be proactive.
In the same week as India’s High Court looks to decriminalize a colonial-era law banning gay sex on the basis that the existence of the crime has been used to infringe privacy and enhance blackmail and bullying across the LBGTI community, the government-based agency responsible for Aadhaar, the 12-digit unique identification number provided to all Indian residents, is looking to provide a virtual identification number. This virtual ID would replace the existing number, which has been the subject of reported breaches and leaks. However the new system has given rise to controversy of its own across a range of issues regarding how the virtual identity is authenticated and who can store the information.
Finally, China should not go without mention, as its government has recently taken action against the financial services arm of online sales giant Alibaba, claiming it violated new standards by not telling users with whom it would share personal financial data.
It looks as if, from a privacy perspective, the issues for 2018 will continue on from 2017. It is likely we will see even more interconnectedness and the shrinking of the global village as the General Data Protection Regulation seeks to extend its reach to all of those who monitor EU citizens, which, in many instances, will equate to having EU customers.
The issues raised in this digest indicate that the pace of change and the workload for privacy professionals in the APAC region in 2018 will be maintained, if not increased, as further changes take effect.
If you want to comment on this post, you need to login.