• Skip to main content
  • Skip to footer

InfoGovANZ

Information Governance Think Tank

  • Home
  • About Us
    • Our Goals
    • Our Leadership
    • Founder & Executive Director
      • Susan Bennett
    • International Council
      • Susan Bennett
      • Sarah Auva’a
      • Denise Backhouse
      • Barclay T Blair
      • Brynmor Bowen
      • Dr Pietro Brambilla
      • Ronke Ekwensi
      • Carol Feuerriegel
      • Aurelie Jacquet
      • Richard Kessler
      • Ilana Lutman
      • Lynne Saunder
      • Tarun Samtani
      • Dr Pieter Van Der Walt
    • Member Profiles
    • News
  • Events & Workshops
  • Supporters
    • Corporate Partners
    • Education Partners
    • Industry Alliances
  • Resources
    • AI & Ethics
    • COVID-19
    • Cyber & Info Security
    • Data & Infonomics
    • eDiscovery
    • Information Governance
    • IGANZ Industry Reports
    • Privacy
    • Records Management
    • IG Case Studies
    • The Governance of Things – Keeping Our Members Up To Date
    • This Month’s Featured Articles
    • Webinar Recordings
  • Contact
  • Join
  • Member Login
  • My Account
    • My Account
    • Webinar Recordings

Privacy

Australian Community Attitudes to Privacy Survey 2023

August 14, 2023 by InfoGovANZ

The Australian Community Attitudes to Privacy Survey 2023 released by the Office of the Australian Information Commissioner (OAIC) on 8 August, shows a significant increase in the number of Australians who feel data breaches are the biggest privacy risk they face today.  Australian Information Commissioner and Privacy Commissioner Angelene Falk said, ‘Australians see data breaches as the biggest privacy risk today, which is not surprising with almost half of those surveyed saying they were affected by a data breach in the prior year.’  Furthermore, the Commissioner stated, ‘there is a strong desire for organisations to do more to advance privacy rights, including minimising the amount of information they collect, taking extra steps to protect it and deleting it when no longer required.’ Among the key themes of the survey are: Australians care about their privacy. Nine in 10 Australians have a clear understanding of why they should protect their personal information, and […]
Member only content (join now or login)

Filed Under: Privacy

EU-U.S. Data Privacy Framework

July 17, 2023 by InfoGovANZ

This week the European Commission has adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies under the new framework. On the basis of the new adequacy decision, personal data can flow safely from the EU to US companies participating in the Framework, without having to put in place additional data protection safeguards. The EU-U.S. Data Privacy Framework introduces new binding safeguards to address all the concerns raised by the European Court of Justice, including limiting access to EU data by US intelligence services to what is necessary and proportionate, and establishing a Data Protection Review Court (DPRC), to which EU individuals will have access. The new framework introduces significant improvements compared to the mechanism that existed under the […]
Member only content (join now or login)

Filed Under: Privacy

Happy 5th Birthday GDPR

June 6, 2023 by InfoGovANZ

On the 5th anniversary of commencement of the GDPR, Věra Jourová, Vice-President for Values and Transparency, and Didier Reynders, Commissioner for Justice, issued a statement highlighting that the GDPR was a decisive step in shaping the digital transition in the EU, setting global standards for the safe regulation of data flows and creating the foundation for a human-centric approach to the use of technology.  They point out that the GDPR is the foundation of the EU’s arsenal of digital laws that shape the EU data economy, such as the Data Act and Data Governance Act.  Since enforcement of the GDPR commenced on 25 May 2018, over €2.5 billion in fines have been imposed by national data protection authorities for breaches of the GDPR. Read the statement here  5th anniversary of the General Data Protection Regulation (europa.eu) On the “This Week in Digital Trust” podcast, you can listen to Melanie Marks, elevenM privacy […]
Member only content (join now or login)

