NSW MNDB Scheme starts 28 November
The Mandatory Notification of Data Breach (MNDB) Scheme will come into effect on 28 November 2023. It requires public sector agencies bound by the PPIP Act to notify the Privacy Commissioner and affected individuals of data breaches involving personal or health information likely to result in serious harm. It also applies to […]
Read More
AI Safety and the Bletchley Declaration
Australia was one of the 28 signatories to the Bletchley Declaration, which emerged from the global AI Safety Summit, where heads of state, senior ministers, AI leaders and other experts from across the globe congregated to set an international framework for developing safe AI. The Declaration provides that the agenda for […]
Read More
US President issues Executive Order on AI
Two days before the Bletchley Declaration, U.S President, Jo Biden, issued his first Executive Order on the Safe, Secure and Trustworthy Development and Use of AI stating that his Administration ‘places the highest urgency on governing the development and use of AI safely and responsibly, and is therefore advancing a coordinated, […]
Read More
Computational Power and AI
Given the push to build AI at ever increasing scale and the risks, this timely report from the AI Now Institute looks at the material costs and why concentration in compute is driving a race to the bottom. As the report explains, computational power, is a core dependency in building large-scale […]
Read More
Singapore IMDA launches Generative AI Evaluation Sandbox
In the day between the U.S President’s Executive Order on AI and the Bletchley Declaration being signed, Singapore’s IMDA and AI Verify Foundation launched the “Generative AI Evaluation Sandbox”, a new initiative to build knowledge and develop new benchmarks and tests for generative AI (GAI) systems. This is part of the effort […]
Read More
The risks for professionals relying on Generative AI
Two recent examples where reliance was placed on Generative AI generated content have highlighted the risks and the consequences when independent checking and verification are not undertaken. One involved two lawyers in the US where closing submissions referred to Chat GPT generated cases that did not exist, and the other […]
Read More
Compliance and Enforcement Policy for the Consumer Data Right
The Office of the Australian Information Commissioner and the Australian Competition and Consumer Commission have updated their joint Compliance and Enforcement Policy for the Consumer Data Right (CDR). The policy outlines the priorities, how the agencies encourage compliance and their approach to enforcement of matters. The Policy sets out that where OAIC […]
Read More
Dark Data – the risks, costs and ESG
Dark data poses potentially significant risks and costs for organisations. Additionally, with an increasing focus on ESG reporting, organisations should be considering how they can measure and report on each element of ESG with respect to data being collected, generated, used and stored. This article by Susan Bennett considers the […]
Read More
Information Lifecycle Management: what is it and how it reduces risk?
Most organisations are collecting and generating exponentially increasing volumes of data each year. However, many organisations struggle to safely and efficiently dispose of data that is no longer needed for regulatory retention requirements or for legitimate purposes, as required, for example, under the Australian Privacy Principles (APPs), the General Data […]
Read More
IG Industry Report 2023 Released
InfoGovANZ is delighted to release the IG Industry Report 2023, which tracks the key developments and trends in IG. This year’s key findings include: The key drivers and priorities for information governance activities within organisations were: External regulatory, compliance or legal obligations Good business management practices Internal technology restructuring or […]
Read More
Legalweek 2023 – the perspective from down under
The key takeaway from Legalweek 2023 is that the AI revolution has begun. Its impact will be profound and, as we have seen with the further generative AI developments announced during Legalweek, it will be delivered with great speed. Highlights The highlight was the closing keynote with Dan Schulman, CEO of PayPal. When you hear a CEO on the one hand emphasising the benefits of technology that can be a ‘real force multiplier’ for good, but on the other hand calling for regulation of AI, it is clear we need urgent action for legislated guardrails to ensure there is ethical use of AII, so that it doesn’t result in #discrimination and misuse of personal information. In a conference dominated by ChatGPT and generative AI, the juxtaposition of the opening and closing keynotes with many of the sessions could not have been more stark. LeVar Burton (Roots, Star Trek, Reading Rainbow) spoke about the power of storytelling and emphasised the ‘importance of the human element.’ In the closing keynote interview with […]
Read More
Information Lifecycle Management: what is it and how it reduces risk?
Most organisations are collecting and generating exponentially increasing volumes of data each year. However, many organisations struggle to safely and efficiently dispose of data that is no longer needed for regulatory retention requirements or for legitimate purposes, as required, for example, under the Australian Privacy Principles (APPs), the General Data […]
Read More
2022 Information Awareness Month One Day Seminar
This year’s Information Awareness Month One Day Seminar took place at the iconic Institute Building (1861), the first public cultural building in South Australia and was also livestreamed. The theme was “Building Trust in Information” and discussions revolved around facets that we need to trust in order to have trust in information. These included trust in people, process, technology and government. The seminar opened with remarks from Geoff Strempel, Director, State Library of South Australia. As a society we are “drowning in data” and in a knowledge economy IM practitioners are the trustees of information. A huge challenge is the massive data sets that need computers and machine learning to extract patterns and interpretations, but human intellect is still required to assess the outcomes and ultimately arrive at wisdom. ML and AI also raise ethical and privacy dilemmas as technology enable computers to essentially have free reign across the data. […]
Read More
New Frontiers and Information Technology Governance
Professor Michael Adams, Head of UNE Law School, InfoGovANZ Advisory Board Introduction The last two years have been a period of disruption due to COVID-19 pandemic and the need for all businesses and organisations to “pivot”. In the information governance space this has been a major positive and a serious […]
Read More
InfoGovANZ releases the Information Governance Primer
Susan Bennett, Executive Director of Australian based think tank, Information Governance ANZ (InfoGovANZ), is delighted to launch the Information Governance Primer, which provides a wide-ranging overview on the fundamentals of good information governance. In today’s digital environment, the growing number and complexity of challenges associated with data and information have […]
Read More
IAM 2021 Events Summary Report
Information Awareness Month (IAM) is the opportunity for industry bodies and industry practitioners to work together to celebrate the amazing profession of managing information. The collaboration of industry groups continues to evolve by strengthening relationships which in turn, provides added exposure to all things information for all members. Industry bodies worked together to determine the trending issues impacting Information Management (IM) in 2021 and agreed that the National Archives of Australia (NAA) new policy “Building Trust in the Public Record” provided guidance on the theme for this year’s IAM. The IAM 2021 Events Summary report provides collaborative group members a summation of the discussions that occurred at each of the round tables with ideas to follow up in the ensuing years.
Read More
InfoGov IAM2021 Roundtable Report
The Information Governance (IG) Roundtable had an engaged discussion covering a wide range of current issues and drivers for information governance. The discussion covered: Drivers of Information Governance in 2021, the compelling reasons for organisations to implement Information Governance, what are the current challenges and actions for protecting information and more. Participants included Roxanne Missingham, Kathryn Dan, Alex Caughey Hutt, Dr Chris Colwell, Dani Wickman, Fiona Beatty, Judy Anderson, David Brous, Genevieve Dwyer, Brandon Voight, David Church, Amanda Dolman and Simon Costello. The roundtable was hosted by InfoGovANZ, facilitated by Susan Bennett and sponsored by ActiveNav. IG Drivers in 2021 Our discussion considered key trends in IG, noting that the InfoGovANZ IG Industry Report 2021 identified the three main drivers for IG as: External regulatory compliance and legal obligations; Good business management practices; and Internal technology restructuring or transitions. The role of regulatory compliance as a mechanism to elevate […]
Read More
Pioneer of IG – Dame Fiona Caldicott
Dame Fiona Caldicott, the first UK National Data Guardian for Health and Social Care passed away this year. Dame Fiona was the UK pioneer of Information Governance, with the publication of the Caldicott Report in 1997 setting the benchmark for the collection and use of personal information and the need for robust information governance to protect personal information. The Caldicott report established what became known as the Caldicott principles of information governance. The original six principles included: justify the purpose for using confidential information; use confidential information only when it is necessary; use the minimum necessary confidential information; access should be on a strict need-to-know basis; making sure anyone accessing confidential information is aware of their responsibilities; and comply with the law. In 2013, the Information Governance Review Report, chaired by Dame Fiona added a seventh principle and following a further review in 2016 an eighth principle was added. These made it clear […]
Read More
Building trust in the public record – Public Release schedule
The National Archives of Australia‘s new whole-of-government information management policy, Building Trust in the Public Record: managing information and data for government and community is now in force – https://bit.ly/3nfgGlV The new policy supports a holistic approach to information and asset management using information governance. The aim of the policy is to continue to improve information management capability within the Australian Government (Cth) to meet current and future needs for trusted, authentic and reliable records, information and data for government and community. Accompanying the policy release are new, updated and existing National Archives guides and supporting advice to help government agencies implement the policy and meet each of the 17 policy actions. Learn more about what is required here including reviewing and updating your information governance framework to incorporate enterprise-wide information management including governance of records, information and #data: https://bit.ly/3ndX5CC
Read More
Building Trust in the Public Record Highlights
Information Governance ANZ was pleased to host an interactive forum with David Fricker, Director-General of the National Archives of Australia regarding the new policy Building Trust in the Public Record: managing information and data for government and community. This interactive session covered: · Key information management requirements for Australian Government agencies · Actions that agencies can take to build information management capability and address areas of low performance · Current and future needs for authentic and reliable information and dat a by government and community The importance of trust David outlined the role of the National Archives and its responsibilities under the Archives Act 1983. NAA identifies archival resources, preserves them and provides the government and community with access to those resources. The Archives also develops standards to help Commonwealth agencies manage data and information – ensuring the integrity and accessibility of these resources for as long as they are needed. The public […]
Read More
Universities information governance in a time of COVID-19
Without a shadow of a doubt, 2020, will be remember for the impact of COVID-19, lockdowns, deaths and hospitals stretched to the limits. For Australia, the pandemic also followed the worst drought in a century and the worst bushfires in recorded history. This has had a profound impact on one of Australia’s largest exports, valued at over trillion dollars, education. Universities across Australia have been impacted in so many ways, which have pushed their systems to their limits. It has highlighted the importance of data and technology and the crucial importance of information governance. Issues In April 2020, I was interviewed by GRC Professional journal on the risks to universities (before COVID-19 had taken a grip, but once Chinese student visas were cancelled). I was asked “What are some the broad risks that universities face?” My reply was the current risk in Australian universities is, without doubt, the impact of […]
Read More
AI Transparency in Digital Government
In celebration of International Access to Information Day and Right to Know Week in NSW 2020, we held an event on AI Transparency in Digital Government with NSW Information Commissioner Elizabeth Tydd, Victorian Information Commissioner Sven Bluemmel and Dr Jat Singh, Senior Research Fellow at the University of Cambridge. The discussion focused on the duty government agencies have to disclose algorithms used in providing services and making decisions about services and benefits to citizens. The Commissioners highlighted that robust procurement processes are essential where technology using algorithms are being procured by agencies. Commissioner Bluemmel said the bar needs to be set really high where the algorithmic decision-making involves people and their liberties and livelihood. Transparency is necessary to understand how the decisions are made in order to assert our rights. Dr Singh pointed out that transparency needs to be meaningful so that it allows us to be able to interrogate, scrutinize and challenge, and it requires organisations to give careful consideration […]
Read More
NAA’s new policy: Building Trust in the Public Record
The National Archives of Australia (NAA) published in July 2020 the draft policy Building Trust in the Public Record: managing information and data for government and community. It was been released together with a list of supporting advice that exists, or will be developed or updated, to support the policy. InfoGovANZ submitted its feedback in response to the new policy, which is available here. The new policy will take effect from 1 January 2021 and will follow the current Digital Continuity 2020 policy (DC2020) which concludes at the end of this year. The policy seeks to improve information management capability within the Australian Government to meet current and future needs for authentic and reliable information and data by government and community.
