Participation in the DATA Scheme continues to grow as shown in the Office of the National Data Commissioner’s (ONDC) Implementation Pipeline update below. New guidance to develop a data inventory The ONDC has released a new guide to developing a data inventory. There are now 56 organisations that have taken the step of onboarding to Dataplace. Once on board, you can use Dataplace to make a request for data collected by Australian Government agencies and make a data sharing agreement. Dataplace is also the place to go if you want to apply for accreditation to participate in the DATA Scheme. If you want to see who is already accredited, check out our Register of Accredited Entities. In upcoming events below, we have included the ONDC webinars where you can learn more about the DATA Scheme. New guidance to help Scheme participants – costs Under the DATA Scheme, Australian Government agencies […]
Explaining decisions made by AI
The UK Information Commissioner’s Office and The Alan Turing Institute have released a guidance to provide practical advice to organisations to help explain the processes, services and decisions delivered or assisted by AI, to the individuals affected by them. The guidance consists of three parts. Depending on your level of expertise, and the make-up of your organisation, some parts may be more relevant than others. Read the Guidance here. Part 1: The basics of explaining AI Aimed at DPOs and compliance teams, part one defines the key concepts and outlines a number of different types of explanations. It will be relevant for all members of staff involved in the development of AI systems. Part 2: Explaining AI in practice Aimed at technical teams, part two helps you with the practicalities of explaining these decisions and providing explanations to individuals. This will primarily be helpful for the technical teams in your organisation, however your […]
What’s happening with data from your car?
Mozilla released a report last week that examined the terms of service for 25 car companies and the types of data being collected. The report states, ‘they can collect information about how much money you make, your immigration status, race, genetic information, and sexual activity (it’s in there!).’ Concerningly, the report provides ‘Twenty two of the car brands (88% of the ones we looked at) mentioned creating inferences — assumptions about you based on other data. And nine of those companies (39%) said specifically that they might sell them to third parties.’ Included in the report is an extract from Tesla’s Terms of Service, “if you no longer wish for us to collect vehicle data or any other data from your Tesla vehicle, please contact us to deactivate connectivity. Please note, certain advanced features such as over-the-air updates, remote services, and interactivity with mobile applications and in-car features such as location search, Internet radio, voice […]
Take part in an organisational resilience survey and global discussion
Calling Senior Corporate, Legal, and Risk Management Professionals Ansarada invites you to take a brief 6-minute survey that will serve as the cornerstone of a data-driven report. The report developed in collaboration with industry experts, will be a treasure trove of actionable insights and expert commentary, around Operational Resilience globally. Participants will gain exclusive first access to the report’s findings and will have the opportunity to share your insights and commentary if you wish to contribute further. Participation in this survey is anonymous. You can take the survey here: https://lnkd.in/gZiqcfun
US and Australian government issue joint Cyberseucrity Advisory on preventing Web Application Access Control Abuse
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) have recently released a joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities. IDOR vulnerabilities are access control vulnerabilities enabling malicious actors to modify or delete data or access sensitive data by issuing requests to a website or a web application programming interface (API) specifying the user identifier of other, valid users. These requests succeed where there is a failure to perform adequate authentication and authorization checks. These vulnerabilities are frequently exploited by malicious actors in data breach incidents because they are common, hard to prevent outside the development process, and can be abused at scale. IDOR vulnerabilities have resulted in the compromise of the personal, financial, and health information of millions of users […]
Australian Community Attitudes to Privacy Survey 2023
The Australian Community Attitudes to Privacy Survey 2023 released by the Office of the Australian Information Commissioner (OAIC) on 8 August, shows a significant increase in the number of Australians who feel data breaches are the biggest privacy risk they face today. Australian Information Commissioner and Privacy Commissioner Angelene Falk said, ‘Australians see data breaches as the biggest privacy risk today, which is not surprising with almost half of those surveyed saying they were affected by a data breach in the prior year.’ Furthermore, the Commissioner stated, ‘there is a strong desire for organisations to do more to advance privacy rights, including minimising the amount of information they collect, taking extra steps to protect it and deleting it when no longer required.’ Among the key themes of the survey are: Australians care about their privacy. Nine in 10 Australians have a clear understanding of why they should protect their personal information, and […]
Zoom clarifies that it won’t use data without consent for AI training
In the past few weeks, there have been media reports pointing out that Zoom’s updated Terms of Service introduced in March, would enable Zoom to use data collected for AI training purposes. Last week, the CEO of Zoom this has led Zoom to announce that it will not use data for AI training without explicit consent for users. However, it highlights how vigilant organisations need to be in monitoring third-party providers’ changes to third-party technology providers and implementing changes to policies and processes if appropriate. Zoom has recently introduced two generative AI features — Zoom IQ Meeting Summary and Zoom IQ Team Chat Compose – which offer automated meeting summaries and AI-powered chat composition. The Zoom account owners and administrators who control whether to enable these AI features for their accounts. Chief Product Officer Smita Hashim explained, ‘We’ve updated our terms of service (in section 10) to further confirm that Zoom does not use any […]
