Cleansing and Organizing Unstructured Data Stores in Preparation for Migration – ActiveNav
Background Regional wholesaler and largest supplier of treated water in the United States serving 19 million people, The Metropolitan Water District of Southern California (The “District”) had accumulated 80 TB of data over 30 years of file share use. With 1800 employees, the process to clean up the data was […]
Read More
Privacy Act Review Report
The long awaited report reviewing Australia’s Privacy Act 1988 has been released by the Australian Government, proposing significant changes including individual rights modelled on the GDPR, such as the right to request erasure, and notification of databreaches to Office of the Australian Information Commissioner within 72 hours. Attorney-General Dreyfus’ statement […]
Read More
Information Lifecycle Management: what is it and how it reduces risk?
Most organisations are collecting and generating exponentially increasing volumes of data each year. However, many organisations struggle to safely and efficiently dispose of data that is no longer needed for regulatory retention requirements or for legitimate purposes, as required, for example, under the Australian Privacy Principles (APPs), the General Data Protection Regulation (GDPR) and the Californian Privacy Rights Act (CPRA). On top of the complexity of keeping track of data within the organisation, the perception that data is ‘the new oil’ and increasingly cheap storage costs are typical reasons why data is not actively managed and disposed of when no longer required. The Optus Data Breach and the increasing number of decisions by regulators in the US and EU underscore the risk and consequences of over-retention of data for organisations. Most of these decisions on over-retention of data arise from inadequate cyber security and have resulted in monetary sanctions and, […]
ChatGPT Proves a Mediocre Law Student
[Note: InfoGovANZ thanks Craig Bell for permission to republish his article here, which was first published on Ball in Your Court] I recently spent a morning testing ChatGPT’s abilities by giving it exercises and quizzes designed for my law and computer science graduate students. Overall, I was impressed with its performance, but also noticed that it’s frequently wrong but never in doubt: a mechanical mansplainer! If you’re asking, “What is ChatGPT,” I’ll let it explain itself: “ChatGPT is a large language model developed by OpenAI. It is a type of machine learning model called a transformer, which is trained to generate text based on a given prompt. It is particularly well-suited to tasks such as natural language processing, text generation, and language translation. It is capable of understanding human language and generating human-like text, which makes it useful for a wide range of applications, such as chatbots, question-answering systems, and […]
OECD Declaration on Government Access to Personal Data held by Private Sector Entities
On 14 December 2022, the OECD members adopted the Declaration on Government Access to Personal Data held by Private Sector Entities. It is an intergovernmental agreement on common approaches to safeguard privacy and other human rights and freedoms when accessing personal data for national security and law enforcement purposes, and seeks to promote trust in cross-border data flows, a critical enabler of the global economy. The scope of the declaration consists of three main sections: Legitimate government access on the basis of common values Promoting trust in cross-border data flows Principles for government access to personal data held by private sector entities You can read the Declaration here – OECD Legal Instruments
OECD Declaration on a Trusted, Sustainable and Inclusive Digital Future
On 15 December 2022, the OECD members adopted the Declaration on a Trusted, Sustainable and Inclusive Digital Future. The Declaration calls on the OEDC through the Committee on Digital Economy Policy (CDEP) to develop policy standards and guidance for a trusted, sustainable, inclusive digital future for our countries that reflect shared values and put people at the centre. The background to the Declaration is the accelerated digital transformation, particularly since the COVID-19 pandemic, which has brought opportunity and risk, requiring policy makers to develop whole-of-government policy response and manage related risks. The list of actions is extensive and wide-ranging – you can read them here OECD Legal Instruments .
NIST AI Framework
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released its AI Risk Management Framework (AI RMF 1.0) a guidance document for use by organisations designing, developing, deploying or using AI systems to help manage the many risks of AI technologies. It was released along with a companion NIST AI RMF Playbook, AI RMF Explainer Video, an AI RMF Roadmap, AI RMF Crosswalk, and various Perspectives. To get an overview of the AI national and international regulatory landscape at October 2022, you can read the NSW Information and Privacy Commissioners high-level analysis and overview here – AI National and International Regulatory Landscape – InfoGovANZ
Changes to Australia’s Privacy Act: Overview and Preparation Checklist
In the wake of the recent wave of high-profile data breaches at Optus, Medibank and MyDeal, the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 was passed by Federal Parliament on 28 November 2022. The Attorney-General referred to the data breaches as having highlighted ‘the potential to cause serious financial and emotional harm […]
Read More
NSW introduces Mandatory Notification of Data Breaches
On 16 November 2022, the NSW Parliament passed amendments to the Privacy and Personal Information Protection Act 1998 (PIPA). The amendments to the PPIP Act aim to strengthen privacy legislation in NSW by: creating a Mandatory Notification of Data Breaches (MNDB) Scheme which will require public sector agencies bound by the […]
Read More
AI National and International Regulatory Landscape
The NSW Information and Privacy Commissioners have undertaken a high level scan of the national and international regulatory relevant to AI, which includes: Governance models used internationally in regulating AI and a recognition of Horizontal and Hybrid (broad based and legislative/policy) and Vertical (rights specific and single treatment type) approaches […]
Read More
Optus Data Breach – the risks of data over – retention
The Optus Data Breach incident has shed some much-needed light on the need for robust, top-down board governance over organisational data and information. It is evident that this attack has demonstrated the need for organisations to sufficiently invest in cyber-attack prevention, detection and response. While the Optus data breach is […]
Read More
Information Lifecycle Management: what is it and how it reduces risk?
Most organisations are collecting and generating exponentially increasing volumes of data each year. However, many organisations struggle to safely and efficiently dispose of data that is no longer needed for regulatory retention requirements or for legitimate purposes, as required, for example, under the Australian Privacy Principles (APPs), the General Data […]
Read More
2022 Information Awareness Month One Day Seminar
This year’s Information Awareness Month One Day Seminar took place at the iconic Institute Building (1861), the first public cultural building in South Australia and was also livestreamed. The theme was “Building Trust in Information” and discussions revolved around facets that we need to trust in order to have trust in information. These included trust in people, process, technology and government. The seminar opened with remarks from Geoff Strempel, Director, State Library of South Australia. As a society we are “drowning in data” and in a knowledge economy IM practitioners are the trustees of information. A huge challenge is the massive data sets that need computers and machine learning to extract patterns and interpretations, but human intellect is still required to assess the outcomes and ultimately arrive at wisdom. ML and AI also raise ethical and privacy dilemmas as technology enable computers to essentially have free reign across the data. […]
New Frontiers and Information Technology Governance
Professor Michael Adams, Head of UNE Law School, InfoGovANZ Advisory Board Introduction The last two years have been a period of disruption due to COVID-19 pandemic and the need for all businesses and organisations to “pivot”. In the information governance space this has been a major positive and a serious […]
Read More
InfoGovANZ releases the Information Governance Primer
Susan Bennett, Executive Director of Australian based think tank, Information Governance ANZ (InfoGovANZ), is delighted to launch the Information Governance Primer, which provides a wide-ranging overview on the fundamentals of good information governance. In today’s digital environment, the growing number and complexity of challenges associated with data and information have […]
Read More
IAM 2021 Events Summary Report
Information Awareness Month (IAM) is the opportunity for industry bodies and industry practitioners to work together to celebrate the amazing profession of managing information. The collaboration of industry groups continues to evolve by strengthening relationships which in turn, provides added exposure to all things information for all members. Industry bodies worked together to determine the trending issues impacting Information Management (IM) in 2021 and agreed that the National Archives of Australia (NAA) new policy “Building Trust in the Public Record” provided guidance on the theme for this year’s IAM. The IAM 2021 Events Summary report provides collaborative group members a summation of the discussions that occurred at each of the round tables with ideas to follow up in the ensuing years.
