Victoria’s Information Commissioner recently released a report following an examination of the privacy policies and procedures in eight Victorian universities. The report found that many universities don’t have clear policies to guide staff to destroy personal information when it is no longer needed. While Universities are prioritising ICT and cybersecurity risks, in general, they have less of a focus on managing risks to personal information related to physical and personnel security. The report includes recommendations for universities to strengthen the protection of personal information by developing policies and procedures to identify and document the personal information they hold, where it is held, and for sharing information with third parties and contracted service providers. InfoGovANZ is hosting a session with Sven Bluemmel – Victorian Information Commissioner to highlight the key findings of the report and discuss the recommendations, book your ticket here. Read more about the report here.
With the COVID-19 vaccine national rollout underway, the Office of the Australian Information Commissioner has released a new COVID-19 Vaccinations privacy guidance for employers to understand their obligations when collecting, using, storing and disclosing employee health information related to the vaccine. It complements the COVID-19 Guidance for employers which provides more general information about the privacy obligations of Australian Government agencies and organisations covered by the Privacy Act 1988.
The Office of the Privacy Commissioner has created two new interactive online tools to help organisations and businesses understand what they need to do if they are sending New Zealanders’ personal information overseas to comply with the new principle 12. The Principle 12 Decision Tree – is designed to help organisations, especially SMEs, easily work out if principle 12 applies to information they are disclosing overseas and whether they have to comply with it. You can try the Principle 12 Decision Tree here. If principle 12 does apply to the disclosure of information, the best and most practical way to comply with it might be to have an agreement with your foreign person or entity that provides for comparable safeguards to New Zealand’s Privacy Act. Businesses and organisations now use the Model Contract Clause Builder to generate an agreement. You can try the Model Contract Clauses Agreement Builder here.
With a range of new regulations, tools and projects underway, Information Governance ANZ were pleased to host a virtual forum with updates on the latest data privacy developments across the Asia Pacific region. This interactive session was facilitated by Susan Bennett, Founder of InfoGovANZ and our special guests included: NZ Privacy Commissioner – John Edwards Senior Research Fellow, Asian Business Law Institute – Dr Clarisse Girot Director, Simply Privacy – Daimhin Warner Commissioner John Edwards on the new NZ Privacy Act New Zealand’s Privacy Act 2020 comes into force on 1 December 2020 and introduces new limitations on cross-border transfers. Commissioner Edwards spoke about the new legislation and provided a brief history of the Act since 1993. It applies across the economy (both public and private sector organisations), is based on the 1980 OECD data protection principles and is technology-neutral. He noted the Act has remained largely unamended during the […]
The Office of the Australian Information Commissioner (OAIC) has released its Notifiable Data Breaches (NDB) Report for January to June 2020. Malicious or criminal attacks remain the leading cause of data breaches involving personal information in Australia. Commissioner Angelene Falk said, 'this trend has significant implications for how organisations respond to suspected data breaches — particularly when systems may be inaccessible due to these attacks. It highlights the need for organisations to have a clear understanding of how and where personal information is stored on their network, and to consider additional measures such as network segmentation, robust access controls and encryption.' In other findings: Health service providers continued to be the top reporting sector (115 notifications), followed by the finance and education sectors, and the insurance industry making the top 5 sectors for the first time. The number of notifications resulting from social engineering or impersonation has increased by 47%. Actions taken by […]
Posted with permission from Active Navigation, originally published on June 1. Ten years ago, there was no such thing as too much data. Notions about data being the “new oil” prompted organizations to horde every byte they could, hoping that they might be able to harness it down the road. Combined with the notion that “storage is cheap,” this belief has led many companies to exponentially increased their risk rather than their opportunity. New data privacy regulations in Europe and the United States impose a significant burden of care on organizations regarding their data collection processes. In fact, data minimization is a fundamental principle within the European Union’s General Data Protection Regulation (GDPR). Whether governed by the GDPR or state privacy regulations like the California Consumer Privacy Act (CCPA), businesses must now limit the personal data they collect and dispose of it once it is no longer needed for a […]
Looking for a new podcast about data privacy? Active Navigation has exactly what you need – the P3: Project Privacy Podcast aims to help you understand the evolving data privacy landscape. Episodes include: The ROI of Proper Data Management; Records Management in Highly Regulated Industries; High Stakes Records Management; The NIST Privacy Framework; Open Data During Times of Crisis. You can listen to the podcast anytime on the Active Navigation website.
