Search This Blog

Friday, August 28, 2015

"We're the government and we're here to protect your privacy"


as two experts outline years of failure to pay attention to privacy protection.

Dr Roger Clarke in a detailed working paper examines the last 15 years' incursions into human rights based on 'the terrorist threat' and highlights the limited attention paid to privacy impact assessment:
Democracy in Australia is gravely threatened by a flood of measures harmful to human rights that have been introduced since 2001, and a large proportion of which are unjustified and not subject to effective controls. The passage of these measures through the Parliament has been achieved on the basis of their proponents' assertions and without appropriate scrutiny. Parliament had available to it various forms of impact assessment techniques, but failed to require that such methods be applied. The study reported here found that one particular form of evaluation, Privacy Impact Assessment (PIA), should have been performed, but was seldom applied, and where it was applied the process and report were in almost all cases seriously deficient. Survival of democracy is dependent on the Parliament standing up to the national security extremism that has taken hold of the Attorney-General's Department. Ministers and Parliamentary Committees must demand prior evaluation of proposals that restrict civil freedoms, must ensure transparency in relation to the proposals and their justification, and must require effective controls over, and mitigation features within, those measures that survive the evaluation process.
Reminder: the Office of Australian Information Commissioner that includes the Privacy Commissioner has operated under threat of extinction for 15 months. Currently one commissioner is responsible for the functions of three commissioners envisaged by parliament in establishing the office. A Privacy Commissioner will be in place for 12 months from 19 October.

Anna Johnston of Salinger Privacy responds to a NSW parliamentary committee call for submissions on a statutory cause of action for serious invasions of privacy by providing chapter and verse of failure to address other well known weaknesses in privacy law and enforcement. 

Johnston lists the black holes where privacy laws don't apply and loopholes unique to NSW "so wide you could drive a truck full of privacy-invaders through them, and still have room for a parade of dancing elephants on either side." For example State Owned Corporations are not subject to privacy legislation, a NSW agency can pass any personal information to a person or body outside the state and not breach the Privacy and Personal Information Protection Act, and an agency is not responsible for privacy invasive conduct of an employee malicious or otherwise if the person wasn't really acting as an employee at the time.

Reminder: as Johnston notes, "NSW has only a part-time Privacy Commissioner, who does not have enough staff or an independent budget, let alone any powers to levy fines or compel privacy-invaders to do anything."

1 comment:

  1. Love it! There was a similar post over on recently but I can't find it presently.