InfoGov IAM2021 Roundtable Report
The Information Governance (IG) Roundtable had an engaged discussion covering a wide range of current issues and drivers for information governance. The discussion covered: Drivers of Information Governance in 2021, the compelling reasons for organisations to implement Information Governance, what are the current challenges and actions for protecting information and more. Participants included Roxanne Missingham, Kathryn Dan, Alex Caughey Hutt, Dr Chris Colwell, Dani Wickman, Fiona Beatty, Judy Anderson, David Brous, Genevieve Dwyer, Brandon Voight, David Church, Amanda Dolman and Simon Costello. The roundtable was hosted by InfoGovANZ, facilitated by Susan Bennett and sponsored by ActiveNav. IG Drivers in 2021 Our discussion considered key trends in IG, noting that the InfoGovANZ IG Industry Report 2021 identified the three main drivers for IG as: External regulatory compliance and legal obligations; Good business management practices; and Internal technology restructuring or transitions. The role of regulatory compliance as a mechanism to elevate […]
Pioneer of IG – Dame Fiona Caldicott
Dame Fiona Caldicott, the first UK National Data Guardian for Health and Social Care passed away this year. Dame Fiona was the UK pioneer of Information Governance, with the publication of the Caldicott Report in 1997 setting the benchmark for the collection and use of personal information and the need for robust information governance to protect personal information. The Caldicott report established what became known as the Caldicott principles of information governance. The original six principles included: justify the purpose for using confidential information; use confidential information only when it is necessary; use the minimum necessary confidential information; access should be on a strict need-to-know basis; making sure anyone accessing confidential information is aware of their responsibilities; and comply with the law. In 2013, the Information Governance Review Report, chaired by Dame Fiona added a seventh principle and following a further review in 2016 an eighth principle was added. These made it clear […]
Building trust in the public record – Public Release schedule
The National Archives of Australia‘s new whole-of-government information management policy, Building Trust in the Public Record: managing information and data for government and community is now in force – https://bit.ly/3nfgGlV The new policy supports a holistic approach to information and asset management using information governance. The aim of the policy is to continue to improve information management capability within the Australian Government (Cth) to meet current and future needs for trusted, authentic and reliable records, information and data for government and community. Accompanying the policy release are new, updated and existing National Archives guides and supporting advice to help government agencies implement the policy and meet each of the 17 policy actions. Learn more about what is required here including reviewing and updating your information governance framework to incorporate enterprise-wide information management including governance of records, information and #data: https://bit.ly/3ndX5CC
Building Trust in the Public Record Highlights
Information Governance ANZ was pleased to host an interactive forum with David Fricker, Director-General of the National Archives of Australia regarding the new policy Building Trust in the Public Record: managing information and data for government and community. This interactive session covered: · Key information management requirements for Australian Government agencies · Actions that agencies can take to build information management capability and address areas of low performance · Current and future needs for authentic and reliable information and dat a by government and community The importance of trust David outlined the role of the National Archives and its responsibilities under the Archives Act 1983. NAA identifies archival resources, preserves them and provides the government and community with access to those resources. The Archives also develops standards to help Commonwealth agencies manage data and information – ensuring the integrity and accessibility of these resources for as long as they are needed. The public […]
Universities information governance in a time of COVID-19
Without a shadow of a doubt, 2020, will be remember for the impact of COVID-19, lockdowns, deaths and hospitals stretched to the limits. For Australia, the pandemic also followed the worst drought in a century and the worst bushfires in recorded history. This has had a profound impact on one of Australia’s largest exports, valued at over trillion dollars, education. Universities across Australia have been impacted in so many ways, which have pushed their systems to their limits. It has highlighted the importance of data and technology and the crucial importance of information governance. Issues In April 2020, I was interviewed by GRC Professional journal on the risks to universities (before COVID-19 had taken a grip, but once Chinese student visas were cancelled). I was asked “What are some the broad risks that universities face?” My reply was the current risk in Australian universities is, without doubt, the impact of […]
AI Transparency in Digital Government
In celebration of International Access to Information Day and Right to Know Week in NSW 2020, we held an event on AI Transparency in Digital Government with NSW Information Commissioner Elizabeth Tydd, Victorian Information Commissioner Sven Bluemmel and Dr Jat Singh, Senior Research Fellow at the University of Cambridge. The discussion focused on the duty government agencies have to disclose algorithms used in providing services and making decisions about services and benefits to citizens. The Commissioners highlighted that robust procurement processes are essential where technology using algorithms are being procured by agencies. Commissioner Bluemmel said the bar needs to be set really high where the algorithmic decision-making involves people and their liberties and livelihood. Transparency is necessary to understand how the decisions are made in order to assert our rights. Dr Singh pointed out that transparency needs to be meaningful so that it allows us to be able to interrogate, scrutinize and challenge, and it requires organisations to give careful consideration […]
NAA’s new policy: Building Trust in the Public Record
The National Archives of Australia (NAA) published in July 2020 the draft policy Building Trust in the Public Record: managing information and data for government and community. It was been released together with a list of supporting advice that exists, or will be developed or updated, to support the policy. InfoGovANZ submitted its feedback in response to the new policy, which is available here. The new policy will take effect from 1 January 2021 and will follow the current Digital Continuity 2020 policy (DC2020) which concludes at the end of this year. The policy seeks to improve information management capability within the Australian Government to meet current and future needs for authentic and reliable information and data by government and community.
