Search This Blog

Tuesday, May 03, 2011

Celebrate or commisserate, it's Privacy Awareness Week

Steps to raise awareness about the importance of privacy are commendable and Privacy Awareness Week, an initiative of the Asia Pacific Privacy Authorities, may be a good thing.


At the same time, the 1.6 million Australian users of Sony PlayStation might be reassured that the Privacy Commissioner is on the job, investigating whether Sony in Australia, despite an apparent system failure, did everything reasonably practicable to safeguard their personal information.

But nothing has changed since the last big privacy invasive blow up a year ago-Google's street view- revealed a legal framework with plenty of holes still in need of attention:
  • No public or private organisation in Australia has an obligation at law to notify those affected by any breach of privacy standards. Sony took days to admit publicly there was a problem. The ALRC recommended mandatory notification of a significant breach in 2008. The Privacy Commissioner says we need such a law. The Minister for Privacy and Freedom of Information Brendan O'Connor in today's Sydney Morning Herald says a such a system now ''appears necessary." But when?
  • The Information Commissioner has no powers to impose or seek penalties if an own motion investigation finds a breach of privacy principles in the Sony PlayStation case or any other. As the Privacy Commissioner noted most recently after finding Vodafone breached privacy standards. He will no doubt say the same thing when he completes an investigation of Dell. And Sony. The minister's predecessor Senator Ludwig said the Government intended to do something about this in October 2009. He repeated it in July last year. Still for action mid 2012?
    • Those affected probably have limited legal rights regardless of the loss or damage. The broader issue of a statutory cause of action for a serious unwarranted breach of privacy was recommended years ago, is yet to be considered by the government, and is listed as a second phase privacy reform issue to be considered in 2012.
      • Doubts remain whether Australian law adequately covers protection of personal information collected from Australians by a company operating in this country and held overseas. This is but one of the "first phase" reform issues arising from the Government's draft revised privacy principles that a Senate committee has been looking at since mid 2010.
      In Privacy Awareness Week the Minister tells us nothing new about these matters but says we all have to step up to the mark:
      “We’re acting to ensure that our privacy laws are robust in changing circumstances, but Australians also need to take responsibility for their actions, particularly online.”
      Bernard Keane in Crikey gives the Government some credit for being more serious about privacy than its predecessors, but cites failings and conflicting policy objectives that suggest "it’s hardly in a position to lecture the likes of Sony about their casual disregard of privacy and transparency."

        No comments:

        Post a comment