Read More
For Governance, Integration Matters
Effective corporate governance is not a one-size-fits-all approach, as recognised by regulators and self-regulatory organisations around the world. Principles propounded by local advisory and governing bodies provide guidance on how to effectively and transparently manage an organization and ensure it is meeting its obligations to all stakeholders. We will examine how corporate governance principles can be enhanced and improved by the explicit integration of information governance into companies’ corporate governance schema. Corporate Governance Corporate governance is, in its most general terms, how a business is controlled, governed, and operated. Principles of good corporate governance include fairness, accountability, responsibility, and transparency. A company’s system of governance is its framework of rules, relationships, controls, and processes. Company management and boards have myriad responsibilities. These range from planning for pandemics, natural disasters, and other major events that can affect a company’s basic ability to conduct business and disrupt operations; managing the company’s […]
Read More
Information Governance Key to Good Corporate Governance
Information governance, data protection and security, privacy, cybersecurity and artificial intelligence (AI) have all become critical topics for boards and government bodies to consider. Historically, the issues tended to be dealt with under either ‘IT’ issues or records and information compliance issues. In recent years, the importance of cybersecurity, AI and data analytics together with changing privacy regulations have brought new governance challenges to the forefront of the minds of directors. Top issues for Directors There are common themes in the surveys of top issues confronting Boards of Directors, which have been carried out in recent years. These include the opportunities and challenges arising from technology innovation and disruption, the overriding concern of cybersecurity and data breach, which is highlighting the importance of information security, and regulatory compliance including changing privacy regulations. The Akin Gump Lawyers group in the USA report an annual “Top 10 topics for Directors” each year, […]
Read More
COVID19 – Global Open Data Initiatives
The Open Government Partnership (OGP) has created a webpage collating government approaches responding to COVID-19. The open government community is focused on applying the principles of transparency, accountability and participation to the COVID-19 response. The webpage contains a crowd sourced list from a wide range of countries with a variety of initiatives, including: the release of theoretical models and data underpinning governments’ strategies; digital platforms and apps to keep citizens informed; and efforts tackling misinformation and disinformation online. The Open Government Partnership (OGP) is a multilateral initiative that aims to secure concrete commitments from national and local governments to promote open government, empower citizens, fight corruption, and harness new technologies to strengthen governance. Formed in 2011, its members now include governments from across 78 countries and thousands of civil society groups, representing more than 2 billion people worldwide. Open government strives to provide transparency and accountability to the public, […]
Read More
Information and Data Governance Driving Interoperability
Achieving interconnected services, sharing and re-using information and data assets requires strategic planning and investment. The Data Interoperability Maturity Model (DIMM) is the latest advice from the National Archives of Australia for building interoperability under the Digital Continuity 2020 Policy. It highlights the importance of information and data governance to drive interoperability initiatives. The Director-General of the National Archives of Australia, David Fricker stated, ‘it is often said the data is the ‘oil’ of the 21st century, because in the future data will be the principal resource that drives our economy and our way of life. Just like oil, data has to be properly managed. It must discoverable, and of sufficient quality – pure, authentic and reliable – to drive the processes that rely on it. Unified information and data governance empowers an organisation to align its interoperability objectives while balancing associated risks.’ The DIMM’s downloadable assessment tool helps your […]
Read More
Automated Speech Recognition
While Automated Speech Recognition (ASR) technology has been present in various forms for decades, advances in statistical modelling, artificial intelligence (AI) and automation connectively have resulted in a new frontier for speech-based interaction between humans and computer systems. In this article Dr Peter Chapman, Director in the KPMG Forensic Technology team and InfoGovANZ advisory board member, details some of the current applications of ASR technology and offers guidance on a number of emerging governance issues associated with these technologies. As a concept, computerised Automated Speech Recognition (ASR) has been around almost as long as the computer itself. However, only in the last decade have the capabilities of ASR technology reached the point where wide-scale commercial adoption is viable1. Natural human speech contains slang terms, dialect peculiarities, abbreviations and other “non-standardised” content. While humans are very adept at managing these issues, the enormous variability of human speech makes ASR a very […]
Read More
Information Governance 2020
The Information Governance 2020 Roundtable took place on Monday, 18 November at the Governance Institute of Australia. The event covered highlights from the recent InfoGovANZ Survey Report, privacy developments and trends globally, the new ISO working group developing an Information Governance standard, and the new records management cloud-based system utilising machine learning at the Australian Human Rights Commission. There was a great turn out of members, sponsors and interested parties for a fantastic session covering a broad range of IG topics. Executive Director, Susan Bennett started the ball rolling with a summary of valuable insights from the most recent InfoGovANZ IG Survey Report, noting the trend towards improved Information Governance awareness and leadership recognition since our 2017 survey. Just over half of the organisations surveyed have an formal IG framework with clearly articulated policies and procedures. 90% of respondents expressed agreement with the definition of ‘information governance’ – although some […]
Read More
Information Governance: optimising the lifeblood of organisations
Data and information are increasingly becoming the lifeblood of organisations. However the exponential amounts of data being collected by companies and government alike, together with the risks and costs of holding and securing this information, have created a new set of issues for those responsible for organisational governance. IG provides a unified strategic framework for the control, security, optimisation and effective use of information. It is an essential part of good corporate governance, assisting organisations to maximise the value of information while minimising risks and costs by providing a mechanism to align policies and processes, people and technologies across an organisation. The IG diagram below shows different areas and activities within an organisation responsible for the security, control, optimisation and risk management of data and information. There may be more or fewer areas according to the type and size of the organisation. The key to implementing an effective information governance […]
Read More
Information Governance as a Key Enabler of Successful System Design
This is the first in a series of articles explaining how design information governance (IG) adds to the ontological and structural language that creates the ‘sensemaking’ framework for complex adaptive systems. In doing so, IG provides a foundational enterprise capability which enables adaptive behaviour and organizational resilience in the face of changes in the internal and external environment. Modern society is enabled by systems, some of them technology-centric like our road and rail networks, some human-centric like our system of parliamentary democracy, and some a more balanced mix like our health system. Successful systems are those that are effective in meeting the needs that they were designed (or emerged) to meet and are sustainable in the face of change. A key enabler of successful systems is appropriate design information. For example, the number and boundaries of electorates in our parliamentary democracy are periodically adjusted to ensure that the (design) […]
Read More
Information & Data Trends & Challenges – IAM 2019
InfoGovANZ joined with National Archives and other professional organisations including RIMPA, IM, DAMA, Australian Society of Archivists, Australian Library and Information Association as part of Information Awareness Month. The event provided an opportunity for industry leaders to share perspectives on contemporary information and data management trends and challenges. The Many Voices, One Message booklet summarising the key themes and topics discussed at the workshop has just been published this week. Access the booklet
Read More
Corporate governance in the digital economy: The critical importance of information governance
Information is critical to decision-making and plays an essential role across all three pillars of governance. The emerging driver of good information governance globally is compliance with regulatory obligations, particularly with the growth in global privacy laws. Effective information governance requires top-down board and senior executive leadership. Good corporate governance in the data driven and digital economy poses significant challenges for Boards and seniors executives. This article highlights the importance of information governance to ensure there is a unified strategy and framework to govern information effectively. Good information governance enables organisations to maximise the value of information as a business asset while minimising risks and costs, particularly those associated with data breach. Over the last 25 years there has a lot been written about corporate governance. There have been debates about the value it adds to an organisation and even the share price on the Australian Securities Exchange (ASX). […]
Read More
Jason R Baron: The Need for Information Governance more than ever
Presidential tweets, Self-destructing messages and the use of Shadow IT as the ‘new normal’: The need for Information Governance more than ever – Jason R Baron Thanks to Gilbert+Tobin and Thomson Geer for hosting very successful and engaging events in Sydney and Melbourne with Jason R. Baron presenting ‘Presidential tweets, Self-destructing messages and the use of Shadow IT as the ‘new normal’: The need for Information Governance more than ever’. Jason’s keynote was followed by panel discussions facilitated by Susan Bennett, Co-founder InfoGovANZ – the Melbourne panel included Victorian Privacy and Data Protection Commissioner, Rachel Dixon and Paul Noonan, Technology Partner at Thomson Geer; and the Sydney panel included NSW Privacy Commissioner, Samantha Gavel and Simon Burns, Technology Partner at Gilbert + Tobin. Jason’s keynote, delivered in his distinctive and thoroughly entertaining style, addressed the rapidly changing information landscape and the impact it is having on individuals and organisations. His observations […]
Read More
Latest Data Breach Report and Trends
The latest Notifiable data breaches report was released last week, highlighting the need for organisations to strengthen data security and promptly respond to suspected breaches. The Australian Information Commissioner and Privacy Commissioner Angelene Falk said that ‘OAIC expects organisations to have robust and proactive procedures in place to protect the personal information they hold.’ The January to June 2023 period saw 409 data breaches reported to the OAIC. While that was a 16% decrease in the number of notifications compared to the previous period, there was one breach that affected more than 10 million Australians. This is the first breach of this scale for Australians since the scheme began in 2018. Cybersecurity incidents were the source of 42% of all breaches (172 notifications). The top three cyber-attack methods were ransomware (53 notifications), compromised or stolen credentials for which the method was unknown (50 notifications) and phishing (33 notifications). Contact, identity and financial information […]
Read More
US and Australian government issue joint Cyberseucrity Advisory on preventing Web Application Access Control Abuse
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) have recently released a joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities. IDOR vulnerabilities are access control vulnerabilities enabling malicious actors to modify or delete data or access sensitive data by issuing requests to a website or a web application programming interface (API) specifying the user identifier of other, valid users. These requests succeed where there is a failure to perform adequate authentication and authorization checks. These vulnerabilities are frequently exploited by malicious actors in data breach incidents because they are common, hard to prevent outside the development process, and can be abused at scale. IDOR vulnerabilities have resulted in the compromise of the personal, financial, and health information of millions of users […]
Read More
Third-Party Risk and Cybersecurity: Navigating Evolving Threats and Data Governance
High-profile data breaches in the last few years have not only resulted in increased regulatory attention but have also served to highlight the evolving set of cyber threats faced by organisations. Of particular note, there have been numerous incidents where cybercriminals have managed to obtain organisational data not through a direct attack on the organisation but rather by breaching a third-party IT supplier to the organisation. The sophistication of cybercriminal attacks is increasing both in terms of the attack methodology and the strategic intent behind the selection of their targets. When the first wave of ransomware attacks was launched in the early 2000s, these were largely indiscriminate, impacting whichever personal, business, or government system that the malware could gain access to. Following this initial wave, we have observed increased fine-tuning of malware attacks over time. From a code perspective, some examples of this evolution have included built-in checks in the […]
Read More
Questions for boards to ask about cybersecurity
The Australian Cyber Security Centre (ACSC) has released a guide for boards and executives that discusses high-level topics to know about cyber security within organisations. Boards need to proactively build an understanding of their organisation’s specific cyber threat and risk environment. The Guide sets out how the board can understand as […]
Read More
Optus Data Breach – the risks of data over – retention
The Optus Data Breach incident has shed some much-needed light on the need for robust, top-down board governance over organisational data and information. It is evident that this attack has demonstrated the need for organisations to sufficiently invest in cyber-attack prevention, detection and response. While the Optus data breach is […]
Read More
2022 Information Awareness Month One Day Seminar
This year’s Information Awareness Month One Day Seminar took place at the iconic Institute Building (1861), the first public cultural building in South Australia and was also livestreamed. The theme was “Building Trust in Information” and discussions revolved around facets that we need to trust in order to have trust […]
Read More
OAIC Data Breach Notification Report
The Office of the Australian Information Commissioner’s (OAIC) latest Notifiable Data Breaches Report highlights how OAIC expects entities to prevent and respond to data breaches caused by ransomware and impersonation fraud. The OAIC received 446 data breach notifications from January to June 2021, with 43% of these breaches resulting from cyber security incidents. Data breaches arising from ransomware incidents increased by 24%, from 37 notifications in the last reporting period to 46. Read the latest report here.