For Governance, Integration Matters
Effective corporate governance is not a one-size-fits-all approach, as recognised by regulators and self-regulatory organisations around the world. Principles propounded by local advisory and governing bodies provide guidance on how to effectively and transparently manage an organization and ensure it is meeting its obligations to all stakeholders. We will examine how corporate governance principles can be enhanced and improved by the explicit integration of information governance into companies’ corporate governance schema. Corporate Governance Corporate governance is, in its most general terms, how a business is controlled, governed, and operated. Principles of good corporate governance include fairness, accountability, responsibility, and transparency. A company’s system of governance is its framework of rules, relationships, controls, and processes. Company management and boards have myriad responsibilities. These range from planning for pandemics, natural disasters, and other major events that can affect a company’s basic ability to conduct business and disrupt operations; managing the company’s […]
Information Governance Key to Good Corporate Governance
Information governance, data protection and security, privacy, cybersecurity and artificial intelligence (AI) have all become critical topics for boards and government bodies to consider. Historically, the issues tended to be dealt with under either ‘IT’ issues or records and information compliance issues. In recent years, the importance of cybersecurity, AI and data analytics together with changing privacy regulations have brought new governance challenges to the forefront of the minds of directors. Top issues for Directors There are common themes in the surveys of top issues confronting Boards of Directors, which have been carried out in recent years. These include the opportunities and challenges arising from technology innovation and disruption, the overriding concern of cybersecurity and data breach, which is highlighting the importance of information security, and regulatory compliance including changing privacy regulations. The Akin Gump Lawyers group in the USA report an annual “Top 10 topics for Directors” each year, […]
COVID19 – Global Open Data Initiatives
The Open Government Partnership (OGP) has created a webpage collating government approaches responding to COVID-19. The open government community is focused on applying the principles of transparency, accountability and participation to the COVID-19 response. The webpage contains a crowd sourced list from a wide range of countries with a variety of initiatives, including: the release of theoretical models and data underpinning governments’ strategies; digital platforms and apps to keep citizens informed; and efforts tackling misinformation and disinformation online. The Open Government Partnership (OGP) is a multilateral initiative that aims to secure concrete commitments from national and local governments to promote open government, empower citizens, fight corruption, and harness new technologies to strengthen governance. Formed in 2011, its members now include governments from across 78 countries and thousands of civil society groups, representing more than 2 billion people worldwide. Open government strives to provide transparency and accountability to the public, […]
Information and Data Governance Driving Interoperability
Achieving interconnected services, sharing and re-using information and data assets requires strategic planning and investment. The Data Interoperability Maturity Model (DIMM) is the latest advice from the National Archives of Australia for building interoperability under the Digital Continuity 2020 Policy. It highlights the importance of information and data governance to drive interoperability initiatives. The Director-General of the National Archives of Australia, David Fricker stated, ‘it is often said the data is the ‘oil’ of the 21st century, because in the future data will be the principal resource that drives our economy and our way of life. Just like oil, data has to be properly managed. It must discoverable, and of sufficient quality – pure, authentic and reliable – to drive the processes that rely on it. Unified information and data governance empowers an organisation to align its interoperability objectives while balancing associated risks.’ The DIMM’s downloadable assessment tool helps your […]
Automated Speech Recognition
While Automated Speech Recognition (ASR) technology has been present in various forms for decades, advances in statistical modelling, artificial intelligence (AI) and automation connectively have resulted in a new frontier for speech-based interaction between humans and computer systems. In this article Dr Peter Chapman, Director in the KPMG Forensic Technology team and InfoGovANZ advisory board member, details some of the current applications of ASR technology and offers guidance on a number of emerging governance issues associated with these technologies. As a concept, computerised Automated Speech Recognition (ASR) has been around almost as long as the computer itself. However, only in the last decade have the capabilities of ASR technology reached the point where wide-scale commercial adoption is viable1. Natural human speech contains slang terms, dialect peculiarities, abbreviations and other “non-standardised” content. While humans are very adept at managing these issues, the enormous variability of human speech makes ASR a very […]
Information Governance 2020
The Information Governance 2020 Roundtable took place on Monday, 18 November at the Governance Institute of Australia. The event covered highlights from the recent InfoGovANZ Survey Report, privacy developments and trends globally, the new ISO working group developing an Information Governance standard, and the new records management cloud-based system utilising machine learning at the Australian Human Rights Commission. There was a great turn out of members, sponsors and interested parties for a fantastic session covering a broad range of IG topics. Executive Director, Susan Bennett started the ball rolling with a summary of valuable insights from the most recent InfoGovANZ IG Survey Report, noting the trend towards improved Information Governance awareness and leadership recognition since our 2017 survey. Just over half of the organisations surveyed have an formal IG framework with clearly articulated policies and procedures. 90% of respondents expressed agreement with the definition of ‘information governance’ – although some […]
Information Governance: optimising the lifeblood of organisations
Data and information are increasingly becoming the lifeblood of organisations. However the exponential amounts of data being collected by companies and government alike, together with the risks and costs of holding and securing this information, have created a new set of issues for those responsible for organisational governance. IG provides a unified strategic framework for the control, security, optimisation and effective use of information. It is an essential part of good corporate governance, assisting organisations to maximise the value of information while minimising risks and costs by providing a mechanism to align policies and processes, people and technologies across an organisation. The IG diagram below shows different areas and activities within an organisation responsible for the security, control, optimisation and risk management of data and information. There may be more or fewer areas according to the type and size of the organisation. The key to implementing an effective information governance […]
Information Governance as a Key Enabler of Successful System Design
This is the first in a series of articles explaining how design information governance (IG) adds to the ontological and structural language that creates the ‘sensemaking’ framework for complex adaptive systems. In doing so, IG provides a foundational enterprise capability which enables adaptive behaviour and organizational resilience in the face of changes in the internal and external environment. Modern society is enabled by systems, some of them technology-centric like our road and rail networks, some human-centric like our system of parliamentary democracy, and some a more balanced mix like our health system. Successful systems are those that are effective in meeting the needs that they were designed (or emerged) to meet and are sustainable in the face of change. A key enabler of successful systems is appropriate design information. For example, the number and boundaries of electorates in our parliamentary democracy are periodically adjusted to ensure that the (design) […]
Information & Data Trends & Challenges – IAM 2019
InfoGovANZ joined with National Archives and other professional organisations including RIMPA, IM, DAMA, Australian Society of Archivists, Australian Library and Information Association as part of Information Awareness Month. The event provided an opportunity for industry leaders to share perspectives on contemporary information and data management trends and challenges. The Many Voices, One Message booklet summarising the key themes and topics discussed at the workshop has just been published this week. Access the booklet
Corporate governance in the digital economy: The critical importance of information governance
Information is critical to decision-making and plays an essential role across all three pillars of governance. The emerging driver of good information governance globally is compliance with regulatory obligations, particularly with the growth in global privacy laws. Effective information governance requires top-down board and senior executive leadership. Good corporate governance in the data driven and digital economy poses significant challenges for Boards and seniors executives. This article highlights the importance of information governance to ensure there is a unified strategy and framework to govern information effectively. Good information governance enables organisations to maximise the value of information as a business asset while minimising risks and costs, particularly those associated with data breach. Over the last 25 years there has a lot been written about corporate governance. There have been debates about the value it adds to an organisation and even the share price on the Australian Securities Exchange (ASX). […]
Jason R Baron: The Need for Information Governance more than ever