The Office of the Victorian Information Commissioner (OVIC) issues security guides to support the Victorian Protective Data Security Standards (VPDSS). This document provides organisations with guidance on security risk management fundamentals to enable them to undertake a Security Risk Profile Assessment (SRPA) as required under s89 of the Privacy and Data Protection Act 2014(PDP Act) and is designed to support practitioners and information security leads.
OAIC launched a new Privacy Impact Assessment Tool (DOCX), which helps you conduct a PIA, report its findings and respond to recommendations. Accompanying the Guide to undertaking privacy impact assessments, entities are encouraged to take a flexible approach and adapt this tool to suit the size, complexity and risk level of their project.
In June, ABLI published an important comparative study on the laws and regulations relating to personal data transfers in Asia. We are heartened to see this comparative study widely disseminated and used in all national and supra-national forums where data transfer issues are discussed. The write-up of that study was supported by a comparative table of the various provisions relating to these transfers in 14 APAC jurisdictions, which we have made freely available for the benefit of all. We are pleased to announce that this table was updated on 20 November to take into account multiple recent developments that took place in the legal systems of several of those jurisdictions, including the release for comments of the draft Personal Data Protection Law of China, the entry into force of the new Privacy Act of New Zealand, the amendments made to the Personal Information Protection Act and the Network Act of […]
COVID-19 has brought to the forefront the importance of real-time accurate data for scientists to analyze and model and for government leaders to make decisions on. InfoGovANZ has complied a series of COVID-19 curated articles and resources, updated monthly. June 2020 OVIC has released new guidance on how the exemptions in the Freedom of Information Act should be applied. OVIC has updated the FOI and COVID19 FAQs for agencies – read them here – to include questions about the new COVID-19 regulations including: what to do if your agency is completely shut down; and how to verify an applicant’s identity. Australian Information and Privacy Commissioner (OAIC) has updated it’s FOI FAQ with the latest COVID-19 relevant questions including how to make an FOI complaint during the COVID-19 outbreak. May 2020 Australian and New Zealand Information Access Commissioners join with their international counterparts in their clear call for documentation, preservation and […]
While Australia and New Zealand were able to flatten the COVID-19 curve, the approaches of each country have somewhat differed, both in relation to the level of restrictions imposed on citizens, as well as the type of contact tracing technology deployed. Australia and New Zealand stand alongside Germany, South Korea and Singapore as examples of countries that followed the advice of their scientists and moved into lockdown in a timely way to limit the spread of the COVID-19 virus. Australia, similar to other countries, experienced a doubling of COVID-19 positive people every two days as it went into lockdown. The containment of the coronavirus in Australia and New Zealand is a result of a multipronged strategy that includes prompt lockdowns restricting movement and requiring social distancing; quarantining of international travellers for 14 days; and a high rate of testing and contact tracing. The governments of both countries have developed their […]
There have been a variety of perspectives on the COVIDSafe app released on 26 April 2020 and the CovidSafe Act enacted on 14 May 2020. Professor Peter Leonard from UNSW Business School in ‘Novel coronavirus spawns novel law-making in Australia‘, looks at the consultative process that resulted in data governance and data accountability in the CovidSafe Act to ensure that the data collected would be safe from other arms of government for other purposes. Visting Professor Roger Clarke at UNSW Law has looked at early user-experiences of the app and questioned the ability of the app to achieve its aim – read his two articles here and here. In ‘The COVIDsafe APP: A Case Study in Professional Responsibility‘, Professor Clark sets out the role and onus of IT professionals to be realistic about the app’s limitations. Professor Greenleaf and Dr Kemp from UNSW Law, in ‘Austalia’s COVIDSafe Experiment, Phase III: […]
New Zealand’s Ministry of Health launched the NZ COVID Tracer app on 20 May 2020, in a move welcomed in a statement by the NZ Privacy Commissioner. You can read the privacy impact assessment here. Living in a world with COVID-19 means greater requirements to register your presence wherever you go. But what does that mean for your privacy? NZ Privacy Commissioner John Edwards speaks about good policy when it comes to protecting people’s privacy in any technical solution to contact tracing in this interview.