Read More
Cyber Risk Management and the Value of Cyber Insurance
The technology revolution has created unprecedented developments in the way that business is transacted, how information is obtained, how we communicate with each other and how data is sourced and stored. The reality of these developments has also lead to unparalleled increases in the ability of criminals to act in a digital environment rather than in the physical world and cyber crime has never been more financially rewarding. Cyber risk and cyber exposure exists for every business that uses technology and connects to any form of information systems and networks. Size of business, industry factors and reliance on technology for critical operations can increase cyber risk vulnerability, but no business is immune. Managers are faced with the challenge of protecting against cyber risk and implementing strategies and procedures to safeguard against the potential loss and damage suffered in a cyber event. Cyber risk management is a holistic approach to evaluating […]
Read More
OAIC Data Breach report: January – June 2020
The Office of the Australian Information Commissioner (OAIC) has released its Notifiable Data Breaches (NDB) Report for January to June 2020. Malicious or criminal attacks remain the leading cause of data breaches involving personal information in Australia. Commissioner Angelene Falk said, ‘this trend has significant implications for how organisations respond to suspected data breaches — particularly when systems may be inaccessible due to these attacks. It highlights the need for organisations to have a clear understanding of how and where personal information is stored on their network, and to consider additional measures such as network segmentation, robust access controls and encryption.’ In other findings: Health service providers continued to be the top reporting sector (115 notifications), followed by the finance and education sectors, and the insurance industry making the top 5 sectors for the first time. The number of notifications resulting from social engineering or impersonation has increased by 47%. Actions taken by […]
Read More
Information Security Risk Management Practitioner Guide – OVIC
The Office of the Victorian Information Commissioner (OVIC) issues security guides to support the Victorian Protective Data Security Standards (VPDSS). This document provides organisations with guidance on security risk management fundamentals to enable them to undertake a Security Risk Profile Assessment (SRPA) as required under s89 of the Privacy and Data Protection Act 2014(PDP Act) and is designed to support practitioners and information security leads.
Read More
Information Governance + COVID-19 Roundtable Report
To celebrate Information Awareness Month (IAM2020) and Privacy Awareness Week (PAW2020), we kicked off with an online panel discussion on the myriad of Information Governance issues arising from the COVID-19 pandemic. Our panellists included – Melanie Marks, Christopher Colwell, Sonya Sherman, Dr Peter Chapman, Matthew Golab and the discussion was facilitated by Susan Bennett. The importance of connectivity and of access to trusted information, the role of fit for purposes systems to capture records during a crisis and accountability for decisions made during the pandemic period were all highlighted. Discussion around the COVIDSafeApp emphasised that privacy by design and governance of data are key for user trust. A key focus of the discussion were increased information security and cybersecurity risks with the move to working from home. These include the risks of data leakage, data breach, shadow IT and cyber-crimes. In summary, the discussion emphasised that the myriad of information, records, […]
Read More
Broken Trust – The Information Security Dangers of Insider Threats
The increasing awareness of external cyber-security threats has executives focused on how their organisation can be defended against the “enemy at the gates”. But are organisations just as much at risk from an “enemy within”? In this article Dr Peter Chapman, Director in the Ferrier Hodgson Forensic Technology and eDiscovery team and InfoGovANZ advisory board member, provides an opinion and case study on insider threat. The media provides us with constant reminders of the threat of cyber-criminals and other external attackers. Recent legislative and regulatory changes such as the European Union GDPR requirements and mandatory breach notification amendments to the Australian Privacy Act have only increased our awareness, specifically with regards to ensuring that personally identifiable information (PII) in the possession of the organisation is safeguarded. While PII data is undoubtedly a target of external attackers, and external threats must be guarded against, organisations may be overlooking significant insider […]
Read More
Information Security & Information Governance – how they work together
Information (data) security, cybersecurity and IT security all usually refer to the protection of computer systems and information assets by suitable controls, such as policies, processes, procedures, organizational structures and software and hardware functions. The type and extent of controls depends on the scope and maturity of the business function (usually the Security Department) applying the controls, or, depends on the specialisation/focus of the team, such as Perimeter/Firewall or Identity Management. Each function tends to have a different perspective of information security, compared to other functions, due to their focused specialisation. A close parallel is the health profession. You see a GP doctor when unwell, and are referred to a specialist who knows much more than your GP about a particular field of expertise. I know that my GP would not want to perform open heart surgery at all. And equally, a heart specialist would not have up-to-date and practical […]
Read More
Cyber Insurance: how it works and the benefits of Information Governance
As the number and size of cyber attacks on businesses continues to increase, the risk of experiencing a data breach is higher than ever. The resulting cost of these breaches can be significant – according to the Ponemon Institute’s 2017 Cost of Data Breach Study, these totalled $2.51 million per year across the organisations that were recruited for the research. As a result, an increasing number of organisations are choosing to invest in a cyber insurance policy, which allows them to claim cyber incident response expenses, regulatory fines, legal defence costs and business interruption losses. In other words, offset the cost of a potential data breach. This article outlines the benefits of cyber insurance and explains why, in today’s digital age, it is vital for organisations to invest in this class of insurance, in addition to understanding the information governance obligations that their insurance policy places on them. What […]
Read More
Australian Community Attitudes to Privacy Survey 2023
The Australian Community Attitudes to Privacy Survey 2023 released by the Office of the Australian Information Commissioner (OAIC) on 8 August, shows a significant increase in the number of Australians who feel data breaches are the biggest privacy risk they face today. Australian Information Commissioner and Privacy Commissioner Angelene Falk said, ‘Australians see data breaches as the biggest privacy risk today, which is not surprising with almost half of those surveyed saying they were affected by a data breach in the prior year.’ Furthermore, the Commissioner stated, ‘there is a strong desire for organisations to do more to advance privacy rights, including minimising the amount of information they collect, taking extra steps to protect it and deleting it when no longer required.’ Among the key themes of the survey are: Australians care about their privacy. Nine in 10 Australians have a clear understanding of why they should protect their personal information, and […]
Read More
The Good Shepherd Model for Cybersecurity, Privacy and Regulatory Compliance
WHITE PAPER Four principles for protecting private data to improve compliance with privacy regulations Executive Summary Regulators Sharpen their Focus on Protecting Private Data “Assume You Are Compromised” – Now What? The Good Shepherd Model Case Study: Investigating a Datacenter Breach the Hard Way Security and Privacy are Strategic References EXECUTIVE SUMMARY Organizations that store customers’ private information have a duty of care to protect that data. Credit card numbers and other personal details fetch a high price on the black market and unfortunately, organizations do a very poor job of keeping them out of the hands of cybercriminals. Regulators in many countries are now levying considerable penalties against organizations that fail to protect people’s private data. Under the European Union’s General Data Protection Regulation (GDPR), for example, organizations face fines of up to €20m or 4% of annual turnover for exposures of European citizens’ private data. They […]
Read More
EU-U.S. Data Privacy Framework
This week the European Commission has adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal data transferred from the EU to US companies under the new framework. On the basis of the new adequacy decision, personal data can flow safely from the EU to US companies participating in the Framework, without having to put in place additional data protection safeguards. The EU-U.S. Data Privacy Framework introduces new binding safeguards to address all the concerns raised by the European Court of Justice, including limiting access to EU data by US intelligence services to what is necessary and proportionate, and establishing a Data Protection Review Court (DPRC), to which EU individuals will have access. The new framework introduces significant improvements compared to the mechanism that existed under the […]
Read More
Happy 5th Birthday GDPR
On the 5th anniversary of commencement of the GDPR, Věra Jourová, Vice-President for Values and Transparency, and Didier Reynders, Commissioner for Justice, issued a statement highlighting that the GDPR was a decisive step in shaping the digital transition in the EU, setting global standards for the safe regulation of data flows and creating the foundation for a human-centric approach to the use of technology. They point out that the GDPR is the foundation of the EU’s arsenal of digital laws that shape the EU data economy, such as the Data Act and Data Governance Act. Since enforcement of the GDPR commenced on 25 May 2018, over €2.5 billion in fines have been imposed by national data protection authorities for breaches of the GDPR. Read the statement here 5th anniversary of the General Data Protection Regulation (europa.eu) On the “This Week in Digital Trust” podcast, you can listen to Melanie Marks, elevenM privacy […]
Read More
Privacy and AI: IAPP Global Privacy Summit, Washington DC, 2023
The IAPP Global Summit Privacy Summit this year was a huge event with over 5,000 attendees and a smorgasbord of keynotes and seminars on a wide range of topics – from privacy and AI compliance to the recent Generative AI developments together with predictions, the status of EU-US data transfers post Schrems II, and the latest in international data transfers. There were also very interesting sessions on privacy and ESG, and privacy and holistic data strategy. Keynotes on AI and Privacy Developments An exceptional keynote was given by FTC Commissioner, Alvaro Bedoya on Generative AI pointing out that AI is regulated. Commissioner Bedoya noted that section 5 of the FTC Act, unfair or deceptive practices, applies to companies making, selling, using or making representations about AI. The Commissioner emphasised that ‘there is no AI carve out’ in tort, civil rights, product liability and common law. You can read more here […]
Read More
Privacy Act Review Report
The long awaited report reviewing Australia’s Privacy Act 1988 has been released by the Australian Government, proposing significant changes including individual rights modelled on the GDPR, such as the right to request erasure, and notification of databreaches to Office of the Australian Information Commissioner within 72 hours. Attorney-General Dreyfus’ statement releasing the report says, ‘the Privacy Act has not kept pace with the changes in the digital world. The large-scale data breaches of 2022 were distressing for millions of Australians, with sensitive personal information being exposed to the risk of identity fraud and scams.’ In relation to security, destruction and notifiable databreaches the report states, ‘recent large-scale data breaches have highlighted the vast amount of personal information that is collected and retained by entities, and the need for entities to put in place stronger protections to prevent unauthorised access to Australians’ information. The best way to protect personal information is […]
Read More
OECD Declaration on Government Access to Personal Data held by Private Sector Entities
On 14 December 2022, the OECD members adopted the Declaration on Government Access to Personal Data held by Private Sector Entities. It is an intergovernmental agreement on common approaches to safeguard privacy and other human rights and freedoms when accessing personal data for national security and law enforcement purposes, and seeks to promote trust in cross-border data flows, a critical enabler of the global economy. The scope of the declaration consists of three main sections: Legitimate government access on the basis of common values Promoting trust in cross-border data flows Principles for government access to personal data held by private sector entities You can read the Declaration here – OECD Legal Instruments
Read More
OECD Declaration on a Trusted, Sustainable and Inclusive Digital Future
On 15 December 2022, the OECD members adopted the Declaration on a Trusted, Sustainable and Inclusive Digital Future. The Declaration calls on the OEDC through the Committee on Digital Economy Policy (CDEP) to develop policy standards and guidance for a trusted, sustainable, inclusive digital future for our countries that reflect shared values and put people at the centre. The background to the Declaration is the accelerated digital transformation, particularly since the COVID-19 pandemic, which has brought opportunity and risk, requiring policy makers to develop whole-of-government policy response and manage related risks. The list of actions is extensive and wide-ranging – you can read them here OECD Legal Instruments .