Presidential tweets, Self-destructing messages and the use of Shadow IT as the ‘new normal’: The need for Information Governance more than ever – Jason R Baron Thanks to Gilbert+Tobin and Thomson Geer for hosting very successful and engaging events in Sydney and Melbourne with Jason R. Baron presenting ‘Presidential tweets, Self-destructing messages and the use of Shadow IT as the ‘new normal’: The need for Information Governance more than ever’. Jason’s keynote was followed by panel discussions facilitated by Susan Bennett, Co-founder InfoGovANZ – the Melbourne panel included Victorian Privacy and Data Protection Commissioner, Rachel Dixon and Paul Noonan, Technology Partner at Thomson Geer; and the Sydney panel included NSW Privacy Commissioner, Samantha Gavel and Simon Burns, Technology Partner at Gilbert + Tobin. Jason’s keynote, delivered in his distinctive and thoroughly entertaining style, addressed the rapidly changing information landscape and the impact it is having on individuals and organisations. His observations […]
Governance Documents – the essential building blocks of Information Governance
What is Information Governance? Effective Information Governance is a key factor in delivering strong Corporate Governance. An organisation’s information governance defines the rules and the roles for protecting information, ensuring its proper use and providing maximum value to the business. Information governance is also concerned with protecting sensitive information, preserving and sharing knowledge, keeping records and mitigating information risks. Why is it important to corporate governance? Good information governance supports an organisation’s strategic objectives and corporate governance approach in a very pragmatic way by providing the tangible mechanisms (intellectual, architectural and procedural) for getting the right information to the right people at the right time to support business operations. What are governance documents? Governance documents are the tools through which direction and guidance is formally given to business operations. They are the policies, standards, procedures and data capture tools that define the minimum operating requirements for running the business. […]
Impact of Technology and Information Governance: impact of AI and Unconscious Bias
In Australia, New Zealand and around the world, the impact of social media and a 24/7 news cycle, has changed the ability of simple stories that would have been forgotten within days to be reported immediately and that the ‘trending’ of topics, indexed by hashtags (#) hurts the corporate world. The need for clearer communications strategies, especially in times of crisis management, has never been so urgent. Having a clear spokesperson, probably the CEO, who can explain events as they unfold and with transparency and integrity answer questions as are launched by journalists, competitors, regulators, lobbyists and shareholders, to name a few stakeholders. There are a number of researchers that examine the thoughts of corporate directors and other governance professionals to predict trends that impact on the top concerns of people. The importance of information governance is growing annually in the light of corporate governance requirements. Two particularly important sources are the US […]
Questions for boards to ask about cybersecurity
The Australian Cyber Security Centre (ACSC) has released a guide for boards and executives that discusses high-level topics to know about cyber security within organisations. Boards need to proactively build an understanding of their organisation’s specific cyber threat and risk environment. The Guide sets out how the board can understand as […]
Read More
Optus Data Breach – the risks of data over – retention
The Optus Data Breach incident has shed some much-needed light on the need for robust, top-down board governance over organisational data and information. It is evident that this attack has demonstrated the need for organisations to sufficiently invest in cyber-attack prevention, detection and response. While the Optus data breach is […]
Read More
2022 Information Awareness Month One Day Seminar
This year’s Information Awareness Month One Day Seminar took place at the iconic Institute Building (1861), the first public cultural building in South Australia and was also livestreamed. The theme was “Building Trust in Information” and discussions revolved around facets that we need to trust in order to have trust […]
Read More
OAIC Data Breach Notification Report
The Office of the Australian Information Commissioner’s (OAIC) latest Notifiable Data Breaches Report highlights how OAIC expects entities to prevent and respond to data breaches caused by ransomware and impersonation fraud. The OAIC received 446 data breach notifications from January to June 2021, with 43% of these breaches resulting from cyber security incidents. Data breaches arising from ransomware incidents increased by 24%, from 37 notifications in the last reporting period to 46. Read the latest report here.
Cyber Risk Management and the Value of Cyber Insurance
The technology revolution has created unprecedented developments in the way that business is transacted, how information is obtained, how we communicate with each other and how data is sourced and stored. The reality of these developments has also lead to unparalleled increases in the ability of criminals to act in a digital environment rather than in the physical world and cyber crime has never been more financially rewarding. Cyber risk and cyber exposure exists for every business that uses technology and connects to any form of information systems and networks. Size of business, industry factors and reliance on technology for critical operations can increase cyber risk vulnerability, but no business is immune. Managers are faced with the challenge of protecting against cyber risk and implementing strategies and procedures to safeguard against the potential loss and damage suffered in a cyber event. Cyber risk management is a holistic approach to evaluating […]
OAIC Data Breach report: January – June 2020
The Office of the Australian Information Commissioner (OAIC) has released its Notifiable Data Breaches (NDB) Report for January to June 2020. Malicious or criminal attacks remain the leading cause of data breaches involving personal information in Australia. Commissioner Angelene Falk said, ‘this trend has significant implications for how organisations respond to suspected data breaches — particularly when systems may be inaccessible due to these attacks. It highlights the need for organisations to have a clear understanding of how and where personal information is stored on their network, and to consider additional measures such as network segmentation, robust access controls and encryption.’ In other findings: Health service providers continued to be the top reporting sector (115 notifications), followed by the finance and education sectors, and the insurance industry making the top 5 sectors for the first time. The number of notifications resulting from social engineering or impersonation has increased by 47%. Actions taken by […]
Information Security Risk Management Practitioner Guide – OVIC
The Office of the Victorian Information Commissioner (OVIC) issues security guides to support the Victorian Protective Data Security Standards (VPDSS). This document provides organisations with guidance on security risk management fundamentals to enable them to undertake a Security Risk Profile Assessment (SRPA) as required under s89 of the Privacy and Data Protection Act 2014(PDP Act) and is designed to support practitioners and information security leads.
Information Governance + COVID-19 Roundtable Report
To celebrate Information Awareness Month (IAM2020) and Privacy Awareness Week (PAW2020), we kicked off with an online panel discussion on the myriad of Information Governance issues arising from the COVID-19 pandemic. Our panellists included – Melanie Marks, Christopher Colwell, Sonya Sherman, Dr Peter Chapman, Matthew Golab and the discussion was facilitated by Susan Bennett. The importance of connectivity and of access to trusted information, the role of fit for purposes systems to capture records during a crisis and accountability for decisions made during the pandemic period were all highlighted. Discussion around the COVIDSafeApp emphasised that privacy by design and governance of data are key for user trust. A key focus of the discussion were increased information security and cybersecurity risks with the move to working from home. These include the risks of data leakage, data breach, shadow IT and cyber-crimes. In summary, the discussion emphasised that the myriad of information, records, […]
Broken Trust – The Information Security Dangers of Insider Threats
The increasing awareness of external cyber-security threats has executives focused on how their organisation can be defended against the “enemy at the gates”. But are organisations just as much at risk from an “enemy within”? In this article Dr Peter Chapman, Director in the Ferrier Hodgson Forensic Technology and eDiscovery team and InfoGovANZ advisory board member, provides an opinion and case study on insider threat. The media provides us with constant reminders of the threat of cyber-criminals and other external attackers. Recent legislative and regulatory changes such as the European Union GDPR requirements and mandatory breach notification amendments to the Australian Privacy Act have only increased our awareness, specifically with regards to ensuring that personally identifiable information (PII) in the possession of the organisation is safeguarded. While PII data is undoubtedly a target of external attackers, and external threats must be guarded against, organisations may be overlooking significant insider […]
Information Security & Information Governance – how they work together
Information (data) security, cybersecurity and IT security all usually refer to the protection of computer systems and information assets by suitable controls, such as policies, processes, procedures, organizational structures and software and hardware functions. The type and extent of controls depends on the scope and maturity of the business function (usually the Security Department) applying the controls, or, depends on the specialisation/focus of the team, such as Perimeter/Firewall or Identity Management. Each function tends to have a different perspective of information security, compared to other functions, due to their focused specialisation. A close parallel is the health profession. You see a GP doctor when unwell, and are referred to a specialist who knows much more than your GP about a particular field of expertise. I know that my GP would not want to perform open heart surgery at all. And equally, a heart specialist would not have up-to-date and practical […]
