Greetings from Sydney!
Privacy-related issues have appeared in the news quite significantly of late, with a number of developments occurring both locally and abroad keeping privacy professionals in our region on their toes. In response to these developments, iappANZ recently held events for its members in Sydney, Melbourne and Brisbane to hear panels of leading privacy experts explore the Australian Productivity Commission’s report into “Data Availability and Use” and the likely impact upon our current data privacy landscape should the recommendations of the report be accepted at the end of this year.
By way of background, the Commission undertook a public inquiry in Australia in 2016, looking into ways in which to improve the availability and use of public and private sector data while at the same time increasing consumers’ control over their own data. With a prevailing view that valuable data in Australia is being vastly underutilized, the Commission’s inquiry was driven by the need to boost innovation and competition in Australia. The Commission’s final report, released 8 May 2017, contains a number of recommendations, including the passing of new data-sharing legislation. This legislation will establish a new risk-based approach, enabling better access to consumers’ data among both government and private data holders alike. The report also recommends that a consumer’s data must be provided by the government and private data holders to the consumer on request so that he or she may exercise a number of rights, including the access to and use of data.
While there are significant economic and social benefits to all Australians from a greater sharing of data, there are also significant risks, particularly in the event of a data breach. In the United States, this risk was recently highlighted by Equifax, where a data incident resulted in the loss of credit reporting information, including names, Social Security numbers, birth dates and driver’s license numbers of some 143 million Americans. The U.S. Federal Trade Commission has launched an investigation into Equifax over the incident, and there has been proposed new legislation that would hold data brokers more accountable for what they do.
Meanwhile back in Australia, in response to Equifax, our privacy rights advocate, the Australian Privacy Foundation, has requested the Australian government to act swiftly in ensuring that health information of Australian citizens, which will be made more accessible when the government’s My Health Record program (commencing in 2018) is safe from suffering the same fate as Equifax. The APF has called for significant measures to be undertaken here in Australia so that both government and private data holders are more accountable for their data processing activities. This includes the establishment of a national law providing a right to compensation for anyone who has experienced a serious breach of privacy, along the same lines as the privacy tort that was recommended by the Australian Law Reform Commission a number of years ago.
In light of the above developments, the current tension between privacy and greater data utilization is something that shouldn’t be ignored. It will be the theme of this year’s iappANZ’s Summit, titled "Privacy & Personalisation — Walking the Line," which will be held in Sydney 3 and 4 Oct. With a diverse lineup of speakers, the Summit promises to deliver robust and insightful thought leadership on this topic.
In other news, this week’s Asia-Pacific Dashboard Digest contains a number of interesting articles across the region, two of which highlight that data incidents can readily occur through careless handling of personal data and a failure to take appropriate steps to safeguard personal data against unauthorized access. With the proposed introduction of a privacy tort as mentioned above, organizations will need to get their house in order with a properly managed data privacy framework in place if they want to avoid costly litigation of this kind.