Read More
Changes to Australia’s Privacy Act: Overview and Preparation Checklist
In the wake of the recent wave of high-profile data breaches at Optus, Medibank and MyDeal, the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 was passed by Federal Parliament on 28 November 2022. The Attorney-General referred to the data breaches as having highlighted ‘the potential to cause serious financial and emotional harm to Australians’ and that the Bill sends a clear message that the government takes privacy, security and data protection seriously. Penalties have been significantly increased under the Privacy Act 1988 (Cth), and the Privacy Commissioner now has increased powers to resolve privacy breaches. The Notifiable Data Breaches Scheme has also been strengthened. Increased penalties Penalties for a serious or repeated breach of privacy have significantly increased from a maximum of $2.22 million to not more than the greater of: $50 million; three times the value of any benefit obtained through the misuse of the information; or, if the value of the […]
Read More
NSW introduces Mandatory Notification of Data Breaches
On 16 November 2022, the NSW Parliament passed amendments to the Privacy and Personal Information Protection Act 1998 (PIPA). The amendments to the PPIP Act aim to strengthen privacy legislation in NSW by: creating a Mandatory Notification of Data Breaches (MNDB) Scheme which will require public sector agencies bound by the […]
Read More
Balancing Organisational Accountability and Privacy Self-management in APAC
The Asian Business Law Institute and Future of Privacy Forum has published a report providing a detailed comparison of the requirements for processing personal data in 14 jurisdictions in APAC including Australia, China, India, Indonesia, Hong Kong SAR, Japan, Macau SAR, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Thailand, and […]
Read More
LawFest 22: Re-connecting & challenging your thinking
On 28 September, 365 legal professionals from across Aotearoa and abroad gathered in person in Auckland for the premier legal innovation and technology event on the New Zealand calendar. LawFest is the only opportunity in New Zealand for the legal and technology community to come together to network, collaborate and […]
Read More
OAIC guidance on retention and deletion of PI
In July, OAIC published guidance on the retention and deletion of personal information (PI) collected during the COVID-19 pandemic. Organisations should take stock of the personal information they hold and assess whether it is necessary to continue to collect and retain PI. Australian Privacy Principles 11.1 and 11.2 require that reasonable […]
Read More
IAPP Global Summit 2022 Report
Celebrating the joy of reconnecting was the theme of the opening address by Trevor Hughes, President and CEO of IAPP. This year’s Global Privacy Summit had over 4,000 attendees and took place over four jam-packed days in Washington DC. The Opening General Session got off to a flying start with three very different and thought-provoking key notes. Bestselling author Malcolm Gladwell highlighted the lessons to be learned from his recent book “The Bomber Mafia”. Warning against asking the wrong questions and solving the wrong problems, he noted that technology takes time to evolve and that “visionaries need help” with practical application. Gladwell urged the audience to be humble about what technology can do and patient before deploying well-intended technological innovations with uncharted moral consequences. Professor Amy Gajda, author of “Seek and Hide”, discussed the pivotal 1928 Supreme Court case of Olmstead v. United States, in which Justice Louis Brandeis dissented […]
Read More
OAIC’s updated guidance on vaccination status and protecting privacy
OAIC has updated its guidance on COVID-19: Vaccinations and privacy rights as an employee and Vaccinations: Understanding your privacy obligations to your staff. Key points include: Vaccination status information can only be collected without consent in circumstances where the collection is required or authorised by law (including a state or territory public health order or direction). Only the minimum amount of personal information reasonably necessary to maintain a safe workplace should be collected, used or disclosed. Vaccination status information should only be used or disclosed on a ‘need-to-know’ basis. You must inform employees about how their vaccination status information will be handled. Ensure you take reasonable steps to keep employee vaccination status and related health information secure.
Read More
New Zealand’s Privacy Commissioner releases a paper on biometric regulation
New Zealand’s Office of the Privacy Commissioner (OPC) has released a position paper setting out how the Privacy Act regulates biometrics. The increasing role of biometric technologies in the lives of New Zealanders has led to calls for greater regulation of biometrics. In a statement releasing the paper, the OPC said, ‘[it] believes that the privacy principles and the regulatory tools in the Privacy Act are currently sufficient to regulate the use of biometrics from a privacy perspective.’ The paper is intended to inform decision-making about biometrics by all agencies covered by the Privacy Act, in both the public and private sectors. This position paper will be reviewed six months after publication, in consultation with key stakeholders, to assess its impact and whether any further steps are required. Read the OPC’s summary of key issues or the full position paper.
Read More
Digital Identity Legislation
The Australian Government has released an exposure draft of the Digital Identity legislation (the Trusted Digital Identity Bill) to support the expansion of the Australian Government Digital Identity System (the System). The proposed legislation aims to enshrine in law, privacy and consumer safeguards in the System as it expands to include more services and sectors. The legislation also establishes permanent governance arrangements to be guided by principles of independence, transparency and accountability. Feedback is being sought on the draft legislation and the accompanying documents to make sure the System meets the expectations of Australians and Australian businesses. Available on the Digital Identity website: Guide to the Digital Identity legislation Trusted Digital Identity Bill 2021 exposure draft Trusted Digital Identity Framework (TDIF) accreditation rules Trusted Digital Identity rules Regulation Impact Statement (RIS)
Read More
OVIC Guidance on Collaboration Tools
The rise of flexible working arrangements means that collaboration tools, such as videoconferencing and instant messaging tools, as well as cloud-based document creation and sharing services, are increasingly essential to facilitate collaboration. The Office of the Victorian Information Commissioner has provided guidance to assist organisations to consider their privacy obligations when implementing and using collaboration tools, plus information security and record-keeping considerations. Read the Guidance here.
Read More
National COVID-19 Privacy Principles
The Office of the Australian Information Commissioner and State and Territory privacy commissioners have produced universal privacy principles to support a nationally consistent approach to solutions and initiatives designed to address the ongoing risks related to the COVID-19 pandemic. These high-level principles provide a framework to guide a best practice approach to the handling of personal information during the pandemic by government and business. Read the Principles here.
Read More
Protection of Personal Information in Universities
The protection of information by universities has come under focus in recent years as a number of Australian universities have been subject to cybersecurity attacks. These attacks highlight the risks of data breaches and the potential impact on students, staff, and research participants. This led to the Office of the Victorian Information Commissioner (OVIC) examining the policies and procedures that Victorian universities have implemented to protect the personal information that they hold from loss and misuse. The Victorian Information Commissioner released its report on the Examination of Victorian universities’ privacy and security policies report on 29 June 2021 (report). The findings included that not all universities have clear policies and procedures to guide staff to destroy personal information when it is no longer needed, and some do not have written guidance about sharing personal information with third parties to support staff to consider information security risks. The Victorian Information Commissioner, […]
Read More
The use of WhatsApp and messaging record-keeping failures: the massive fines keep coming
On 8 August 2023, penalties for record-keeping failures of $549 million were ordered against 10 banks, broker-dealers and investments advisers in the U.S. The Commodity Futures Trading Commission (CFTC) ordered four banks to pay $260 million for record-keeping and supervision failures arising from the use of unapproved messaging systems including personal texts and WhatsApp. On the same day, the Security Exchange Commission (SEC) also announced it had settled actions against 6 banks, broker-dealers and investment advisers it had been investigating for failures to comply with record-keeping requirements with penalties of $289 million. There have been in recent years, 30 enforcement actions by the SEC and over $2 billion in penalties ordered for record-keeping violations. These violations stemmed from employees communicating through messaging platforms on their personal devices, including WhatsApp, iMessage and Signal about the business of their employer. While these messaging platforms may not have been sanctioned for use by […]
Read More
Culture of FOI in Victoria
The Office of the Victorian Information Commissioner (OVIC) published new research on freedom of information (FOI) culture in Victoria and the importance of proactive and informal release of information. “The release of documents under the FOI Act is not the only way that governments can share information with the public” said Information Commissioner Sven Bluemmel. “Governments can also get on the front foot and proactively release information, without the need for individuals to first make an FOI request.” OVIC strongly encourages all agencies to adopt policies and systems that facilitate the release of information proactively and informally. Proactive transparency will help to build public trust, which will assist governments to address complex policy issues and improve service delivery. Read the key findings here.
Read More
Information Access Study
Information Access Commissioners and Commonwealth Ombudsman have released the findings of their second cross jurisdictional study of community attitudes on access to government information. The 2021 Information Access Study measures citizens’ awareness of the right to access government information, and their experiences and outcomes in exercising that right. Key findings include: The importance of the right to access information is consistently recognised by respondents in each jurisdiction. The majority of respondents in each jurisdiction were aware that they had the right to access information from government departments/agencies. In general, citizens were able to obtain information successfully in each jurisdiction. Read the statement from the Commissioners or view the research findings here.
Read More
Response to Tune Review
The Australian Government has agreed or agreed in principle to all 20 recommendations made by the Functional and Efficiency Review of the National Archives of Australia(NAA) referred to as the Tune Review. While the Tune Review recommended a proposed Government Information Management Model (GIMM), where records management across government would be centralised to the NAA, the Government intends as the first step to convene a committee to drive efficiencies and improvements in the short to medium term. Read the Tune review and the Government’s response.
Read More
OVIC Guidance on Collaboration Tools
The rise of flexible working arrangements means that collaboration tools, such as videoconferencing and instant messaging tools, as well as cloud-based document creation and sharing services, are increasingly essential to facilitate collaboration. The Office of the Victorian Information Commissioner has provided guidance to assist organisations to consider their privacy obligations […]
Read More
Report into delay in Victorian FOI decisions
The Victorian Information Commissioner’s report into the delay in disclosure of government documents under the Freedom of Information Act 1982 (Vic) was recently tabled in the Victorian Parliament. Between 2015 and 2020, the proportion of FOI decisions made on time in Victoria declined from 95% to 79%. The investigation examined the extent and causes of delay at agencies, which included resourcing issues, process, technology, culture, communication and the impact of the COVID-19 pandemic. Read the report here.
Read More
NAA receives $67m to digitalise old records
Almost 300,000 records of Australian history including radio recordings of former prime minister John Curtin and a petition to King George V for Indigenous representation in Federal Parliament will be saved after a $67.7 million funding injection into the National Archives. The Tune Review, released in March this year said immediate action was needed to preserve deteriorating records in paper-based form, as well as magnetic tape audiovisual records, photos and film, to ensure they weren’t lost forever. Cybersecurity was also underscored as an urgent priority, with the collection of government records otherwise vulnerable to obsolescence, attack, compromise or loss.