Cyber Insurance: how it works and the benefits of Information Governance
As the number and size of cyber attacks on businesses continues to increase, the risk of experiencing a data breach is higher than ever. The resulting cost of these breaches can be significant – according to the Ponemon Institute’s 2017 Cost of Data Breach Study, these totalled $2.51 million per year across the organisations that were recruited for the research. As a result, an increasing number of organisations are choosing to invest in a cyber insurance policy, which allows them to claim cyber incident response expenses, regulatory fines, legal defence costs and business interruption losses. In other words, offset the cost of a potential data breach. This article outlines the benefits of cyber insurance and explains why, in today’s digital age, it is vital for organisations to invest in this class of insurance, in addition to understanding the information governance obligations that their insurance policy places on them. What […]
Privacy Act Review Report
The long awaited report reviewing Australia’s Privacy Act 1988 has been released by the Australian Government, proposing significant changes including individual rights modelled on the GDPR, such as the right to request erasure, and notification of databreaches to Office of the Australian Information Commissioner within 72 hours. Attorney-General Dreyfus’ statement […]
Read More
Balancing Organisational Accountability and Privacy Self-management in APAC
The Asian Business Law Institute and Future of Privacy Forum has published a report providing a detailed comparison of the requirements for processing personal data in 14 jurisdictions in APAC including Australia, China, India, Indonesia, Hong Kong SAR, Japan, Macau SAR, Malaysia, New Zealand, the Philippines, Singapore, South Korea, Thailand, and […]
Read More
LawFest 22: Re-connecting & challenging your thinking
On 28 September, 365 legal professionals from across Aotearoa and abroad gathered in person in Auckland for the premier legal innovation and technology event on the New Zealand calendar. LawFest is the only opportunity in New Zealand for the legal and technology community to come together to network, collaborate and […]
Read More
OAIC guidance on retention and deletion of PI
In July, OAIC published guidance on the retention and deletion of personal information (PI) collected during the COVID-19 pandemic. Organisations should take stock of the personal information they hold and assess whether it is necessary to continue to collect and retain PI. Australian Privacy Principles 11.1 and 11.2 require that reasonable […]
Read More
IAPP Global Summit 2022 Report
Celebrating the joy of reconnecting was the theme of the opening address by Trevor Hughes, President and CEO of IAPP. This year’s Global Privacy Summit had over 4,000 attendees and took place over four jam-packed days in Washington DC. The Opening General Session got off to a flying start with three very different and thought-provoking key notes. Bestselling author Malcolm Gladwell highlighted the lessons to be learned from his recent book “The Bomber Mafia”. Warning against asking the wrong questions and solving the wrong problems, he noted that technology takes time to evolve and that “visionaries need help” with practical application. Gladwell urged the audience to be humble about what technology can do and patient before deploying well-intended technological innovations with uncharted moral consequences. Professor Amy Gajda, author of “Seek and Hide”, discussed the pivotal 1928 Supreme Court case of Olmstead v. United States, in which Justice Louis Brandeis dissented […]
OAIC’s updated guidance on vaccination status and protecting privacy
OAIC has updated its guidance on COVID-19: Vaccinations and privacy rights as an employee and Vaccinations: Understanding your privacy obligations to your staff. Key points include: Vaccination status information can only be collected without consent in circumstances where the collection is required or authorised by law (including a state or territory public health order or direction). Only the minimum amount of personal information reasonably necessary to maintain a safe workplace should be collected, used or disclosed. Vaccination status information should only be used or disclosed on a ‘need-to-know’ basis. You must inform employees about how their vaccination status information will be handled. Ensure you take reasonable steps to keep employee vaccination status and related health information secure.
New Zealand’s Privacy Commissioner releases a paper on biometric regulation
New Zealand’s Office of the Privacy Commissioner (OPC) has released a position paper setting out how the Privacy Act regulates biometrics. The increasing role of biometric technologies in the lives of New Zealanders has led to calls for greater regulation of biometrics. In a statement releasing the paper, the OPC said, ‘[it] believes that the privacy principles and the regulatory tools in the Privacy Act are currently sufficient to regulate the use of biometrics from a privacy perspective.’ The paper is intended to inform decision-making about biometrics by all agencies covered by the Privacy Act, in both the public and private sectors. This position paper will be reviewed six months after publication, in consultation with key stakeholders, to assess its impact and whether any further steps are required. Read the OPC’s summary of key issues or the full position paper.
Digital Identity Legislation
The Australian Government has released an exposure draft of the Digital Identity legislation (the Trusted Digital Identity Bill) to support the expansion of the Australian Government Digital Identity System (the System). The proposed legislation aims to enshrine in law, privacy and consumer safeguards in the System as it expands to include more services and sectors. The legislation also establishes permanent governance arrangements to be guided by principles of independence, transparency and accountability. Feedback is being sought on the draft legislation and the accompanying documents to make sure the System meets the expectations of Australians and Australian businesses. Available on the Digital Identity website: Guide to the Digital Identity legislation Trusted Digital Identity Bill 2021 exposure draft Trusted Digital Identity Framework (TDIF) accreditation rules Trusted Digital Identity rules Regulation Impact Statement (RIS)
OVIC Guidance on Collaboration Tools
The rise of flexible working arrangements means that collaboration tools, such as videoconferencing and instant messaging tools, as well as cloud-based document creation and sharing services, are increasingly essential to facilitate collaboration. The Office of the Victorian Information Commissioner has provided guidance to assist organisations to consider their privacy obligations when implementing and using collaboration tools, plus information security and record-keeping considerations. Read the Guidance here.
National COVID-19 Privacy Principles
The Office of the Australian Information Commissioner and State and Territory privacy commissioners have produced universal privacy principles to support a nationally consistent approach to solutions and initiatives designed to address the ongoing risks related to the COVID-19 pandemic. These high-level principles provide a framework to guide a best practice approach to the handling of personal information during the pandemic by government and business. Read the Principles here.
Protection of Personal Information in Universities
The protection of information by universities has come under focus in recent years as a number of Australian universities have been subject to cybersecurity attacks. These attacks highlight the risks of data breaches and the potential impact on students, staff, and research participants. This led to the Office of the Victorian Information Commissioner (OVIC) examining the policies and procedures that Victorian universities have implemented to protect the personal information that they hold from loss and misuse. The Victorian Information Commissioner released its report on the Examination of Victorian universities’ privacy and security policies report on 29 June 2021 (report). The findings included that not all universities have clear policies and procedures to guide staff to destroy personal information when it is no longer needed, and some do not have written guidance about sharing personal information with third parties to support staff to consider information security risks. The Victorian Information Commissioner, […]
Protection of personal data in universities Examination Report
Victoria’s Information Commissioner recently released a report following an examination of the privacy policies and procedures in eight Victorian universities. The report found that many universities don’t have clear policies to guide staff to destroy personal information when it is no longer needed. While Universities are prioritising ICT and cybersecurity risks, in general, they have less of a focus on managing risks to personal information related to physical and personnel security. The report includes recommendations for universities to strengthen the protection of personal information by developing policies and procedures to identify and document the personal information they hold, where it is held, and for sharing information with third parties and contracted service providers. InfoGovANZ is hosting a session with Sven Bluemmel – Victorian Information Commissioner to highlight the key findings of the report and discuss the recommendations, book your ticket here. Read more about the report here.
OAIC guidelines on the collection of staff vaccination status
With the COVID-19 vaccine national rollout underway, the Office of the Australian Information Commissioner has released a new COVID-19 Vaccinations privacy guidance for employers to understand their obligations when collecting, using, storing and disclosing employee health information related to the vaccine. It complements the COVID-19 Guidance for employers which provides more general information about the privacy obligations of Australian Government agencies and organisations covered by the Privacy Act 1988.
