Search This Blog

Friday, October 13, 2006

Privacy Commissioner almost poops on SWIFT's party

With delegates to the SWIFT Sibos Conference in Sydney packing up and moving out of town today, they almost got through the whole week without anyone mentioning the "P" word - privacy that is.

The Conference website provides lots of detail about the important discussions of the week, but uncertainty about the legality of provision of data to the US didn't appear to rate a mention.

To-day's Australian Financial Review (Pg. 8, no link available), says that the Federal Privacy Commissioner has said that her Office does not have authority to investigate SWIFT.
"However we are now considering the issues as far as they apply to Australian financial institutions, and if appropriate, we may conduct inquiries or investigation,"
The Australian Privacy Foundation is reported to be calling for a fast track investigation, saying it is unlikely all of the 11 Australian banks and 88 financial institutions have complied with the Privacy Act, particularly the prerequisite to inform customers about ususal recipients of information.

They could face the same problem concerning the outsourcing of data to service providers overseas, with India still the main focus of concern.

The Australian Law Reform Commission discussion paper released earlier this week includes a chapter on cross border transfers of personal information. PDF It includes the following information about India.
"India is currently the largest host of outsourced data processing in the world. Some estimates claim that India hosts 44% of the global market of outsourced software and "back office" services.

Currently no data privacy protection legislation is in place in India. Outsourcing countries, like the United States and Australia, rely on contractual obligations and the internal measures taken by Indian companies. Given the extent to which India is used as an outsourcing destination, data protection has become a political issue in the region. The adoption of model legislation based on the EU Directive has been proposed in the past; however the Indian Government has given some indication that it may adopt a model closer to the United States Safe Harbor principles, as a simpler regulatory solution."
The US Safe Harbor scheme has recently been found to not satisfy EU standards and a major crisis concerning the US requirement for the provision of airline passenger details by European airlines has only just been averted by a temporary agreement that has privacy regulators in Europe "choking on their baguettes".

India is apparently about to get some help from the US on data security. There is no touch of irony in the report, that fails to mention that the Privacy Rights Clearinghouse currently estimates that 93,764, 445 US records containing sensitive personal information have been involved in security breaches since February 2005.

Thanks to PogoWasRight for some of these leads

No comments:

Post a Comment