Read More
The Tune Report
The recently released Tune Report proposes a new integrated, whole of government model for information management and record keeping and for the storage, digitisation and preservation of government records across the Australian federal government. The model seeks to generate efficiencies across government sufficient to support the necessary investment in digital capacity within the National Archives and other priorities. It has three tranches: A major investment in a new 5th Generation Digital Archive (5thGDA) that will bring the National Archives ICT systems into the digital age, enabling end-to-end handling of records from creation through to access A Government Information Management Model (GIMM), with the National Archives having responsibility for information management across Australian Government agencies, to support improved records management, to provide better compliance with the objectives set down in the Archives Act, and to escalate digitisation of the Archives records. This seeks to provide whole-of- government efficiencies A Centralised Storage […]
Read More
Integrated information governance: InfoSec and RM working together for safer sharing
This article aims to generate discussion about strategies to improve information security – in particular to support people in appropriately handling sensitive information (recognising the human factor as one of the main weaknesses in security programs); leveraging existing systems and frameworks to enhance interoperability; and encouraging knowledge sharing between IG professionals across different domains. Please share your thoughts in the comments section below. SUMMARY Both national security and crisis management require highly sensitive information to be securely shared between applications, individuals, organisations and jurisdictions. Vulnerabilities could leave agencies exposed to greater risks during a period with a high threat of espionage. Automation can support people sharing sensitive documents, to reduce manual handling and human error. This could be achieved by enhancing existing capabilities and standards, drawing on frameworks from both information security and records management. Geopolitics and COVID-19 bring renewed focus to cybersecurity Cybersecurity is a priority for all organisations, […]
Read More
Building trust in the public record – Public Release schedule
The National Archives of Australia‘s new whole-of-government information management policy, Building Trust in the Public Record: managing information and data for government and community is now in force – https://bit.ly/3nfgGlV The new policy supports a holistic approach to information and asset management using information governance. The aim of the policy is to continue […]
Read More
Building Trust in the Public Record Highlights
Information Governance ANZ was pleased to host an interactive forum with David Fricker, Director-General of the National Archives of Australia regarding the new policy Building Trust in the Public Record: managing information and data for government and community. This interactive session covered: · Key information management requirements for Australian Government agencies · Actions […]
Read More
AI Transparency in Digital Government
In celebration of International Access to Information Day and Right to Know Week in NSW 2020, we held an event on AI Transparency in Digital Government with NSW Information Commissioner Elizabeth Tydd, Victorian Information Commissioner Sven Bluemmel and Dr Jat Singh, Senior Research Fellow at the University of Cambridge. The […]
Read More
NAA’s new policy: Building Trust in the Public Record
The National Archives of Australia (NAA) published in July 2020 the draft policy Building Trust in the Public Record: managing information and data for government and community. It was been released together with a list of supporting advice that exists, or will be developed or updated, to support the policy. […]
Read More
Is Your Data Estate an Unstructured Mess? How a Spring-Cleaning Project Can Reduce Your Organization’s Risk
Posted with permission from Active Navigation, originally published on June 10. In this special guest feature, Dean Gonsowski, Chief Revenue Officer at Active Navigation, InfoGovANZ’s Foundation Sponsor, focuses on what steps a company needs to follow to review, understand and clean-up their data to eliminate security risks. As a former litigator/GC/AGC, Dean has a proven track record of accelerating the rapid development of high growth, venture backed software companies (such as Relativity/kCura, Clearwell/Veritas, Recommind/Opentext). He is a seasoned professional with the ability to build/manage teams, run P&Ls in executive leadership roles including Sales, Strategy, Business Development, Marketing and Professional Services. Dean has a JD from the University of San Diego School of Law and a BS from the University of California, Santa Barbara. The volume and variety of data created in the past decade doesn’t show signs of slowing down – nor does the pace of hacking attempts. Unstructured data, also […]
Read More
Release of the Palace Letters – National Archives of Australia
After 37 years we can view the correspondence between the Governer-General and the Palace in the lead up to the dismissal of the Whitlam Government. Watch National Archives of Australia Director-General David Fricker on the release of the Palace Letters – all 1,200 pages, here: https://bit.ly/300Kb0U Congratulations to Professor Jenny Hocking on the historic High Court win enabling the National Archives of Australia to release the records. The Palace Letters are now available to download as PDFs on the National Archives of Australia website.
Read More
Digital Records and the GIPA Act – IPC NSW
The Information and Privacy Commissioner NSW has developed a fact sheet to provide guidance about the definition of record, in particular digital records under the GIPA Act and what it means for agencies. The fact sheet also outlines the importance of agencies maintaining good digital recordkeeping practices to ensure it is able to comply with its legislative obligations.
Read More
IAM2020 – Critical role of Information in our changing environment
IAM2020 was launched by Director-General of the National Archives of Australia, David Fricker with an engaging panel discussion with Information Commission NSW – Elizabeth Tydd, digital media expert on the role of information and impact of misinformation Dr Timothy Graham, and Kathryn Dan, Blue Shield Australia. The critical roles of data, access to information and the challenges of misinformation were highlighted in the current COVID-19 pandemic as well as the recent Australian bushfires. You can access the recording of the session here: IAM2020 Launch High Res Recording | IAM2020 Launch Low Res Recording
Read More
Information Governance + COVID-19 Roundtable Report
To celebrate Information Awareness Month (IAM2020) and Privacy Awareness Week (PAW2020), we kicked off with an online panel discussion on the myriad of Information Governance issues arising from the COVID-19 pandemic. Our panellists included – Melanie Marks, Christopher Colwell, Sonya Sherman, Dr Peter Chapman, Matthew Golab and the discussion was […]
Read More
FOI and Building Trust
The theme of Building Trust was the focus of the FOI in WA conference recently. Trust was explored in two ways. Firstly, considering how Freedom of Information (FOI) can build public trust in government; and secondly, advice and inspiration to help practitioners trust themselves and the FOI process to meet the objects of the FOI Act (WA): to enable the public to participate more effectively in governing the State’ and to make the persons and bodies that are responsible for State and local government more accountable to the public. Emeritus Professor Geoff Gallop AC gave the keynote presentation. He discussed the role of openness as a foundation for democracy. This is based on the view that information held by government is a public resource which should be used for public benefit; and that the community has a right to be informed about government operations. FOI and information governance FOI is […]
Read More
RIMPA Live Convention 2019
RIMPA Live 2019 was held at the Marvel Stadium in Melbourne, marking 50 years of RIMPA and its 35th Annual Conference. It was a conference filled with a keynotes, plenary sessions and roundtables over the three days of the conference. There were several keynotes including CTO and entrepreneur Gus Balbontin, Richard Foy, New Zealand’s Chief Archivist, information thought-leader Randy Kuhn Esq from the US and Kevin Sheedy AO, AFL Legend. The conference kicked off with David Moldrich Life FRIM outlining the history of the Australian recordkeeping profession and some of the key moments in the professions’ history such as the establishment of the Records Management Association of Australia (RMAA now RIMPA) and the development and implementation computer-aided records management systems and their successors the Electronic Document and Records Management System or EDRMS. David highlighted the contribution of the Australian recordkeeping profession to the state of recordkeeping around the world mainly […]
Read More
APAC Primer for eDiscovery published
Setting the global standards for eDiscovery, the EDRM – Electronic Discovery Reference Model has released version 1.0 of the Primer for eDiscovery in the Asia Pacific (APAC) region. The goal of the Primer is to help foreign practitioners involved in legal proceedings in APAC to understand the different discovery requirements in each of the […]
Read More
LawFest 21: collaborating and networking in person again
In late March, 280 legal professionals from across Aotearoa gathered in person in Auckland for the premier legal innovation and technology event on the New Zealand calendar. Like so many events globally, LawFest had considerable disruption and challenges from the COVID-19 pandemic to run the event in person. However, in Aotearoa we have been fortunate to be able to bring together again the legal and technology community to celebrate, collaborate, network and learn about legal innovation – and all in person. The last year has reinforced why we need to innovate and leverage technology – LawFest 21 demonstrated how we can go about this! The event was once again a must for anyone interested in driving efficiency in their organisation. The key highlights The one-day event was a great opportunity to hear from leaders and change makers in the innovation space. The programme provided something for everyone, from those […]
Read More
Legalweek NYC 2020 – The Down Under Perspective
Legalweek 2020 brought together thousands of legal professionals to discuss business, regulatory, technology and talent drivers impacting the industry. The week featured workshop boot camps, conferences, networking events and hundreds of technology exhibitors on the tradeshow floor. There are three main conferences: Legaltech (the world’s longest running legal technology trade show), LegalCIO, and Legal Business Strategy. Around the main conferences there are many other events, a few of these are highlighted below. The following week The Sedona Conference’s International Working Group 6 annual program focusing on cross-border discovery and data privacy was held at the New York Law School. AI and Privacy This year’s Legalweek in New York City was dominated by the themes of AI, new and developing technologies and privacy. The impact of privacy regulations, particularly the GDPR and the California Consumer Privacy Act (CCPA) is driving up compliance costs and also the cost of discovery in legal […]
Read More
Social Media Perils in Litigation – InfoGovANZ
In this InfoGovANZ event, the implications and dangers of the widespread use of social media and apps were highlighted in their evidential value in investigations and litigation. The importance of technical and forensic expertise in the discovery process was demonstrated by reference to particular cases and technology tools by Brett Webber, Principal, ConsilAD and Matthew Golab, Director of Legal Informatics and R&D at Gilbert + Tobin. Susan Bennett, Executive Director InfoGovANZ and Principal, Sibenco Legal & Advisory discussed the duties of technology competence and confidentiality, which extends to cybersecurity to protect client information and the implications of a recent High Court decision. As Michael Tieu, posted on LinkedIn following the event, ‘[i]t was truly astounding to see how important it is to be wary of who, what, when and where you post on social media. Once the genie is out of the bottle, it’s nearly impossible to put it back […]
Read More
How eDiscovery is managing the challenge of what constitutes Personal Information
The terms Personal Information or Personal Data have been increasing in usage for a while, and with the recent focus on the European GDPR, and the Australian NDB (Notifiable Data Breaches). This article considers these definitions from the perspective of document production in litigation and regulatory investigations – the process of eDiscovery. In eDiscovery we are used to redacting sensitive information – most typically legally privileged or commercially sensitive information. However, prior to the commencement of the Royal Commission into the Financial Services Industry (FSRC) the volume of documents requiring redaction was fairly modest in most matters. This certainly changed with the FSRC, as all documents that are tendered at a public hearing are required to have contact information and customer names redacted. This has resulted in significant efforts in reviewing all documents that are going to be tendered to ensure that the documents have been adequately redacted. What […]
Read More
AI and the Law – the future is here
Artificial intelligence (AI) is already making significant inroads to the practice of law and producing efficiencies and cost savings. This article looks at how AI is being utilised in different parts of legal practice and the transformation of legal practice that is already underway in the delivery of legal services from litigation through to contract management and Chatbots. Litigation & eDiscovery The production of documents has traditionally been a very expensive part of the litigation process. The development of eDiscovery software tools to identify, retrieve, process, filter and search provides significant costs savings in the litigation process. These cost savings are even more significant with latest software tools and right expertise are utilised. The latest developments in the eDiscovery industry include the use of AI technology. Early forms of AI were built into the globally dominant eDiscovery platforms. For the past 10 years these platforms enabled document clustering and concept […]
Read More
The Governance of Things – eDiscovery in Australia and New Zealand
eDiscovery is the production of relevant documents that parties to litigation or an inquiry are required to produce to either a Court, Royal Commission, Commission of Inquiry or to a government regulator. The eDiscovery industry is a global industry reflecting the enormous growth in information and the specialised technology which has developed to meet that challenge. While eDiscovery is a specialist area of legal technology the challenge of document production extends well beyond in-house legal departments and requires the assistance of IT departments and records management. Download Now
Read More
The Governance of Things – Increasing Acceptance of Technology Assisted Review
In December 2016, the Supreme Court of Victoria endorsed the use of Technology Assisted Review (TAR) in the eDiscovery process in the case of McConnell Dowell Constructors v Santam. This was the first time TAR had been approved for use in litigation in an Australian Court. The use of technologies like TAR assists parties in litigation to meet the requirements ‘of a just, efficient and cost-effective resolution of the dispute’ by reducing the time and cost involved in large scale document production during the discovery process. Download Now
Read More
Dark Data – the risks, costs and ESG
Dark data poses potentially significant risks and costs for organisations. Additionally, with an increasing focus on ESG reporting, organisations should be considering how they can measure and report on each element of ESG with respect to data being collected, generated, used and stored. This article by Susan Bennett considers the […]
Read More
What’s happening with data from your car?