OPC’s new interactive online tools
The Office of the Privacy Commissioner has created two new interactive online tools to help organisations and businesses understand what they need to do if they are sending New Zealanders’ personal information overseas to comply with the new principle 12. The Principle 12 Decision Tree – is designed to help organisations, especially SMEs, easily work out if principle 12 applies to information they are disclosing overseas and whether they have to comply with it. You can try the Principle 12 Decision Tree here. If principle 12 does apply to the disclosure of information, the best and most practical way to comply with it might be to have an agreement with your foreign person or entity that provides for comparable safeguards to New Zealand’s Privacy Act. Businesses and organisations now use the Model Contract Clause Builder to generate an agreement. You can try the Model Contract Clauses Agreement Builder here.
APAC Privacy Law Update: Cross Border Transfers
With a range of new regulations, tools and projects underway, Information Governance ANZ were pleased to host a virtual forum with updates on the latest data privacy developments across the Asia Pacific region. This interactive session was facilitated by Susan Bennett, Founder of InfoGovANZ and our special guests included: NZ Privacy Commissioner – John Edwards Senior Research Fellow, Asian Business Law Institute – Dr Clarisse Girot Director, Simply Privacy – Daimhin Warner New Zealand’s Privacy Act 2020 comes into force on 1 December 2020 and introduces new limitations on cross-border transfers. Commissioner Edwards spoke about the new legislation and provided a brief history of the Act since 1993. It applies across the economy (both public and private sector organisations), is based on the 1980 OECD data protection principles and is technology-neutral. He noted the Act has remained largely unamended during the intervening decades. New Zealand received an ‘adequacy ruling’ by […]
OAIC Data Breach report: January – June 2020
The Office of the Australian Information Commissioner (OAIC) has released its Notifiable Data Breaches (NDB) Report for January to June 2020. Malicious or criminal attacks remain the leading cause of data breaches involving personal information in Australia. Commissioner Angelene Falk said, ‘this trend has significant implications for how organisations respond to […]
Read More
Protecting Privacy by Minimizing Data
Posted with permission from Active Navigation, originally published on June 1. Ten years ago, there was no such thing as too much data. Notions about data being the “new oil” prompted organizations to horde every byte they could, hoping that they might be able to harness it down the road. Combined with the notion that “storage is cheap,” this belief has led many companies to exponentially increased their risk rather than their opportunity. New data privacy regulations in Europe and the United States impose a significant burden of care on organizations regarding their data collection processes. In fact, data minimization is a fundamental principle within the European Union’s General Data Protection Regulation (GDPR). Whether governed by the GDPR or state privacy regulations like the California Consumer Privacy Act (CCPA), businesses must now limit the personal data they collect and dispose of it once it is no longer needed for a […]
P3 Project Privacy Podcast from Active Navigation
Looking for a new podcast about data privacy? Active Navigation has exactly what you need – the P3: Project Privacy Podcast aims to help you understand the evolving data privacy landscape. Episodes include: The ROI of Proper Data Management; Records Management in Highly Regulated Industries; High Stakes Records Management; The NIST Privacy Framework; Open Data During Times of Crisis. You can listen to the podcast anytime on the Active Navigation website.
Information Security Risk Management Practitioner Guide – OVIC
The Office of the Victorian Information Commissioner (OVIC) issues security guides to support the Victorian Protective Data Security Standards (VPDSS). This document provides organisations with guidance on security risk management fundamentals to enable them to undertake a Security Risk Profile Assessment (SRPA) as required under s89 of the Privacy and […]
Read More
OAIC Privacy Assessment tool
OAIC launched a new Privacy Impact Assessment Tool (DOCX), which helps you conduct a PIA, report its findings and respond to recommendations. Accompanying the Guide to undertaking privacy impact assessments, entities are encouraged to take a flexible approach and adapt this tool to suit the size, complexity and risk level of their project.
Culture of FOI in Victoria
The Office of the Victorian Information Commissioner (OVIC) published new research on freedom of information (FOI) culture in Victoria and the importance of proactive and informal release of information. “The release of documents under the FOI Act is not the only way that governments can share information with the public” said Information Commissioner Sven Bluemmel. “Governments can also get on the front foot and proactively release information, without the need for individuals to first make an FOI request.” OVIC strongly encourages all agencies to adopt policies and systems that facilitate the release of information proactively and informally. Proactive transparency will help to build public trust, which will assist governments to address complex policy issues and improve service delivery. Read the key findings here.
Information Access Study
Information Access Commissioners and Commonwealth Ombudsman have released the findings of their second cross jurisdictional study of community attitudes on access to government information. The 2021 Information Access Study measures citizens’ awareness of the right to access government information, and their experiences and outcomes in exercising that right. Key findings include: The importance of the right to access information is consistently recognised by respondents in each jurisdiction. The majority of respondents in each jurisdiction were aware that they had the right to access information from government departments/agencies. In general, citizens were able to obtain information successfully in each jurisdiction. Read the statement from the Commissioners or view the research findings here.
Response to Tune Review
The Australian Government has agreed or agreed in principle to all 20 recommendations made by the Functional and Efficiency Review of the National Archives of Australia(NAA) referred to as the Tune Review. While the Tune Review recommended a proposed Government Information Management Model (GIMM), where records management across government would be centralised to the NAA, the Government intends as the first step to convene a committee to drive efficiencies and improvements in the short to medium term. Read the Tune review and the Government’s response.
OVIC Guidance on Collaboration Tools
The rise of flexible working arrangements means that collaboration tools, such as videoconferencing and instant messaging tools, as well as cloud-based document creation and sharing services, are increasingly essential to facilitate collaboration. The Office of the Victorian Information Commissioner has provided guidance to assist organisations to consider their privacy obligations […]
Read More
Report into delay in Victorian FOI decisions
The Victorian Information Commissioner’s report into the delay in disclosure of government documents under the Freedom of Information Act 1982 (Vic) was recently tabled in the Victorian Parliament. Between 2015 and 2020, the proportion of FOI decisions made on time in Victoria declined from 95% to 79%. The investigation examined the extent and causes of delay at agencies, which included resourcing issues, process, technology, culture, communication and the impact of the COVID-19 pandemic. Read the report here.
NAA receives $67m to digitalise old records
Almost 300,000 records of Australian history including radio recordings of former prime minister John Curtin and a petition to King George V for Indigenous representation in Federal Parliament will be saved after a $67.7 million funding injection into the National Archives. The Tune Review, released in March this year said immediate action was needed to preserve deteriorating records in paper-based form, as well as magnetic tape audiovisual records, photos and film, to ensure they weren’t lost forever. Cybersecurity was also underscored as an urgent priority, with the collection of government records otherwise vulnerable to obsolescence, attack, compromise or loss.
