InfoGovANZ

Information Governance Think Tank

Privacy

COVID19 – EU, US & International Resources

by

Below is a collection of useful privacy and data protection resources from the EU, US and globally. Data Protection Authorities guidance on COVID-19 published by Data Protection Authorities (DPAs) collated by International Association of Privacy Professionals. These provide information and frequently asked questions on data processing and COVID-19 across a range of countries. Resources page on crucial privacy and data protection law issues arising from COVID-19 covering the EU & globally by Law, Science, Technology & Society of the Vrije Universiteit Brussel. The Initiative is of direct interest for LSTS researchers, most notably in the context of the Brussels Privacy Hub (BPH) work on data protection in humanitarian action as well as the work of ALTEP-DP project. US Privacy and Data Protection Resources related to COVID-19, together with other international resources has been compiled by the Future of Privacy Forum.
Member only content (join now or login)

COVID19 – Global Open Data Initiatives

by

The Open Government Partnership (OGP) has created a webpage collating government approaches responding to COVID-19. The open government community is focused on applying the principles of transparency, accountability and participation to the COVID-19 response.   The webpage contains a crowd sourced list from a wide range of countries with a variety of initiatives, including: the release of theoretical models and data underpinning governments’ strategies; digital platforms and apps to keep citizens informed; and efforts tackling misinformation and disinformation online. The Open Government Partnership (OGP) is a multilateral initiative that aims to secure concrete commitments from national and local governments to promote open government, empower citizens, fight corruption, and harness new technologies to strengthen governance. Formed in 2011, its members now include governments from across 78 countries and thousands of civil society groups, representing more than 2 billion people worldwide. Open government strives to provide transparency and accountability to the public, […]
Member only content (join now or login)

Active Navigation – Equifax Case Study

by

Active Navigation - Equifax

Following the highly publicised Equifax data breach in 2017, Active Navigation’s software was deployed into a complex tech stack and worked to identify, classify and protect sensitive data assets.

While IG, Legal, Risk and eDiscovery practitioners understand the need to minimise data in accordance with justifiable disposition of data and records, privacy regulations are now also drivers for organisations to review the personal information they are collecting.  GDPR’s principle of data minimisation is making organisations rethink what constitutes acceptable data use.  Australian Privacy Principle 11.3  requires an APP entity to take reasonable steps to destroy or de-identify personal information that is no longer needed for any purpose for which the personal information may be use or disclosed under the APPs.

You can read more about how Equifax is using Active Navigation’s software, Discovery Center, to identify and delete unnecessary records, which proactively reduces overall data surface footprint and facilitates data privacy compliance.

Read the case study here.

Keynotes of Privacy Commissioners at IAPP ANZ Summit – Sydney 2019

by

  The challenge of regulating nationally in a global data sharing environment was a common theme in the keynote speeches delivered by Australia’s and New Zealand’s Privacy Commissioners at the 2019 IAPP ANZ Summit. Compliance is not enough ·       Australian Information Commissioner and Privacy Commissioner — Angelene Falk, spoke of the trends and changes impacting the local landscape, noting that there is now a need to ensure the Privacy Act remains ‘fit for purpose’ into the next decade. She also pointed to the continuing ‘convergence of privacy principles and standards’ internationally, influenced by the GDPR and the need for a coordinated international response. Falk welcomed the Australian Government’s announcement of stronger regulation, which will introduce higher penalties, new infringement and notice powers, as well as special requirements in relation to social media and online platforms and the children’s privacy respectively. Click here for Privacy Commissioner Falk’s speech covering the OAIC’s […]
Member only content (join now or login)

Big Data, Privacy and Information Governance: Incorporating an Ethical Based Assessment

by

  As the law lags behind in rapid technology innovations, particularly in big data, artificial intelligence (AI), machine-learning and the Internet of Things (IoT), there is increasing awareness and discussion about the need for an ethical based approach to data analytics. This article considers why an ethical based approach can build trust and transparency with consumers and citizens, and why it should be part of good information governance, as a means of maximising the value of information derived from data analytics while minimising risks. Big data Big data describes the large volumes of data held by corporations and governments. Using  analytics technology tools, insights and knowledge can be derived from the data. These insights can then be used to make informed decisions, for example, in the development of new or improved products or services providing a competitive advantage and ultimately delivering results to the bottom line. In other words, there […]
Member only content (join now or login)

Australia’s Notifiable Data Breaches Scheme

by

  Australia’s Notifiable Data Breaches (NDB) scheme came into effect from 22 February 2018.  This article explains what a Notifiable Data Breach is and when to notify the Australian Information Commissioner and individuals whose personal information has been subject to a data breach likely to result in serious harm.  Importantly, organisations need to be prepared and ensure that data breach response plans are up to date with an appropriate assessment process for suspected eligible data breaches to comply with the NDB scheme. Notifiable Data Breaches Scheme – came into effect 22 February 2018 The Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB Act) established the Notifiable Data Breaches scheme in Australia.  It requires organisations to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm and the Australian Information Commissioner.  The NDB scheme comes into effect from 22 February 2018. The NDB Act and […]
Member only content (join now or login)

GDPR: Change to European privacy laws and its impact on Australian businesses

by

  The European’s Union General Data Protection Regulation (GDPR) imposes significant change to privacy laws in Europe and will apply and be enforced from 25 May 2018.   Organisations that fail to comply with the GDPR face heavy fines up to €20 million or up to 4% of global annual turnover, whichever is higher.  The GPDR will have a global impact because it applies to businesses operating in the EU as well as businesses outside the EU that offer goods or services or monitor the behaviour of individuals in the EU.  Businesses that are subject to the GDPR should assess their current information and privacy processes and governance structures, and take the necessary steps to ensure GDPR compliance. Background to GDPR After four years of debate, the GDPR was approved by EU Parliament on 14 April 2016 and comes into force on 25 May 2018.   The GDPR replaces the Data Protection […]
Member only content (join now or login)

Big Data Privacy May 2017

by

Big Data & Privacy: does your organisation need an ethical based approach? As the law lags behind in rapid technology innovations, particularly in big data, AI, machine-learning and the Internet of Things (IoT), there is a growing discussion about the merits of an ethical based approach to data analytics. This article considers why an ethical based approach can build trust and transparency with consumers, and why it should be part of good Information Governance, as a means of maximising the value of information derived from data analytics while minimising risks. Big data Big data describes the large volumes of data held by corporations and governments. Usinganalytics technology tools, insights and knowledge can be derived from the data. These insights can then be used to make informed decisions, for example, in the development of new or improved products or services providing a competitive advantage and ultimately delivering results to the bottom […]
Member only content (join now or login)