Mozilla released a report last week that examined the terms of service for 25 car companies and the types of data being collected. The report states, ‘they can collect information about how much money you make, your immigration status, race, genetic information, and sexual activity (it’s in there!).’ Concerningly, the report provides ‘Twenty two of the car brands (88% of the ones we looked at) mentioned creating inferences — assumptions about you based on other data. And nine of those companies (39%) said specifically that they might sell them to third parties.’ Included in the report is an extract from Tesla’s Terms of Service, “if you no longer wish for us to collect vehicle data or any other data from your Tesla vehicle, please contact us to deactivate connectivity. Please note, certain advanced features such as over-the-air updates, remote services, and interactivity with mobile applications and in-car features such as location search, Internet radio, voice […]
Read More
UK Department of Education reprimanded after misuse of personal information of up to 28 million children
The UK’s Information Commissioner, John Edwards, has issued a reprimand to the Department for Education following the prolonged misuse of the personal information of up to 28 million children and a failure to do due diligence on who could access pupils’ learning records. An employment screening firm, trading as Trustopia, […]
Read More
What is ‘dark data’ and how is it raising carbon footprints?
In this article from the World Economic Forum, Tom Jackson and Ian R. Hodgkinson identify that organisations need to think about how to manage their data to minimise their digital carbon footprint. Storage of ‘dark data’ defined as single-use data in the article, data takes up space on servers and […]
Read More
OAIC Notifiable Data Breaches Scheme – The first 4 years
The Notifiable Data Breaches (NDB) scheme commenced in February 2018, introducing new obligations for Australian government agencies and private sector organisations with an annual turnover of $3 million AUD or more. Notably, under the NDB scheme organisations are required undertake an assessment should they suspect: Unauthorised access to or disclosure […]
Read More
Five Common Misconceptions about Structured and Unstructured Data
Key Takeaways: Structured data is quantitative (anything you can easily store in rows and columns) and relatively easier to keep compliant. Unstructured data is qualitative (think your emails and Teams chats) and much harder to manage. Nearly all organizations are operating under one or more misconceptions about their data (and compliance or lack thereof […]
Read More
New Data Availability and Transparency Act 2022 in force
The Data Availability and Transparency Act 2022 commenced in April. The Act establishes a new, best practice DATA scheme for sharing Australian Government data, underpinned by strong safeguards and simplified, efficient. For an introduction to how the Scheme works, read more at A Scheme for sharing Australian Government data. Commonwealth, state and territory government agencies can now apply to be accredited users under the DATA Scheme. And from 1 August, Australian universities will be able to apply for accreditation as data users and as data service providers. Follow these links to learn more about participating in the DATA Scheme or to access the scheme-on-a-page overview.
Read More
Doug Laney author of ‘Infonomics’ announces release of new book ‘Data Juice’
Data Juice is the latest book just released by Doug Laney, author of Infonomics: How to Monetize, Manage, and Measure Information as an Asset for Competitive Advantage. Containing more than 100 real-world examples and expert commentaries on how organizations around the world and in every industry are monetizing their own (and others’) data in diverse ways, Data Juice is a resource for data, business, and IT leaders looking to inspire their teams or executives with ways to thrive in the Digital Age. Further below is an excerpt from Data Juice, available to purchase now on Amazon About the author Doug Laney is the data & analytics strategy innovation fellow with the consultancy, West Monroe. Formerly he was a vice president and distinguished analyst with Gartner’s Chief Data Officer (CDO) research and advisory practice. He is an accomplished practitioner and recognized authority on data and analytics strategy, and is a three-time […]
Read More
2021 Solomon Lecture
This year’s Solomon Lecture presented by the Queensland Office of the Information Commissioner featured Professor Beth Simone Noveck on ‘Solving Public Problems with Data’. Professor Noveck’s lecture explores how traditionally, the right to know is rooted in the belief that members of the public should know what their government does in order to hold the government to account, lessen the risk of corruption and shine a light on wasteful and inefficient operations. Beth Simone Noveck discusses how a focus on public problem solving and improving people’s lives changes how we think about data. She discusses specific policy prescriptions for creating a right to know that fosters better government, stronger citizenship and more agile solutions to contemporary challenges. Watch the Solomon Lecture here.
Read More
Preventing Digital Harm
The World Economic Forum published Pathways to Digital Justice report to address systemic legal and judicial gaps, and help guide law and policy efforts towards combating data-driven harms. This is particularly important with the increase in online activities and digitization of services, which – when misused – can present new types of risk. The white paper, produced in collaboration with an advisory committee consisting of experts from around the world, is intended to guide policy efforts towards combating data-driven harms. The hope is that legal and judicial systems can then evolve to embed redress mechanisms that enable the creation of a data ecosystem which protects individuals and is accountable to them. Read the World Economic Forum statement here or the report.
Read More
Exposure Draft of the Data Availability and Transparency Bill
The draft Data Availability and Transparency Bill aims to modernise and streamline the sharing of government data between agencies and with the private and research sectors. Under the legislation, data will be shared for three purposes: government services delivery, informing government policy and programs, and research and development. The Consultation Paper contains a simplified summary of the legislative package. Submissions made by a group of multidisciplinary practitioners and academics highlight privacy and governance concerns. These include the override of Australia Privacy Principle (APP) 6 and the inherent conflict of National Data Commissioner whose mandate is to encourage data sharing with the enforcement of the regulation. The submission recommends that governance and assurance be regulated the Australian Information and Privacy Commissioner. You can read the submission here.
Read More
Automated Decision Making Transparency under GIPA Act
The increasing adoption of technology requires the preservation, assurance and assertion of information access rights. To achieve these outcomes, government licensing and contractual arrangements should ensure accessibility and ‘explainability’ in the provision of government services and decision making. The issue of algorithmic transparency of a government agency’s contractor is currently before the NSW Civil and Administrative Tribunal. The Agency provided some information to the Applicant but decided that other information is not held by the Agency as it is held by the Contractor and remains its intellectual property. The GIPA Act provides a right to access information held in a record of an NSW Government agency and that right may also apply to information held by contractors providing services to the public. The NSW IPC has published guidance for agencies under section 121 of the GIPA Act, including a template clause for agencies to include in contracts with third parties […]
Read More
Protecting Privacy by Minimizing Data
Posted with permission from Active Navigation, originally published on June 1. Ten years ago, there was no such thing as too much data. Notions about data being the “new oil” prompted organizations to horde every byte they could, hoping that they might be able to harness it down the road. Combined with the notion that “storage is cheap,” this belief has led many companies to exponentially increased their risk rather than their opportunity. New data privacy regulations in Europe and the United States impose a significant burden of care on organizations regarding their data collection processes. In fact, data minimization is a fundamental principle within the European Union’s General Data Protection Regulation (GDPR). Whether governed by the GDPR or state privacy regulations like the California Consumer Privacy Act (CCPA), businesses must now limit the personal data they collect and dispose of it once it is no longer needed for a […]
Read More
Is Your Data Estate an Unstructured Mess? How a Spring-Cleaning Project Can Reduce Your Organization’s Risk
Posted with permission from Active Navigation, originally published on June 10. In this special guest feature, Dean Gonsowski, Chief Revenue Officer at Active Navigation, InfoGovANZ’s Foundation Sponsor, focuses on what steps a company needs to follow to review, understand and clean-up their data to eliminate security risks. As a former […]
Read More
COVID19 – Data and Privacy
COVID-19 has brought to the forefront the importance of real-time accurate data for scientists to analyze and model and for government leaders to make decisions on. InfoGovANZ has complied a series of COVID-19 curated articles and resources, updated monthly. June 2020 OVIC has released new guidance on how the exemptions in the Freedom of Information Act should be applied. OVIC has updated the FOI and COVID19 FAQs for agencies – read them here – to include questions about the new COVID-19 regulations including: what to do if your agency is completely shut down; and how to verify an applicant’s identity. Australian Information and Privacy Commissioner (OAIC) has updated it’s FOI FAQ with the latest COVID-19 relevant questions including how to make an FOI complaint during the COVID-19 outbreak. May 2020 Australian and New Zealand Information Access Commissioners join with their international counterparts in their clear call for documentation, preservation and […]
Read More
COVID19 – EU, US & International Resources
Below is a collection of useful privacy and data protection resources from the EU, US and globally. Data Protection Authorities guidance on COVID-19 published by Data Protection Authorities (DPAs) collated by International Association of Privacy Professionals. These provide information and frequently asked questions on data processing and COVID-19 across a range of countries. Resources page on crucial privacy and data protection law issues arising from COVID-19 covering the EU & globally by Law, Science, Technology & Society of the Vrije Universiteit Brussel. The Initiative is of direct interest for LSTS researchers, most notably in the context of the Brussels Privacy Hub (BPH) work on data protection in humanitarian action as well as the work of ALTEP-DP project. US Privacy and Data Protection Resources related to COVID-19, together with other international resources has been compiled by the Future of Privacy Forum.
Read More
What is Good Government Data Sharing?