The Tune Report
The recently released Tune Report proposes a new integrated, whole of government model for information management and record keeping and for the storage, digitisation and preservation of government records across the Australian federal government. The model seeks to generate efficiencies across government sufficient to support the necessary investment in digital capacity within the National Archives and other priorities. It has three tranches: A major investment in a new 5th Generation Digital Archive (5thGDA) that will bring the National Archives ICT systems into the digital age, enabling end-to-end handling of records from creation through to access A Government Information Management Model (GIMM), with the National Archives having responsibility for information management across Australian Government agencies, to support improved records management, to provide better compliance with the objectives set down in the Archives Act, and to escalate digitisation of the Archives records. This seeks to provide whole-of- government efficiencies A Centralised Storage […]
Integrated information governance: InfoSec and RM working together for safer sharing
This article aims to generate discussion about strategies to improve information security – in particular to support people in appropriately handling sensitive information (recognising the human factor as one of the main weaknesses in security programs); leveraging existing systems and frameworks to enhance interoperability; and encouraging knowledge sharing between IG professionals across different domains. Please share your thoughts in the comments section below. SUMMARY Both national security and crisis management require highly sensitive information to be securely shared between applications, individuals, organisations and jurisdictions. Vulnerabilities could leave agencies exposed to greater risks during a period with a high threat of espionage. Automation can support people sharing sensitive documents, to reduce manual handling and human error. This could be achieved by enhancing existing capabilities and standards, drawing on frameworks from both information security and records management. Geopolitics and COVID-19 bring renewed focus to cybersecurity Cybersecurity is a priority for all organisations, […]
Building trust in the public record – Public Release schedule
The National Archives of Australia‘s new whole-of-government information management policy, Building Trust in the Public Record: managing information and data for government and community is now in force – https://bit.ly/3nfgGlV The new policy supports a holistic approach to information and asset management using information governance. The aim of the policy is to continue […]
Read More
Building Trust in the Public Record Highlights
Information Governance ANZ was pleased to host an interactive forum with David Fricker, Director-General of the National Archives of Australia regarding the new policy Building Trust in the Public Record: managing information and data for government and community. This interactive session covered: · Key information management requirements for Australian Government agencies · Actions […]
Read More
AI Transparency in Digital Government
In celebration of International Access to Information Day and Right to Know Week in NSW 2020, we held an event on AI Transparency in Digital Government with NSW Information Commissioner Elizabeth Tydd, Victorian Information Commissioner Sven Bluemmel and Dr Jat Singh, Senior Research Fellow at the University of Cambridge. The […]
Read More
NAA’s new policy: Building Trust in the Public Record
The National Archives of Australia (NAA) published in July 2020 the draft policy Building Trust in the Public Record: managing information and data for government and community. It was been released together with a list of supporting advice that exists, or will be developed or updated, to support the policy. […]
Read More
Is Your Data Estate an Unstructured Mess? How a Spring-Cleaning Project Can Reduce Your Organization’s Risk
Posted with permission from Active Navigation, originally published on June 10. In this special guest feature, Dean Gonsowski, Chief Revenue Officer at Active Navigation, InfoGovANZ’s Foundation Sponsor, focuses on what steps a company needs to follow to review, understand and clean-up their data to eliminate security risks. As a former litigator/GC/AGC, Dean has a proven track record of accelerating the rapid development of high growth, venture backed software companies (such as Relativity/kCura, Clearwell/Veritas, Recommind/Opentext). He is a seasoned professional with the ability to build/manage teams, run P&Ls in executive leadership roles including Sales, Strategy, Business Development, Marketing and Professional Services. Dean has a JD from the University of San Diego School of Law and a BS from the University of California, Santa Barbara. The volume and variety of data created in the past decade doesn’t show signs of slowing down – nor does the pace of hacking attempts. Unstructured data, also […]
Release of the Palace Letters – National Archives of Australia
After 37 years we can view the correspondence between the Governer-General and the Palace in the lead up to the dismissal of the Whitlam Government. Watch National Archives of Australia Director-General David Fricker on the release of the Palace Letters – all 1,200 pages, here: https://bit.ly/300Kb0U Congratulations to Professor Jenny Hocking on the historic High Court win enabling the National Archives of Australia to release the records. The Palace Letters are now available to download as PDFs on the National Archives of Australia website.
Digital Records and the GIPA Act – IPC NSW
The Information and Privacy Commissioner NSW has developed a fact sheet to provide guidance about the definition of record, in particular digital records under the GIPA Act and what it means for agencies. The fact sheet also outlines the importance of agencies maintaining good digital recordkeeping practices to ensure it is able to comply with its legislative obligations.
IAM2020 – Critical role of Information in our changing environment
IAM2020 was launched by Director-General of the National Archives of Australia, David Fricker with an engaging panel discussion with Information Commission NSW – Elizabeth Tydd, digital media expert on the role of information and impact of misinformation Dr Timothy Graham, and Kathryn Dan, Blue Shield Australia. The critical roles of data, access to information and the challenges of misinformation were highlighted in the current COVID-19 pandemic as well as the recent Australian bushfires. You can access the recording of the session here: IAM2020 Launch High Res Recording | IAM2020 Launch Low Res Recording
Information Governance + COVID-19 Roundtable Report
To celebrate Information Awareness Month (IAM2020) and Privacy Awareness Week (PAW2020), we kicked off with an online panel discussion on the myriad of Information Governance issues arising from the COVID-19 pandemic. Our panellists included – Melanie Marks, Christopher Colwell, Sonya Sherman, Dr Peter Chapman, Matthew Golab and the discussion was […]
Read More
FOI and Building Trust
The theme of Building Trust was the focus of the FOI in WA conference recently. Trust was explored in two ways. Firstly, considering how Freedom of Information (FOI) can build public trust in government; and secondly, advice and inspiration to help practitioners trust themselves and the FOI process to meet the objects of the FOI Act (WA): to enable the public to participate more effectively in governing the State’ and to make the persons and bodies that are responsible for State and local government more accountable to the public. Emeritus Professor Geoff Gallop AC gave the keynote presentation. He discussed the role of openness as a foundation for democracy. This is based on the view that information held by government is a public resource which should be used for public benefit; and that the community has a right to be informed about government operations. FOI and information governance FOI is […]
RIMPA Live Convention 2019
RIMPA Live 2019 was held at the Marvel Stadium in Melbourne, marking 50 years of RIMPA and its 35th Annual Conference. It was a conference filled with a keynotes, plenary sessions and roundtables over the three days of the conference. There were several keynotes including CTO and entrepreneur Gus Balbontin, Richard Foy, New Zealand’s Chief Archivist, information thought-leader Randy Kuhn Esq from the US and Kevin Sheedy AO, AFL Legend. The conference kicked off with David Moldrich Life FRIM outlining the history of the Australian recordkeeping profession and some of the key moments in the professions’ history such as the establishment of the Records Management Association of Australia (RMAA now RIMPA) and the development and implementation computer-aided records management systems and their successors the Electronic Document and Records Management System or EDRMS. David highlighted the contribution of the Australian recordkeeping profession to the state of recordkeeping around the world mainly […]
Recordkeeping in Information Governance
Information Governance is by its very nature interdisciplinary. Of course it needs leaders, but great information governance leaders are those that enable a multi-disciplinary team approach to thrive. This is best done by allowing the distinct approaches to information brought by members of the team to exist in both cooperation and creative dissent. The organisational context and information culture determines exactly which skills are brought into the collective mix of information governance, but typically it includes compliance, risk, privacy, risk, security, recordkeeping, data management and analytics (and more in the American context, e-discovery). Each of these focus areas bring specific approaches to their patch of information governance – the trick is to get each to play to their strengths without drowning out or diminishing the important roles of others. Playing nicely across information disciplines is not a given, and fostering that capability is the skill of the information governance leader. […]