The Good Shepherd Model for Cybersecurity, Privacy and Regulatory Compliance
WHITE PAPER Four principles for protecting private data to improve compliance with privacy regulations Executive Summary Regulators Sharpen their Focus on Protecting Private Data “Assume You Are Compromised” – Now What? The Good Shepherd Model Case Study: Investigating a Datacenter Breach the Hard Way Security and Privacy are Strategic References EXECUTIVE SUMMARY Organizations that store customers’ private information have a duty of care to protect that data. Credit card numbers and other personal details fetch a high price on the black market and unfortunately, organizations do a very poor job of keeping them out of the hands of cybercriminals. Regulators in many countries are now levying considerable penalties against organizations that fail to protect people’s private data. Under the European Union’s General Data Protection Regulation (GDPR), for example, organizations face fines of up to €20m or 4% of annual turnover for exposures of European citizens’ private data. They […]
Census Topic Consultation
The Australian Bureau of Statistics (ABS) has published a shortlist of topics being considered for the 2026 Census and launched the next phase of public consultation. The publication 2026 Census topic review: Phase one directions provides outcomes from the consultation undertaken earlier this year, including the topics being considered for inclusion, change or removal from the 2026 Census. It also outlines where more information is needed to inform our recommendation to the Government on the topics in the 2026 Census. This consultation is seeking feedback on topics that are being considered for change or removal from the 2026 Census. Submissions can be made through the ABS Consultation Hub until 8 September 2023. Learn more at https://www.abs.gov.au/census/2026-census-topic-review/overview-2026-census-topic-review
Third-Party Risk and Cybersecurity: Navigating Evolving Threats and Data Governance
High-profile data breaches in the last few years have not only resulted in increased regulatory attention but have also served to highlight the evolving set of cyber threats faced by organisations. Of particular note, there have been numerous incidents where cybercriminals have managed to obtain organisational data not through a direct attack on the organisation but rather by breaching a third-party IT supplier to the organisation. The sophistication of cybercriminal attacks is increasing both in terms of the attack methodology and the strategic intent behind the selection of their targets. When the first wave of ransomware attacks was launched in the early 2000s, these were largely indiscriminate, impacting whichever personal, business, or government system that the malware could gain access to. Following this initial wave, we have observed increased fine-tuning of malware attacks over time. From a code perspective, some examples of this evolution have included built-in checks in the […]
Report of the Royal Commission into the Robodebt Scheme
The Royal Commission into the Robodebt Scheme has concluded. Commissioner Catherine Holmes AC SC presented the Report of the Royal Commission into the Robodebt Scheme to the Governor-General, His Excellency, General the Honourable David Hurley AC DSC (Retd) on 7 July 2023. It was tabled on 7 July 2023. Read the report here
Interim guidance for agencies on government use of generative AI platforms
The Digital Transformation Agency (DTA) and the Department of Industry, Science and Resources (DISR) have released interim guidance on government use of publicly available generative AI platforms. The interim guidance is recommended for government agencies to use as the basis for providing generative AI guidance to their staff. You can access the Guidance here – Interim guidance for agencies on government use of generative AI platforms | aga (digital.gov.au) DTA and DISR also recommend agencies: implement an enrolment mechanism to register and approve staff user accounts to access generative AI platforms. This should include appropriate approval processes through Chief Information Security Officers (CISO) and/or Chief Information Officers (CIO). establish an avenue for staff to report any exceptions made to adhering to the guidance through your CISO/CIO. This should be reported periodically to the DTA by emailing digitalpolicy@dta.gov.au. seek to move to commercial arrangement for generative AI solutions as soon as it is possible to […]
EU-U.S. Data Privacy Framework
This week the European Commission has adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies under the new framework. On the basis of the new adequacy decision, personal data can flow safely from the EU to US companies participating in the Framework, without having to put in place additional data protection safeguards. The EU-U.S. Data Privacy Framework introduces new binding safeguards to address all the concerns raised by the European Court of Justice, including limiting access to EU data by US intelligence services to what is necessary and proportionate, and establishing a Data Protection Review Court (DPRC), to which EU individuals will have access. The new framework introduces significant improvements compared to the mechanism that existed under the […]
Ethics in the Age of Disruptive Technologies: An Operational Roadmap
Ethics in the Age of Disruptive Technologies: An Operational Roadmap (ITEC Handbook) by José Roger Flahaux, Brian Patrick Green, and Ann Skeet, offers organisations a strategic plan to enhance ethical management practices, empowering them to navigate the complex landscape of disruptive technologies such as AI, machine learning, encryption, tracking, and others while upholding strong ethical standards. The Institute for Technology, Ethics and Culture (ITEC), housed at the Markkula Center for Applied Ethics at the Santa Clara University, is a collaboration between the Center and the Vatican’s Dicastery for Culture and Education. The Institute convenes leaders from business, civil society, academia, government, and all faith and belief traditions, to promote deeper thought on technology’s impact on humanity. Download the ITEC Handbook via the link here
