Privacy has burst into the news at the spring Parliament sittings. First came the news of the unfortunate and monumental breach by Medicare — embarrassing for a government which is currently supporting opt-out trials for the My Health Record, for all Australians.
This was followed immediately by the attorney general’s announcement that re-identification of health data would be criminalized — no accident there! You may be forgiven for questioning who is to blame here. Breaches happen, but when it’s large sets of personal health information, then the security protocols need to match the level of sensitivity. The sensible protocol of responsible disclosure which helps to harden systems and keep people's information safe will be disabled by this law, just in the very area where it is most needed. So often it is the response to the breach which determines the attitudes of those affected. I know I would feel better if the responsible party acknowledged its shortcomings, apologized and undertook radical change as happened with ACC in New Zealand in 2012.
On the bright side, just a few hours ago the mandatory data breach notification laws have finally made their way through Parliament after a very rocky road.
Over the Ditch, the New Zealand Privacy Commissioner reports that the government is proposing to change New Zealand’s intelligence and security legislation, and the commissioner’s submission on this can be found here.
Springtime is looking good for privacy in Australia — a funded OAIC and a new law to encourage organisations to make good privacy part of their business.
If you want to comment on this post, you need to login.