The Robodebt scheme was a controversial and unlawful attempt by the Australian government to recover debts from welfare recipients between 2015 and 2019 using an automated data-matching system. During this period, serious questions were raised about the processes behind automated data-matching and associated privacy practices of involved government agencies involved: the Australian Department of Human Services and the Australian Taxation Office.   What followed was infamously referred to as "a ... Read More

The Office of the Australian Information Commissioner released its Notifiable Data Breaches Report for the first half of 2023. The biannual report outlined the industries most susceptible to breaches, the sources of breaches and areas for improved practice. Commissioner Angelene Falk said organizations "must have the security measures required to minimise the risk of a data breach" and "the longer organisations delay (breach) notification, the more the chance of harm increases."Full story... Read More

Research by software company BlackBerry Limited found 93% of Australian organizations are pursuing bans on generative artificial intelligence applications in the workplace. However, the majority of survey respondents also recognized opportunities for generative AI apps in the workplace, for instance around attracting talent, increasing efficiency and augmenting creativity.Full story... Read More

Australia's Right to Know coalition — made up of leading media outlets and organizations — opposes privacy law reform, saying it would have a "devastating impact on press freedom and journalism," the Guardian reports. The proposed reform includes a right to sue for serious privacy invasions and would require media companies to comply with requirements around securing and destroying private information. The group said the proposal would be "contrary to public interest and result in a significant ... Read More

The Australian Attorney-General's Department released its highly anticipated review of the Privacy Act 1988 Thursday, a significant step in the reform of the nation's privacy law. The Privacy Act Review Report includes 116 recommendations based on 30 "key themes and proposals" from stakeholders during the course of the last two years. "The proposed reforms are aimed at strengthening the protection of personal information and the control individuals have over their information. Stronger privacy ... Read More

Brilliantly funny Aussie comedian Wil Anderson, of Gruen Transfer fame, wrote in his gut-splitting book "I Am Not Fine, Thanks" an incredibly insightful comment about the trade-offs between privacy, smart devices and other technological marvels. In his book Anderson writes about his initial resistance to technology companies wangling their way inside our homes with connected tech. "I was already not the smartest thing in my house, and I don't need to keep demoting myself down the ladder," he sai... Read More

The Parliament of Australia approved final passage of the Privacy Legislation Amendment Bill 2022. The bill amends the Privacy Act of 1988 to increase data breach fines to AU$50 million, or penalties based on data monetization and 30% of adjusted quarterly turnover under a new three-factor penalty scheme. Australian Information Commissioner and Privacy Commissioner Angelene Falk said the changes create "closer alignment with competition and consumer remedies" under the EU General Data Protection... Read More

In a Salinger Privacy blog post, Principal Anna Johnston, CIPP/E, CIPM, FIP, looks at proposals to amend Australia’s Privacy Act. Johnston discusses proposals released by the Attorney General’s Department in October, which have “much to say about digital harms, targeted advertising, personalised content and the role of online identifiers.” Overall, Johnston said the proposals “represent some sensible ways to strengthen the law,” but she added, “there are some opportunities not yet grasped, and a... Read More

The U.S. Department of Justice announced the U.S. and Australia entered into a crime data sharing agreement under the Clarifying Lawful Overseas Use of Data Act. The DOJ said the agreement will allow law enforcement from both countries to trade electronic data in efforts to "prevent, detect, investigate and prosecute" a range of serious crimes, including ransomware attacks. The deal will be carried out with "strong protections for the rule of law, privacy and civil liberties," according to the D... Read More

The Office of the Privacy Commissioner of New Zealand published its “December 2021 Insights Report – Privacy Breach Reporting,” one year after implementation of the Privacy Act 2020. According to the report, reported privacy breaches increased nearly four times from Dec. 1, 2020 to Oct. 31, 2021, following mandatory reporting requirements. The OPC said one third of reported breaches met the threshold for serious harm, 35% involving emotional harm, 14% reputational harm, and 11% financial harm. T... Read More

ZDNet reports Australia's debit transaction system eftpos is the country's first non-governmental accredited digital identity exchange operator under the Trusted Digital Identity Framework. Eftpos's connectID service works as a "broker" between identity service providers and organizations that must verify identity information as part of their service, such as government departments. The company has said it does not store any identity data. Full Story... Read More

Amazon Web Services will launch its first data center region in Auckland, New Zealand, by 2024, ZDNet reports. “When operational, the AWS region here will enable customers from startups to enterprises as well as government, education, and non-profit organisations to run applications and securely store data from data centres located right here on New Zealand soil. And they can do this knowing that we are committed to providing the highest standard of privacy and security protections,” New Zealand... Read More

Police in Queensland are using internet-connected interlock devices with facial recognition technology to address incidents of driving under the influence, ABC News reports. The devices are fitted to vehicles of convicted drivers and require the facial verification and a breath test to start the ignition. “These devices are well worth it as they make drivers accountable for their actions,” Mount Isa District Road Policing Unit Sgt. Paul Quinlan said.Full Story... Read More

Sydney-based startup OCR Labs is the first company to receive licensing from Australia's government to be a digital identification provider, InnovationAus reports. OCR earned accreditation via the Digital Transformation Agency’s Trusted Digital Identity Framework. OCR will not officially be a provider until Australia passes legislation to allow a broad expansion of the country's digital ID program, with a bill expected to be presented to Parliament in the near future.Full Story... Read More

The New Zealand government implemented a legislative framework granting citizens a new consumer data right. Citizens will have the ability to share their data with third parties via standardized data formats and interfaces. The new data right will be rolled out on a sector-by-sector basis, with the government determining the individual markets, sectors and industry where it applies.Full Story... Read More

The Washington Post reports Australian information security consultancy Azimuth Security was responsible for helping the U.S. Federal Bureau of Investigation access the encrypted iPhone of the San Bernardino, California, attackers in 2016. In the piece, Ellen Nakashima and Reed Albergotti break down how Azimuth hacked the phone and explains the company's role as a "white hat" hacker, described as "good-guy cybersecurity research that aims to disclose flaws and disavows authoritarian governments.... Read More

New Zealand's Office of the Privacy Commissioner announced the Privacy Act 2020 has taken effect. "The new act brings with it a wider range of enforcement tools to encourage best practice, which means we are now able to take a different approach to the way we work as a regulator," Privacy Commissioner John Edwards said. Notably, the updated legislation features new breach reporting obligations, criminal penalties and new provisions on international data transfers. Also, Edwards joined RNZ's Cori... Read More

On Dec. 6, Australia passed a surprising law with a global impact on privacy. The new law requires any Australian company to build backdoors to encrypted data and communications when instructed to do so by the government, while also requiring secrecy about the existence of such surveillance capabilities from individuals and enterprise customers. This unverifiable question of compromised encryption presents many technical threats and introduces international regulatory compliance challenges as we... Read More