The Australian Federal Government has been conducting an extended consultation as to how data linkage and data sharing between government agencies might be accommodated through a special purpose statute that walks the fine line of maintaining digital trust and meeting data privacy concerns of citizens and civil society organisations, while facilitated controlled good data sharing between agencies. The Data Availability and Transparency Bill (DATA), is proposed to be released in this calendar quarter. In this in depth analysis, Professor Peter Leonard has canvassed the challenges which this new federal data sharing law will need to address and compared current proposals with existing government agency data sharing laws in NSW, Vic and SA. While Peter concludes that the DATA is a welcome development, he also notes that bigger questions loom about use of the powerful tools which data sharing puts into the hands of Governments, as illustrated by the Robodebt controversy. […]
Read More
Privacy-Preserving Data Sharing Frameworks
This is the third in a series of papers and develops a practical solution providing a framework for privacy preserving data sharing, addressing technical challenges as well as data sharing issues more broadly. It builds on the 2018 ACS Report, Privacy in Data Sharing: A Guide for Business and Government, expanding the concept of a Personal Information Factor and introducing a Utility Factor with worked examples. Download the report here
Read More
Infonomics – valuing information assets
Infonomics is the discipline of valuing Information Assets and it is based on the idea that information is an enterprise asset that should be counted and managed. This article explains why Infonomics is becoming increasingly important. Information Assets (data, information, published content and knowledge) are arguably an organisation’s most vital and strategic resource. Providing the right data to the right people at the right time is critical to every business activity, every business process and every business decision. Information Assets are the only ones that cannot be replaced if lost or destroyed. They are foundational to all high-profile business solutions and technology enablement: to analytics, artificial intelligence and machine learning; cyber-security; cloud computing; Blockchain and the Internet Of Things; and almost any form of innovation and disruption. Unlike other physical or even financial assets that can only be used once then are used-up, any Information Assets can be used […]
Read More
Identity Conference 2019 – Identity as taonga: now and in the future
He taonga te tuakiri: āianei, haere ake nei New Zealand’s Identity Conference 2019 was the fourth in a series of conferences that began in 2008. The conference was held at the Museum of New Zealand Te Papa Tongarewa, Wellington, on 26 and 27 August 2019. The conference purpose or ‘big idea is to look at the identity-related problems of today and the solutions of tomorrow’. Carol Feurriegel recounts some of the highlights from the conference. “Identity is a complex and sensitive area. It reflects our sense of self and it is also at the heart of relationships between people and organisations. Our Identity is our taonga” to quote Professor Steve Warburton, in his keynote address as Chair of the Identity Conference 2019 on Monday 26thAugust. It is fitting that the premier event that takes a multi-disciplinary perspective on Identity is held at Te Papa Tongawera, Museum of New Zealand in Wellington. “Taonga” means ‘treasure’ in […]
Read More
AI Safety and the Bletchley Declaration
Australia was one of the 28 signatories to the Bletchley Declaration, which emerged from the global AI Safety Summit, where heads of state, senior ministers, AI leaders and other experts from across the globe congregated to set an international framework for developing safe AI. The Declaration provides that the agenda for […]
Read More
US President issues Executive Order on AI
Two days before the Bletchley Declaration, U.S President, Jo Biden, issued his first Executive Order on the Safe, Secure and Trustworthy Development and Use of AI stating that his Administration ‘places the highest urgency on governing the development and use of AI safely and responsibly, and is therefore advancing a coordinated, […]
Read More
Computational Power and AI
Given the push to build AI at ever increasing scale and the risks, this timely report from the AI Now Institute looks at the material costs and why concentration in compute is driving a race to the bottom. As the report explains, computational power, is a core dependency in building large-scale […]
Read More
Singapore IMDA launches Generative AI Evaluation Sandbox
In the day between the U.S President’s Executive Order on AI and the Bletchley Declaration being signed, Singapore’s IMDA and AI Verify Foundation launched the “Generative AI Evaluation Sandbox”, a new initiative to build knowledge and develop new benchmarks and tests for generative AI (GAI) systems. This is part of the effort […]
Read More
The risks for professionals relying on Generative AI
Two recent examples where reliance was placed on Generative AI generated content have highlighted the risks and the consequences when independent checking and verification are not undertaken. One involved two lawyers in the US where closing submissions referred to Chat GPT generated cases that did not exist, and the other […]
Read More
Explaining decisions made by AI
The UK Information Commissioner’s Office and The Alan Turing Institute have released a guidance to provide practical advice to organisations to help explain the processes, services and decisions delivered or assisted by AI, to the individuals affected by them. The guidance consists of three parts. Depending on your level of expertise, and the make-up of your organisation, some parts may be more relevant than others. Read the Guidance here. Part 1: The basics of explaining AI Aimed at DPOs and compliance teams, part one defines the key concepts and outlines a number of different types of explanations. It will be relevant for all members of staff involved in the development of AI systems. Part 2: Explaining AI in practice Aimed at technical teams, part two helps you with the practicalities of explaining these decisions and providing explanations to individuals. This will primarily be helpful for the technical teams in your organisation, however your […]
Read More
Zoom clarifies that it won’t use data without consent for AI training
In the past few weeks, there have been media reports pointing out that Zoom’s updated Terms of Service introduced in March, would enable Zoom to use data collected for AI training purposes. Last week, the CEO of Zoom this has led Zoom to announce that it will not use data for AI training without explicit consent for users. However, it highlights how vigilant organisations need to be in monitoring third-party providers’ changes to third-party technology providers and implementing changes to policies and processes if appropriate. Zoom has recently introduced two generative AI features — Zoom IQ Meeting Summary and Zoom IQ Team Chat Compose – which offer automated meeting summaries and AI-powered chat composition. The Zoom account owners and administrators who control whether to enable these AI features for their accounts. Chief Product Officer Smita Hashim explained, ‘We’ve updated our terms of service (in section 10) to further confirm that Zoom does not use any […]
Read More
The Good Shepherd Model for Cybersecurity, Privacy and Regulatory Compliance
WHITE PAPER Four principles for protecting private data to improve compliance with privacy regulations Executive Summary Regulators Sharpen their Focus on Protecting Private Data “Assume You Are Compromised” – Now What? The Good Shepherd Model Case Study: Investigating a Datacenter Breach the Hard Way Security and Privacy are Strategic […]
Read More
Interim guidance for agencies on government use of generative AI platforms
The Digital Transformation Agency (DTA) and the Department of Industry, Science and Resources (DISR) have released interim guidance on government use of publicly available generative AI platforms. The interim guidance is recommended for government agencies to use as the basis for providing generative AI guidance to their staff. You can access the Guidance here – Interim guidance for agencies on government use of generative AI platforms | aga (digital.gov.au) DTA and DISR also recommend agencies: implement an enrolment mechanism to register and approve staff user accounts to access generative AI platforms. This should include appropriate approval processes through Chief Information Security Officers (CISO) and/or Chief Information Officers (CIO). establish an avenue for staff to report any exceptions made to adhering to the guidance through your CISO/CIO. This should be reported periodically to the DTA by emailing digitalpolicy@dta.gov.au. seek to move to commercial arrangement for generative AI solutions as soon as it is possible to […]
Read More
Ethics in the Age of Disruptive Technologies: An Operational Roadmap
Ethics in the Age of Disruptive Technologies: An Operational Roadmap (ITEC Handbook) by José Roger Flahaux, Brian Patrick Green, and Ann Skeet, offers organisations a strategic plan to enhance ethical management practices, empowering them to navigate the complex landscape of disruptive technologies such as AI, machine learning, encryption, tracking, and others while upholding strong ethical standards. The Institute for Technology, Ethics and Culture (ITEC), housed at the Markkula Center for Applied Ethics at the Santa Clara University, is a collaboration between the Center and the Vatican’s Dicastery for Culture and Education. The Institute convenes leaders from business, civil society, academia, government, and all faith and belief traditions, to promote deeper thought on technology’s impact on humanity. Download the ITEC Handbook via the link here
Read More
Safe and Responsible AI Discussion Paper
The Government’s Safe and Responsible AI in Australia Discussion Paper was released by Science and Industry Minister, Ed Husic MP released last week. The Discussion Paper canvasses existing regulatory and governance responses in Australia and overseas, identifies potential gaps and proposes several options to strengthen the framework governing the safe and responsible use of AI. The paper builds on the recent Rapid Research Report on Generative AI delivered by the government’s National Science and Technology Council. Also released is the National Science and Technology Council’s paper Rapid Response Report: Generative AI assesses potential risks and opportunities in relation to AI, providing a scientific basis for discussions about the way forward. Access the Safe and Responsible AI in Australia Discussion Paper here Access the Rapid Research Report on Generative AI here You can have your say on the discussion paper by answering some or all of the 20 questions on the Government’s online survey and upload a separate submission if needed – access the link here Make […]
Read More
Regulating AI in the UK (part 2)
Last month we brought you the UK Government’s White Paper released on 29 March 2023, to implement a pro-innovation approach to AI regulation and the EU’s AI Act with Tom Whittaker’s flowchart to assist in navigating the proposed EU AI. Tom Whittaker of Burgess Salmon (UK) has developed a further flowchart to assist in navigating the proposed UK approach to AI regulation. It identifies the key decisions to be considered and references the relevant sections of the White Paper. As Tom points out, organisations may find they need to navigate multiple regulatory regimes and jurisdictions. How they comply with each of those regulations (and other relevant laws) may look very different. For example, you can see the different approaches being taken by looking at the one-page visual on anticipated AI regulations in the UK, EU and US, see the horizon scanning access here; and the glossary of existing and anticipated AI definitions […]
Read More
The State of AI Governance in Australia
The Human Technology Institute has just released a report into the The State of AI Governance in Australia providing a timely overview of how organisations are approaching the governance of AI in Australia today. Its findings are based on surveys, structured interviews, and workshops engaging more than 300 Australian company directors and executives, as well as expert legal analysis and extensive desk research. The report reveals that corporate leaders are largely unaware of how existing laws govern the use of AI systems in Australia. The report finds that both company directors and senior executives see huge opportunities for AI systems to improve productivity, process efficiencies, and customer service. But investment in AI systems and technical skills has not been matched by investment in AI system management and governance. Furthermore, corporate leaders report that they lack the awareness, skills, knowledge and frameworks to use AI systems effectively and responsibly. The report suggests four […]
Read More
A Taxonomy of Trustworthiness for Artificial Intelligence
A new report published by the UC Berkeley Center for Long-Term Cybersecurity (CLTC) aims to help organizations develop and deploy more trustworthy artificial intelligence (AI) technologies. A Taxonomy of Trustworthiness for Artificial Intelligence: Connecting Properties of Trustworthiness with Risk Management and the AI Lifecycle(opens in a new tab), by Jessica Newman, Director of CLTC’s AI Security Initiative (AISI) and Co-Director of the UC Berkeley AI Policy Hub, is a complement to the newly released AI Risk Management Framework, a resource developed by the U.S. National Institute of Standards and Technology (NIST) to improve transparency and accountability for the rapid development and implementation of AI throughout society. “This paper aims to provide a resource that is useful for AI organizations and teams developing AI technologies, systems, and applications,” Newman wrote. “It is designed to specifically assist users of the NIST AI RMF, however it could also be helpful for people using any kind […]
Read More
GPT and Generative AI: How it works, the risks and how it impacts the legal profession and legal services?
2023 appears to be well and truly the year of AI. Ever since the release and world-wide attention of ChatGPT by OpenAI in late in 2022, followed recently with the release of GPT-4, it seems there is a new release or a new revelation on a daily basis about the way in which these Generative AI tools appear to be able to do with ease, tasks that have previously been very labour intensive and manual. Regardless of how far we will be able to utilise these tools and integrate them into the corporate workplace, clearly the advent of AI systems being able to generate text with little or no effort or cost, is the precipice of significant change. The purpose of this article is to provide some insights into these tools, and some considerations in how they could be used, and some tips for crafting prompts and using LLMs. […]
Read More
Navigating the new EU AI Act
Tom Whittaker of Burges Salmon UK has developed a flowchart to assist navigating the new EU AI Act. This new act is is extra-territorial and the obligations (and risk of penalties + enforcement) still arise where certain legal entities are based outside of the EU. Originally posted here
Read More
Regulating AI in the UK
The UK Government released on 29 March a White Paper setting out plans for implement a pro-innovation approach to AI regulation. The intention is not to introduce AI legislation ‘too early’ and relies on collaboration between government, business and empowering regulators to take the lead. The principles to guide regulator responses are: safety, security and robustness; appropriate transparency and explainability; fairness; accountability and governance; contestability and redress. The consultation period for the Paper and related Impact Assessment closes on 21 June 2023 – you can read more about the pro-innovation approach to AI regulation here.
