G’day from Sydney!

On Friday last week the rainclouds cleared in our glorious Emerald City to allow over 50 keen IAPP ANZ members to gather at Gilbert & Tobin’s offices in Barangaroo, Sydney’s new CBD precinct. The event organized by IAPP ANZ was a panel discussion on the meaning of “Personal Information” under the Australian Privacy Act, where a panel of leading privacy experts explored the implications of the Federal Court’s recent judgment in Privacy Commissioner v. Telstra Corporation Limited (the Telstra and Ben Grubb appeal). The outcome of the Federal Court appeal, and one of the key takeaways from the panel discussion, was to clarify that it’s important for us to consider the word “about” (in the context of “about an individual”) when looking at the definition of “Personal Information” under the Privacy Act.

The discussion covered significant ground and delivered interesting insights from a panel of privacy professionals who had somewhat divergent views on the subject matter, which ultimately made for an interesting and informative event. The Chatham House Rules prevent me from giving away any more information about the views presented by each of the panelists, however you can read their individual blogs on their respective websites if you would like to learn more.  

In the course of the discussion, the panelists also touched upon data privacy issues arising from the Australian Productivity Commission’s recent public inquiry into the ways to improve the availability and use of public and private sector data. A regathering of the panel in the near future will discuss the impact of the Productivity Commission’s Report on the outcome of this inquiry. It will explore the benefits of providing greater access for third parties to big data holdings, public and private, and consider new models for making data available. It will also consider current Australian policies and regulations in place to protect the legitimate interests of individuals and businesses in privacy and confidentiality, and consider whether they remain fit for purpose. The next panel gathering has already been discussed with much interest and excitement, so watch this space for further updates on the next installment!

In other news, this week’s Asia-Pacific Dashboard Digest contains a number of articles regarding data incidents occurring in Hong Kong and Australia, highlighting the penalties that may be awarded and significant costs incurred in dealing with privacy breaches. In Australia, the public disclosure of an individual’s sensitive health information by a government department arising from a poorly redacted document published under freedom of information laws, resulted in the individual being awarded AU$20,000 for the emotional toll of the disclosure. In Hong Kong, we learn more about the ongoing investigation into the compromise of personal information relating to 3.8 million Hong Kong voters following the theft of two election computers from an unguarded office within a backup polling station. The significant costs incurred by the HK Electoral Office of dealing with this incident have now come to light, being HK$5 million to mail out 3.2 million letters to impacted voters. Meanwhile in India, the Supreme Court is looking into whether users of “free” instant messaging platforms can claim a right to privacy for their personal information, raising an interesting question: “Do users need to pay for a service in order to secure privacy rights?”

 Happy reading….