Filed Under: Privacy

Privacy and AI: IAPP Global Privacy Summit, Washington DC, 2023

April 11, 2023 by Susan Bennett

The IAPP Global Summit Privacy Summit this year was a huge event with over 5,000 attendees and a smorgasbord of keynotes and seminars on a wide range of topics – from privacy and AI compliance to the recent Generative AI developments together with predictions, the status of EU-US data transfers post Schrems II, and the latest in international data transfers.  There were also very interesting sessions on privacy and ESG, and privacy and holistic data strategy. Keynotes on AI and Privacy Developments An exceptional keynote was given by FTC Commissioner, Alvaro Bedoya on Generative AI pointing out that AI is regulated.  Commissioner Bedoya noted that section 5 of the FTC Act, unfair or deceptive practices, applies to companies making, selling, using or making representations about AI.  The Commissioner emphasised that ‘there is no AI carve out’ in tort, civil rights, product liability and common law.  You can read more here […]
Member only content (join now or login)

Filed Under: Privacy

Privacy Act Review Report

February 17, 2023 by InfoGovANZ

The long awaited report reviewing Australia’s Privacy Act 1988 has been released by the Australian Government, proposing significant changes including individual rights modelled on the GDPR, such as the right to request erasure, and notification of databreaches to Office of the Australian Information Commissioner within 72 hours. Attorney-General Dreyfus’ statement releasing the report says, ‘the Privacy Act has not kept pace with the changes in the digital world. The large-scale data breaches of 2022 were distressing for millions of Australians, with sensitive personal information being exposed to the risk of identity fraud and scams.’ In relation to security, destruction and notifiable databreaches the report states, ‘recent large-scale data breaches have highlighted the vast amount of personal information that is collected and retained by entities, and the need for entities to put in place stronger protections to prevent unauthorised access to Australians’ information. The best way to protect personal information is […]
Member only content (join now or login)

Filed Under: Privacy

OECD Declaration on Government Access to Personal Data held by Private Sector Entities

February 3, 2023 by InfoGovANZ

On 14 December 2022, the OECD members adopted the Declaration on Government Access to Personal Data held by Private Sector Entities. It is an intergovernmental agreement on common approaches to safeguard privacy and other human rights and freedoms when accessing personal data for national security and law enforcement purposes, and seeks to promote trust in cross-border data flows, a critical enabler of the global economy. The scope of the declaration consists of three main sections: Legitimate government access on the basis of common values Promoting trust in cross-border data flows Principles for government access to personal data held by private sector entities You can read the Declaration here - OECD Legal Instruments
Member only content (join now or login)

Filed Under: Privacy

OECD Declaration on a Trusted, Sustainable and Inclusive Digital Future

February 3, 2023 by InfoGovANZ

On 15 December 2022, the OECD members adopted the Declaration on a Trusted, Sustainable and Inclusive Digital Future. The Declaration calls on the OEDC through the Committee on Digital Economy Policy (CDEP) to develop policy standards and guidance for a trusted, sustainable, inclusive digital future for our countries that reflect shared values and put people at the centre. The background to the Declaration is the accelerated digital transformation, particularly since the COVID-19 pandemic, which has brought opportunity and risk, requiring policy makers to develop whole-of-government policy response and manage related risks. The list of actions is extensive and wide-ranging – you can read them here OECD Legal Instruments .
Member only content (join now or login)

Filed Under: Privacy

Changes to Australia’s Privacy Act: Overview and Preparation Checklist

December 13, 2022 by InfoGovANZ

In the wake of the recent wave of high-profile data breaches at Optus, Medibank and MyDeal, the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 was passed by Federal Parliament on 28 November 2022. The Attorney-General referred to the data breaches as having highlighted ‘the potential to cause serious financial and emotional harm to Australians’ and that the Bill sends a clear message that the government takes privacy, security and data protection seriously. Penalties have been significantly increased under the Privacy Act 1988 (Cth), and the Privacy Commissioner now has increased powers to resolve privacy breaches. The Notifiable Data Breaches Scheme has also been strengthened. Increased penalties Penalties for a serious or repeated breach of privacy have significantly increased from a maximum of $2.22 million to not more than the greater of: $50 million; three times the value of any benefit obtained through the misuse of the information; or, if the value of the […]
Member only content (join now or login)

Filed Under: Privacy

NSW introduces Mandatory Notification of Data Breaches

December 13, 2022 by InfoGovANZ

On 16 November 2022, the NSW Parliament passed amendments to the Privacy and Personal Information Protection Act 1998 (PIPA). The amendments to the PPIP Act aim to strengthen privacy legislation in NSW by:

  • creating a Mandatory Notification of Data Breaches (MNDB) Scheme which will require public sector agencies bound by the PPIP Act to notify the Privacy Commissioner and affected individuals of data breaches involving personal or health information likely to result in serious harm; and
  • applying the PPIP Act to all NSW state-owned corporations that are not regulated by the Commonwealth Privacy Act 1988 

The MNDB Scheme will require agencies to satisfy other data management requirements, including to maintain an internal data breach incident register, and have a publicly accessible data breach policy.  Read the media release and statement here from NSW Privacy Commissioner, Samantha Gavel on guidance and resources to prepare for the new Scheme to ensure the required systems, processes and capability is in place.

The amendments to the PPIP Act can be accessed on the NSW Parliament website here.

Filed Under: Privacy

Balancing Organisational Accountability and Privacy Self-management in APAC

December 12, 2022 by InfoGovANZ

The Asian Business Law Institute and Future of Privacy Forum has published a report providing a detailed comparison of the requirements for processing personal data in 14 jurisdictions in APAC including Australia, China, India, Indonesia, Hong Kong SAR, Japan, Macau SAR, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Thailand, and Vietnam.

Individual reports for these 14 jurisdictions can be accessed here: ABLI-FPF Convergence Series – Balancing Organizational Accountability and Privacy Self-management in Asia-Pacific.

Filed Under: Privacy

LawFest 22: Re-connecting & challenging your thinking

October 10, 2022 by InfoGovANZ

On 28 September, 365 legal professionals from across Aotearoa and abroad gathered in person in Auckland for the premier legal innovation and technology event on the New Zealand calendar.

LawFest is the only opportunity in New Zealand for the legal and technology community to come together to network, collaborate and learn about how to innovate and adapt to change – and to do so in-person ! After the disruption we have collectively faced over the past couple of years, there was even greater appreciation of the value of face-to-face connection!

The event was once again a must for anyone interested in driving efficiency in their organisation.

 

The key highlights

The one-day event was a great opportunity to hear from leaders and change makers in the innovation space. The programme provided something for everyone, from those new to technology, to those currently at the forefront of legal innovation.

Over 25 amazing speakers, delivered practical insights of how to innovate and leverage technology to help you deliver legal services for today and the future. From Developing an Innovative Mindset, Client Centred Innovation, NewLaw, Digital Transformation, Wellbeing, Māori Transformational Leadership, Privacy, Trust & Technology, AI, eDiscovery, Responding to Data Breaches, Attracting new Clients through to Legal Design, LawFest had something for everyone.

Frances Valintine CNZM, founder at Tech Futures Lab was the opening keynote as she inspired and challenged thinking with her expertise in creating a mindset that is adaptable and embraces change. Frances delivered practical tips to help you with your innovation initiatives and prepare you for now and the future. She reinforced the importance to be inspired and empowered to take risks, step off the conveyor belt, think originally, and lead with possibility – to create greater value for your clients.

The day was wrapped up by a fantastic final keynote by Mark A. Cohen – one of the world’s leading legal industry thought leaders. Mark examined the key elements of New Law and how legal professionals can prepare for it and be ready to embrace it, whilst challenging the thinking of all in attendance.

PwC NewLaw Directors, Marlo Osborne-Smith and Eric Chin provided powerful frameworks, strategies and solutions to help shape and accelerate the digital transformation journey of legal teams.

 

InfoGovANZ founder & Executive Director Susan Bennett, moderated a session on Privacy, Trust & Technology: Innovation with Accountability, joined by Sarah Auva’a, Lead Digital Trust Partner, Spark and Emma Maconick, Head of Data and Technology, EY Law. This wide-ranging discussion answered critical questions including what is privacy-by-design and security-by-design, why trust and ethics matter, how good governance can help mitigate risk and how to make the business case for investment in privacy and governance projects – as well as the highly topical Optus data breach.

One of the fantastic additions this year was the highly popular breakout streams for those from law firms, in-house and exciting Tech Talks. Sara Rayment of Inkling Legal, led fantastic legal design sessions to both the law firm and in-house streams, providing ideas they could take back and implement.

Bringing everything together superbly was the MC, Helen Mackay of Juno Legal.