Read More
ChatGPT Proves a Mediocre Law Student
[Note: InfoGovANZ thanks Craig Bell for permission to republish his article here, which was first published on Ball in Your Court] I recently spent a morning testing ChatGPT’s abilities by giving it exercises and quizzes designed for my law and computer science graduate students. Overall, I was impressed with its performance, but also noticed that it’s frequently wrong but never in doubt: a mechanical mansplainer! If you’re asking, “What is ChatGPT,” I’ll let it explain itself: “ChatGPT is a large language model developed by OpenAI. It is a type of machine learning model called a transformer, which is trained to generate text based on a given prompt. It is particularly well-suited to tasks such as natural language processing, text generation, and language translation. It is capable of understanding human language and generating human-like text, which makes it useful for a wide range of applications, such as chatbots, question-answering systems, and […]
Read More
NIST AI Framework
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released its AI Risk Management Framework (AI RMF 1.0) a guidance document for use by organisations designing, developing, deploying or using AI systems to help manage the many risks of AI technologies. It was released along with a companion NIST AI RMF Playbook, AI RMF Explainer Video, an AI RMF Roadmap, AI RMF Crosswalk, and various Perspectives. To get an overview of the AI national and international regulatory landscape at October 2022, you can read the NSW Information and Privacy Commissioners high-level analysis and overview here – AI National and International Regulatory Landscape – InfoGovANZ
Read More
AI National and International Regulatory Landscape
The NSW Information and Privacy Commissioners have undertaken a high level scan of the national and international regulatory relevant to AI, which includes: Governance models used internationally in regulating AI and a recognition of Horizontal and Hybrid (broad based and legislative/policy) and Vertical (rights specific and single treatment type) approaches […]
Read MoreCOVID-19
COVIDSafe privacy report
In November, OAIC published their final COVIDSafe privacy report in accordance with s 94ZB of the Privacy Act, which examined compliance and risk throughout the ‘information lifecycle’ of COVID app data collected during the pandemic. Read the COVIDSafe Report May–November 2022 here.
Read More
National COVID-19 Privacy Principles
The Office of the Australian Information Commissioner and State and Territory privacy commissioners have produced universal privacy principles to support a nationally consistent approach to solutions and initiatives designed to address the ongoing risks related to the COVID-19 pandemic. These high-level principles provide a framework to guide a best practice […]
Read More
Report into delay in Victorian FOI decisions
The Victorian Information Commissioner’s report into the delay in disclosure of government documents under the Freedom of Information Act 1982 (Vic) was recently tabled in the Victorian Parliament. Between 2015 and 2020, the proportion of FOI decisions made on time in Victoria declined from 95% to 79%. The investigation examined […]
Read More
COVID19 – Data and Privacy
COVID-19 has brought to the forefront the importance of real-time accurate data for scientists to analyze and model and for government leaders to make decisions on. InfoGovANZ has complied a series of COVID-19 curated articles and resources, updated monthly. June 2020 OVIC has released new guidance on how the exemptions […]
Read More
Australia and New Zealand’s COVID-19 Contact Tracing Apps – Differences in Approach on the Road to Recovery
While Australia and New Zealand were able to flatten the COVID-19 curve, the approaches of each country have somewhat differed, both in relation to the level of restrictions imposed on citizens, as well as the type of contact tracing technology deployed. Australia and New Zealand stand alongside Germany, South Korea and Singapore as examples of countries that followed the advice of their scientists and moved into lockdown in a timely way to limit the spread of the COVID-19 virus. Australia, similar to other countries, experienced a doubling of COVID-19 positive people every two days as it went into lockdown. The containment of the coronavirus in Australia and New Zealand is a result of a multipronged strategy that includes prompt lockdowns restricting movement and requiring social distancing; quarantining of international travellers for 14 days; and a high rate of testing and contact tracing. The governments of both countries have developed their […]
Read More
COVID19 – Contact Tracing publications
There have been a variety of perspectives on the COVIDSafe app released on 26 April 2020 and the CovidSafe Act enacted on 14 May 2020. Professor Peter Leonard from UNSW Business School in ‘Novel coronavirus spawns novel law-making in Australia‘, looks at the consultative process that resulted in data governance and data accountability in the CovidSafe Act to ensure that the data collected would be safe from other arms of government for other purposes. Visting Professor Roger Clarke at UNSW Law has looked at early user-experiences of the app and questioned the ability of the app to achieve its aim – read his two articles here and here. In ‘The COVIDsafe APP: A Case Study in Professional Responsibility‘, Professor Clark sets out the role and onus of IT professionals to be realistic about the app’s limitations. Professor Greenleaf and Dr Kemp from UNSW Law, in ‘Austalia’s COVIDSafe Experiment, Phase III: […]
Read More
COVID19 – NZ COVID Tracer App
New Zealand’s Ministry of Health launched the NZ COVID Tracer app on 20 May 2020, in a move welcomed in a statement by the NZ Privacy Commissioner. You can read the privacy impact assessment here. Living in a world with COVID-19 means greater requirements to register your presence wherever you go. But what does that mean for your privacy? NZ Privacy Commissioner John Edwards speaks about good policy when it comes to protecting people’s privacy in any technical solution to contact tracing in this interview.
Read More
Information Governance + COVID-19 Roundtable Report
To celebrate Information Awareness Month (IAM2020) and Privacy Awareness Week (PAW2020), we kicked off with an online panel discussion on the myriad of Information Governance issues arising from the COVID-19 pandemic. Our panellists included – Melanie Marks, Christopher Colwell, Sonya Sherman, Dr Peter Chapman, Matthew Golab and the discussion was […]
Read More
Australia Considers How to Approach Pandemic Contacts Tracing
COVID-19 has brought to the forefront the importance of real-time accurate data for scientists to analyse and model and for government leaders to make decisions on. A number of articles have highlighted the importance of data and privacy, including Australia Considers How to Approach Pandemic Contacts Tracing by Jeremy Kirk, Executive Editor for Security and Technology, Information Security Media Group.
Read More
Video Conferencing – Privacy Policy Checks
Stay at home requirements during COVID-19 have led to a dramatic increase in video conferencing for both work and maintaining social connections with family and friends. The adoption of video conferencing tools over the last weeks has been impressive but it calls into question whether are most users aware of the data and privacy implications of using these tools. NYOB, an EU based not-for-profit with the mission of making privacy a reality, has carried out a review of the privacy policies of six video conferencing tools: Zoom, Webex Meetings (Cisco), Meeting (LogMeIn), Skype and Teams (both Microsoft) and Wire. Report on privacy policies of video conferencing services – 2020- NYOB
Read More
COVID19 – EU, US & International Resources
Below is a collection of useful privacy and data protection resources from the EU, US and globally. Data Protection Authorities guidance on COVID-19 published by Data Protection Authorities (DPAs) collated by International Association of Privacy Professionals. These provide information and frequently asked questions on data processing and COVID-19 across a […]
Read More
COVID19 – ANZ Legislation Update
In Australia, COVID-19 was declared a ‘human biosecurity emergency’ under the Biosecurity Act 2015 (C’th) on 21 March 2020. Dominic Villa SC has set up a useful collection of Australian legal resources relating to the coronavirus pandemic. Collating together the various statutory instruments that have been enacted by the Commonwealth and State Governments to deal with COVID-19, such as the Public Health (COVID-19 Restrictions on Gathering and Movement) Order 2020 (NSW) and similar orders in other states. In New Zealand, COVID-19 Response (Urgent Measures) Legislation Act 2020 is an omnibus Act to put in place for the necessary arrangements in order to implement COVID-19 Alert Level 4, or where arrangements are essential to respond effectively to COVID-19. The Law Society has published a COVID-19 Information page for legal practitioners, listing relevant NZ resources.
Read More
COVID19 – Global Open Data Initiatives
The Open Government Partnership (OGP) has created a webpage collating government approaches responding to COVID-19. The open government community is focused on applying the principles of transparency, accountability and participation to the COVID-19 response. The webpage contains a crowd sourced list from a wide range of countries with a […]
Read MoreIG Case Studies
The Transforming Data Landscape: Privacy, AI, and Regulatory Changes
Read the Insights In the recent Nuix Executive Seminar, the issue of how organisations can thrive with era-defining issues like AI and data privacy were examined and keys for success identified. Stefan Hajkowicz, Principal Research Consultant, Strategy and Foresight CSIRO and drafter of the Australian Government AI Governance Framework provided his insights and guide to data in the new landscape. One of his key points was that while data and AI can help you make better decisions, it is the culture and skills of your decision-makers that matters most. Susan Bennett, Founder InfoGovANZ in her presentation, highlighted the importance of integrated governance of data, technology and regulatory compliance in order to maximise opportunities and minimise risks as part of modern corporate governance. And Melissa Fai, Partner of Gilbert + Tobin, Technology and IP addressed the challenges for organisations in complying with new privacy regulations and data disposal. Thanks to Nuix, you can […]
Read More
The Good Shepherd Model for Cybersecurity, Privacy and Regulatory Compliance
WHITE PAPER Four principles for protecting private data to improve compliance with privacy regulations Executive Summary Regulators Sharpen their Focus on Protecting Private Data “Assume You Are Compromised” – Now What? The Good Shepherd Model Case Study: Investigating a Datacenter Breach the Hard Way Security and Privacy are Strategic […]
Read More
Cleansing and Organizing Unstructured Data Stores in Preparation for Migration – ActiveNav
Background Regional wholesaler and largest supplier of treated water in the United States serving 19 million people, The Metropolitan Water District of Southern California (The “District”) had accumulated 80 TB of data over 30 years of file share use. With 1800 employees, the process to clean up the data was not only a technical feat, but also a daunting organizational project. A District-wide employee assessment determined the legacy file systems were not meeting the District’s needs for sharing information among staff and stakeholders. Staff reported they could not readily find information needed for daily operations and much of the data appeared obsolete. To improve information access and governance, the District planned to migrate its file share data to the cloud and tag it with searchable metadata. However, they realized that first the data needed to be understood, cleansed, and better organized. At a Glance ABOUT Public Sector Utility 1800 Employees […]
Read More
Active Navigation – Equifax Case Study
Following the highly publicised Equifax data breach in 2017, Active Navigation’s software was deployed into a complex tech stack and worked to identify, classify and protect sensitive data assets. While IG, Legal, Risk and eDiscovery practitioners understand the need to minimise data in accordance with justifiable disposition of data and […]
Read More
Ameritas Leverages Technology for Improved Information Governance
This latest case study from the Information Governance Initiative demonstrates how Ameritas, an insurer, began with a pilot project to tackle a clearly identified business problem which they addressed using data analysis, indexing, searching, tracking and reporting tools from Active Navigation. Read the article now
Read More
Roadmap to Reducing Your Biggest Information Risk
In this white paper, sponsored by IGANZ supporter Active Navigation, Russel Stalters, CEO of Clear Path Solutions, outlines a roadmap for reducing your organisation’s biggest information risk. Read the article
Read More
Making IG Real: Six Stories from the Front Lines of Information Governance Success
Over a typical business cycle, a large organisation produces staggering volumes of data. This will include essential records, valuable business intelligence, and knowledge uniquely relevant to the business. But frequently 50% or more of the content is utterly useless – it is dead weight, consuming storage capacity and obscuring the […]
Read More
Information Governance at Work: Pandora Media
With the help of the file analysis and governance experts, the Pandora GRC team discovered that at least 60% of its unstructured data had no value and there was no business or legal reason to continue to spend precious resources on protecting and storing it. So they took control, realising significant […]
Read More
Information Governance Case Study – Les Schwab
Looking at one organization’s experience with IG, can provide valuable lessons and practical insights that will help all IG professionals mature their IG programs. This case study details a common but complex IG problem: managing the relationships among key IG players. Read the article now
Read MoreIGANZ Industry Report 2023
Member only content (join now)
IGANZ Industry Report 2021
Member only content (join now)
IGANZ Industry Report 2019
Member only content (join now)
IGANZ Industry Report 2017
Member only content (join now)
Governance of Things - Keeping Our Members Up To Date
Each month we send to our members The Governance of Things newsletter with feature articles, latest news and developments, and upcoming events. You can explore past editions of the Governance of Things below.
Member only content (join now)
Member only content (join now)
Member only content (join now)
Member only content (join now)
Member only content (join now)