InfoGovANZ was a proud supporter of Privacy Awareness Week again this year. The theme was a timely and important reminder for all to Reboot your Privacy. There were a variety of events and activities across Australia as well as some important publications: The Australian and New Zealand Privacy Commissioners & IDCare’s Managing Director discussed the importance of in Privacy in a Pandemic in a webinar which you can download and watch here. Read the Reboot your Privacy Guide and protect your personal information online. Keep up to date with the latest COVID-19 (coronavirus) scams. What to do if you receive a data breach notification, and how to reduce your risk of harm.
IAM2020 was launched by Director-General of the National Archives of Australia, David Fricker with an engaging panel discussion with Information Commission NSW – Elizabeth Tydd, digital media expert on the role of information and impact of misinformation Dr Timothy Graham, and Kathryn Dan, Blue Shield Australia. The critical roles of data, access to information and the challenges of misinformation were highlighted in the current COVID-19 pandemic as well as the recent Australian bushfires. You can access the recording of the session here: IAM2020 Launch High Res Recording | IAM2020 Launch Low Res Recording
To celebrate Information Awareness Month (IAM2020) and Privacy Awareness Week (PAW2020), we kicked off with an online panel discussion on the myriad of Information Governance issues arising from the COVID-19 pandemic. Our panellists included – Melanie Marks, Christopher Colwell, Sonya Sherman, Dr Peter Chapman, Matthew Golab and the discussion was facilitated by Susan Bennett. The importance of connectivity and of access to trusted information, the role of fit for purposes systems to capture records during a crisis and accountability for decisions made during the pandemic period were all highlighted. Discussion around the COVIDSafeApp emphasised that privacy by design and governance of data are key for user trust. A key focus of the discussion were increased information security and cybersecurity risks with the move to working from home. These include the risks of data leakage, data breach, shadow IT and cyber-crimes. In summary, the discussion emphasised that the myriad of information, records, […]
As we shift even more of our day-to-day activity online during the COVID-19 pandemic, Privacy Awareness Week is an important reminder to Reboot your privacy. Check and update your privacy controls Consider the alternative when giving or asking for personal information Delete any data from old devices and securely destroy or deidentify personal information if it’s no longer needed for a legal purpose. Explore the PAW website to find out more on how to join in the conversation to promote privacy awareness, and sign up as a supporter.
COVID-19 has brought to the forefront the importance of real-time accurate data for scientists to analyse and model and for government leaders to make decisions on. A number of articles have highlighted the importance of data and privacy, including Australia Considers How to Approach Pandemic Contacts Tracing by Jeremy Kirk, Executive Editor for Security and Technology, Information Security Media Group.
Stay at home requirements during COVID-19 have led to a dramatic increase in video conferencing for both work and maintaining social connections with family and friends. The adoption of video conferencing tools over the last weeks has been impressive but it calls into question whether are most users aware of the data and privacy implications of using these tools. NYOB, an EU based not-for-profit with the mission of making privacy a reality, has carried out a review of the privacy policies of six video conferencing tools: Zoom, Webex Meetings (Cisco), Meeting (LogMeIn), Skype and Teams (both Microsoft) and Wire. Report on privacy policies of video conferencing services – 2020- NYOB