 

LawFest is the only event in New Zealand providing the opportunity to meet and see leading legal technology in the large exhibition hall, together with live legal tech demonstrations. This year LawFest featured the largest Expo of tech providers ever assembled at a New Zealand legal event. From start-ups, through to global household names – if you provide legal tech in New Zealand (or simply want to start) you were at LawFest.

The great content was complimented by fantastic networking opportunities, as the legal community were able to re-connect and network in-person – something we have all missed the value of over the past few years.

With LawFest 22 behind us, the focus now shifts to LawFest 23 on 1 June, where we will look to explore further how to adapt and thrive in an ever-changing legal market.

 

Author:

Andrew King, Founder and Strategic Advisor – E-Discovery Consulting

Filed Under: Privacy

OAIC guidance on retention and deletion of PI

July 31, 2022 by InfoGovANZ

In July, OAIC published guidance on the retention and deletion of personal information (PI) collected during the COVID-19 pandemic. Organisations should take stock of the personal information they hold and assess whether it is necessary to continue to collect and retain PI.

Australian Privacy Principles 11.1 and 11.2 require that reasonable steps be taken to protect personal information and personal information be destroyed or de-identified once it is no longer needed.

If information is stored electronically, such as in cloud-based storage, servers, USBs or with a third-party provider, you should ensure that the digital records are permanently destroyed, including in any back-up system or offsite storage.

It is also important to consider whether employees require any training to ensure that personal information is securely destroyed.

In November, OAIC published the COVIDSafe privacy report in accordance with s 94ZB of the Privacy Act, which examined compliance and risk throughout the ‘information lifecycle’ of COVID app data collected during the pandemic. Read the COVIDSafe Report May–November 2022 here.

Filed Under: Privacy

IAPP Global Summit 2022 Report

April 30, 2022 by InfoGovANZ

Celebrating the joy of reconnecting was the theme of the opening address by Trevor Hughes, President and CEO of IAPP.  This year’s Global Privacy Summit had over 4,000 attendees and took place over four jam-packed days in Washington DC. The Opening General Session got off to a flying start with three very different and thought-provoking key notes. Bestselling author Malcolm Gladwell highlighted the lessons to be learned from his recent book “The Bomber Mafia”. Warning against asking the wrong questions and solving the wrong problems, he noted that technology takes time to evolve and that “visionaries need help” with practical application.  Gladwell urged the audience to be humble about what technology can do and patient before deploying well-intended technological innovations with uncharted moral consequences. Professor Amy Gajda, author of “Seek and Hide”, discussed the pivotal 1928 Supreme Court case of Olmstead v. United States, in which Justice Louis Brandeis dissented […]
Member only content (join now or login)

Filed Under: Privacy

OAIC’s updated guidance on vaccination status and protecting privacy

November 9, 2021 by InfoGovANZ

OAIC has updated its guidance on COVID-19: Vaccinations and privacy rights as an employee and Vaccinations: Understanding your privacy obligations to your staff. Key points include: Vaccination status information can only be collected without consent in circumstances where the collection is required or authorised by law (including a state or territory public health order or direction). Only the minimum amount of personal information reasonably necessary to maintain a safe workplace should be collected, used or disclosed. Vaccination status information should only be used or disclosed on a ‘need-to-know’ basis. You must inform employees about how their vaccination status information will be handled. Ensure you take reasonable steps to keep employee vaccination status and related health information secure.
Member only content (join now or login)

Filed Under: Privacy

New Zealand’s Privacy Commissioner releases a paper on biometric regulation

November 9, 2021 by InfoGovANZ

New Zealand’s Office of the Privacy Commissioner (OPC) has released a position paper setting out how the Privacy Act regulates biometrics.  The increasing role of biometric technologies in the lives of New Zealanders has led to calls for greater regulation of biometrics. In a statement releasing the paper, the OPC said, ‘[it] believes that the privacy principles and the regulatory tools in the Privacy Act are currently sufficient to regulate the use of biometrics from a privacy perspective.’  The paper is intended to inform decision-making about biometrics by all agencies covered by the Privacy Act, in both the public and private sectors. This position paper will be reviewed six months after publication, in consultation with key stakeholders, to assess its impact and whether any further steps are required. Read the OPC’s summary of key issues or the full position paper.
Member only content (join now or login)