Happy 5th Birthday GDPR
On the 5th anniversary of commencement of the GDPR, Věra Jourová, Vice-President for Values and Transparency, and Didier Reynders, Commissioner for Justice, issued a statement highlighting that the GDPR was a decisive step in shaping the digital transition in the EU, setting global standards for the safe regulation of data flows and creating the foundation for a human-centric approach to the use of technology. They point out that the GDPR is the foundation of the EU’s arsenal of digital laws that shape the EU data economy, such as the Data Act and Data Governance Act. Since enforcement of the GDPR commenced on 25 May 2018, over €2.5 billion in fines have been imposed by national data protection authorities for breaches of the GDPR. Read the statement here 5th anniversary of the General Data Protection Regulation (europa.eu) On the “This Week in Digital Trust” podcast, you can listen to Melanie Marks, elevenM privacy […]
Safe and Responsible AI Discussion Paper
The Government’s Safe and Responsible AI in Australia Discussion Paper was released by Science and Industry Minister, Ed Husic MP released last week. The Discussion Paper canvasses existing regulatory and governance responses in Australia and overseas, identifies potential gaps and proposes several options to strengthen the framework governing the safe and responsible use of AI. The paper builds on the recent Rapid Research Report on Generative AI delivered by the government’s National Science and Technology Council. Also released is the National Science and Technology Council’s paper Rapid Response Report: Generative AI assesses potential risks and opportunities in relation to AI, providing a scientific basis for discussions about the way forward. Access the Safe and Responsible AI in Australia Discussion Paper here Access the Rapid Research Report on Generative AI here You can have your say on the discussion paper by answering some or all of the 20 questions on the Government’s online survey and upload a separate submission if needed – access the link here Make […]
Regulating AI in the UK (part 2)
Last month we brought you the UK Government’s White Paper released on 29 March 2023, to implement a pro-innovation approach to AI regulation and the EU’s AI Act with Tom Whittaker’s flowchart to assist in navigating the proposed EU AI. Tom Whittaker of Burgess Salmon (UK) has developed a further flowchart to assist in navigating the proposed UK approach to AI regulation. It identifies the key decisions to be considered and references the relevant sections of the White Paper. As Tom points out, organisations may find they need to navigate multiple regulatory regimes and jurisdictions. How they comply with each of those regulations (and other relevant laws) may look very different. For example, you can see the different approaches being taken by looking at the one-page visual on anticipated AI regulations in the UK, EU and US, see the horizon scanning access here; and the glossary of existing and anticipated AI definitions […]
The State of AI Governance in Australia
The Human Technology Institute has just released a report into the The State of AI Governance in Australia providing a timely overview of how organisations are approaching the governance of AI in Australia today. Its findings are based on surveys, structured interviews, and workshops engaging more than 300 Australian company directors and executives, as well as expert legal analysis and extensive desk research. The report reveals that corporate leaders are largely unaware of how existing laws govern the use of AI systems in Australia. The report finds that both company directors and senior executives see huge opportunities for AI systems to improve productivity, process efficiencies, and customer service. But investment in AI systems and technical skills has not been matched by investment in AI system management and governance. Furthermore, corporate leaders report that they lack the awareness, skills, knowledge and frameworks to use AI systems effectively and responsibly. The report suggests four […]
NSW Information Commissioner releases the findings from research into the informal release pathway to celebrate Open Government Week 2023
In celebration of Open Government Week 2023, the NSW Information Commissioner published the results from research into the informal release pathway and a compliance audit into the informal release practices of NSW public sector agencies. The compliance audit made several key findings: Overwhelmingly, 83% of informal requests recorded by agencies resulted in information being released. 53% of agencies did not have a documented policy/procedure policy for dealing with informal access requests that was available to staff making decisions on informal applications 58% of agencies did not provide a written outcome to the applicant who requested information 58% of agencies do not have a fixed timeframe for responding to informal access requests. 47% of the agencies indicated that they monitor trends in informal access requests to identify what could be released proactively. Interestingly, the research also found that in general agencies are aware of and using the legislation to release information […]
A Taxonomy of Trustworthiness for Artificial Intelligence
A new report published by the UC Berkeley Center for Long-Term Cybersecurity (CLTC) aims to help organizations develop and deploy more trustworthy artificial intelligence (AI) technologies. A Taxonomy of Trustworthiness for Artificial Intelligence: Connecting Properties of Trustworthiness with Risk Management and the AI Lifecycle(opens in a new tab), by Jessica Newman, Director of CLTC’s AI Security Initiative (AISI) and Co-Director of the UC Berkeley AI Policy Hub, is a complement to the newly released AI Risk Management Framework, a resource developed by the U.S. National Institute of Standards and Technology (NIST) to improve transparency and accountability for the rapid development and implementation of AI throughout society. “This paper aims to provide a resource that is useful for AI organizations and teams developing AI technologies, systems, and applications,” Newman wrote. “It is designed to specifically assist users of the NIST AI RMF, however it could also be helpful for people using any kind […]