Filed Under: Privacy

Digital Identity Legislation

October 4, 2021 by InfoGovANZ

The Australian Government has released an exposure draft of the Digital Identity legislation (the Trusted Digital Identity Bill) to support the expansion of the Australian Government Digital Identity System (the System). The proposed legislation aims to enshrine in law, privacy and consumer safeguards in the System as it expands to include more services and sectors. The legislation also establishes permanent governance arrangements to be guided by principles of independence, transparency and accountability. Feedback is being sought on the draft legislation and the accompanying documents to make sure the System meets the expectations of Australians and Australian businesses. Available on the Digital Identity website: Guide to the Digital Identity legislation Trusted Digital Identity Bill 2021 exposure draft Trusted Digital Identity Framework (TDIF) accreditation rules Trusted Digital Identity rules Regulation Impact Statement (RIS)
Member only content (join now or login)

Filed Under: Privacy

OVIC Guidance on Collaboration Tools

September 4, 2021 by InfoGovANZ

The rise of flexible working arrangements means that collaboration tools, such as videoconferencing and instant messaging tools, as well as cloud-based document creation and sharing services, are increasingly essential to facilitate collaboration. The Office of the Victorian Information Commissioner has provided guidance to assist organisations to consider their privacy obligations when implementing and using collaboration tools, plus information security and record-keeping considerations. Read the Guidance here.
Member only content (join now or login)

Filed Under: Privacy, Records Management

National COVID-19 Privacy Principles

September 4, 2021 by InfoGovANZ

The Office of the Australian Information Commissioner and State and Territory privacy commissioners have produced universal privacy principles to support a nationally consistent approach to solutions and initiatives designed to address the ongoing risks related to the COVID-19 pandemic. These high-level principles provide a framework to guide a best practice approach to the handling of personal information during the pandemic by government and business. Read the Principles here.
Member only content (join now or login)

Filed Under: COVID-19, Privacy

Protection of Personal Information in Universities

August 12, 2021 by InfoGovANZ

The protection of information by universities has come under focus in recent years as a number of Australian universities have been subject to cybersecurity attacks. These attacks highlight the risks of data breaches and the potential impact on students, staff, and research participants. This led to the Office of the Victorian Information Commissioner (OVIC) examining the policies and procedures that Victorian universities have implemented to protect the personal information that they hold from loss and misuse. The Victorian Information Commissioner released its report on  the Examination of Victorian universities’ privacy and security policies report on 29 June 2021 (report).   The findings included that not all universities have clear policies and procedures to guide staff to destroy personal information when it is no longer needed, and some do not have written guidance about sharing personal information with third parties to support staff to consider information security risks. The Victorian Information Commissioner, […]
Member only content (join now or login)

Filed Under: Privacy

Protection of personal data in universities Examination Report

July 7, 2021 by InfoGovANZ

Victoria’s Information Commissioner recently released a report following an examination of the privacy policies and procedures in eight Victorian universities. The report found that many universities don’t have clear policies to guide staff to destroy personal information when it is no longer needed. While Universities are prioritising ICT and cybersecurity risks, in general, they have less of a focus on managing risks to personal information related to physical and personnel security. The report includes recommendations for universities to strengthen the protection of personal information by developing policies and procedures to identify and document the personal information they hold, where it is held, and for sharing information with third parties and contracted service providers. InfoGovANZ is hosting a session with Sven Bluemmel – Victorian Information Commissioner to highlight the key findings of the report and discuss the recommendations, book your ticket here. Read more about the report here.
Member only content (join now or login)

Filed Under: Privacy

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »

Footer

Information Governance ANZ Pty Ltd

Level 26, 1 Bligh St, Sydney 2000
Ph: +61 2 8226 8546
E: infogovanz@infogovanz.com

ACN: 611 611 360

Stay Informed

Linkedin Information Governance ANZ Twitter Information Governance ANZ

Become a Member

Get Event Notifications
  • Event Recordings
  • Become a Member
  • Cart
  • Checkout

Copyright © 2023 Information Governance ANZ Pty Ltd · Privacy Policy · Terms of Use