APAC Primer for eDiscovery published
Setting the global standards for eDiscovery, the EDRM – Electronic Discovery Reference Model has released version 1.0 of the Primer for eDiscovery in the Asia Pacific (APAC) region. The goal of the Primer is to help foreign practitioners involved in legal proceedings in APAC to understand the different discovery requirements in each of the […]
Read More
LawFest 21: collaborating and networking in person again
In late March, 280 legal professionals from across Aotearoa gathered in person in Auckland for the premier legal innovation and technology event on the New Zealand calendar. Like so many events globally, LawFest had considerable disruption and challenges from the COVID-19 pandemic to run the event in person. However, in Aotearoa we have been fortunate to be able to bring together again the legal and technology community to celebrate, collaborate, network and learn about legal innovation – and all in person. The last year has reinforced why we need to innovate and leverage technology – LawFest 21 demonstrated how we can go about this! The event was once again a must for anyone interested in driving efficiency in their organisation. The key highlights The one-day event was a great opportunity to hear from leaders and change makers in the innovation space. The programme provided something for everyone, from those […]
Legalweek NYC 2020 – The Down Under Perspective
Legalweek 2020 brought together thousands of legal professionals to discuss business, regulatory, technology and talent drivers impacting the industry. The week featured workshop boot camps, conferences, networking events and hundreds of technology exhibitors on the tradeshow floor. There are three main conferences: Legaltech (the world’s longest running legal technology trade show), LegalCIO, and Legal Business Strategy. Around the main conferences there are many other events, a few of these are highlighted below. The following week The Sedona Conference’s International Working Group 6 annual program focusing on cross-border discovery and data privacy was held at the New York Law School. AI and Privacy This year’s Legalweek in New York City was dominated by the themes of AI, new and developing technologies and privacy. The impact of privacy regulations, particularly the GDPR and the California Consumer Privacy Act (CCPA) is driving up compliance costs and also the cost of discovery in legal […]
Social Media Perils in Litigation – InfoGovANZ
In this InfoGovANZ event, the implications and dangers of the widespread use of social media and apps were highlighted in their evidential value in investigations and litigation. The importance of technical and forensic expertise in the discovery process was demonstrated by reference to particular cases and technology tools by Brett Webber, Principal, ConsilAD and Matthew Golab, Director of Legal Informatics and R&D at Gilbert + Tobin. Susan Bennett, Executive Director InfoGovANZ and Principal, Sibenco Legal & Advisory discussed the duties of technology competence and confidentiality, which extends to cybersecurity to protect client information and the implications of a recent High Court decision. As Michael Tieu, posted on LinkedIn following the event, ‘[i]t was truly astounding to see how important it is to be wary of who, what, when and where you post on social media. Once the genie is out of the bottle, it’s nearly impossible to put it back […]
How eDiscovery is managing the challenge of what constitutes Personal Information
The terms Personal Information or Personal Data have been increasing in usage for a while, and with the recent focus on the European GDPR, and the Australian NDB (Notifiable Data Breaches). This article considers these definitions from the perspective of document production in litigation and regulatory investigations – the process of eDiscovery. In eDiscovery we are used to redacting sensitive information – most typically legally privileged or commercially sensitive information. However, prior to the commencement of the Royal Commission into the Financial Services Industry (FSRC) the volume of documents requiring redaction was fairly modest in most matters. This certainly changed with the FSRC, as all documents that are tendered at a public hearing are required to have contact information and customer names redacted. This has resulted in significant efforts in reviewing all documents that are going to be tendered to ensure that the documents have been adequately redacted. What […]
AI and the Law – the future is here
Artificial intelligence (AI) is already making significant inroads to the practice of law and producing efficiencies and cost savings. This article looks at how AI is being utilised in different parts of legal practice and the transformation of legal practice that is already underway in the delivery of legal services from litigation through to contract management and Chatbots. Litigation & eDiscovery The production of documents has traditionally been a very expensive part of the litigation process. The development of eDiscovery software tools to identify, retrieve, process, filter and search provides significant costs savings in the litigation process. These cost savings are even more significant with latest software tools and right expertise are utilised. The latest developments in the eDiscovery industry include the use of AI technology. Early forms of AI were built into the globally dominant eDiscovery platforms. For the past 10 years these platforms enabled document clustering and concept […]
The Governance of Things – eDiscovery in Australia and New Zealand
eDiscovery is the production of relevant documents that parties to litigation or an inquiry are required to produce to either a Court, Royal Commission, Commission of Inquiry or to a government regulator. The eDiscovery industry is a global industry reflecting the enormous growth in information and the specialised technology which has developed to meet that challenge. While eDiscovery is a specialist area of legal technology the challenge of document production extends well beyond in-house legal departments and requires the assistance of IT departments and records management. Download Now
The Governance of Things – Increasing Acceptance of Technology Assisted Review
In December 2016, the Supreme Court of Victoria endorsed the use of Technology Assisted Review (TAR) in the eDiscovery process in the case of McConnell Dowell Constructors v Santam. This was the first time TAR had been approved for use in litigation in an Australian Court. The use of technologies like TAR assists parties in litigation to meet the requirements ‘of a just, efficient and cost-effective resolution of the dispute’ by reducing the time and cost involved in large scale document production during the discovery process. Download Now
UK Department of Education reprimanded after misuse of personal information of up to 28 million children
The UK’s Information Commissioner, John Edwards, has issued a reprimand to the Department for Education following the prolonged misuse of the personal information of up to 28 million children and a failure to do due diligence on who could access pupils’ learning records. An employment screening firm, trading as Trustopia, […]
Read More
What is ‘dark data’ and how is it raising carbon footprints?
In this article from the World Economic Forum, Tom Jackson and Ian R. Hodgkinson identify that organisations need to think about how to manage their data to minimise their digital carbon footprint. Storage of ‘dark data’ defined as single-use data in the article, data takes up space on servers and […]
Read More
OAIC Notifiable Data Breaches Scheme – The first 4 years
The Notifiable Data Breaches (NDB) scheme commenced in February 2018, introducing new obligations for Australian government agencies and private sector organisations with an annual turnover of $3 million AUD or more. Notably, under the NDB scheme organisations are required undertake an assessment should they suspect: Unauthorised access to or disclosure […]
Read More
Five Common Misconceptions about Structured and Unstructured Data
Key Takeaways: Structured data is quantitative (anything you can easily store in rows and columns) and relatively easier to keep compliant. Unstructured data is qualitative (think your emails and Teams chats) and much harder to manage. Nearly all organizations are operating under one or more misconceptions about their data (and compliance or lack thereof […]
Read More
New Data Availability and Transparency Act 2022 in force
The Data Availability and Transparency Act 2022 commenced in April. The Act establishes a new, best practice DATA scheme for sharing Australian Government data, underpinned by strong safeguards and simplified, efficient. For an introduction to how the Scheme works, read more at A Scheme for sharing Australian Government data. Commonwealth, state and territory government agencies can now apply to be accredited users under the DATA Scheme. And from 1 August, Australian universities will be able to apply for accreditation as data users and as data service providers. Follow these links to learn more about participating in the DATA Scheme or to access the scheme-on-a-page overview.
Doug Laney author of ‘Infonomics’ announces release of new book ‘Data Juice’
Data Juice is the latest book just released by Doug Laney, author of Infonomics: How to Monetize, Manage, and Measure Information as an Asset for Competitive Advantage. Containing more than 100 real-world examples and expert commentaries on how organizations around the world and in every industry are monetizing their own (and others’) data in diverse ways, Data Juice is a resource for data, business, and IT leaders looking to inspire their teams or executives with ways to thrive in the Digital Age. Further below is an excerpt from Data Juice, available to purchase now on Amazon About the author Doug Laney is the data & analytics strategy innovation fellow with the consultancy, West Monroe. Formerly he was a vice president and distinguished analyst with Gartner’s Chief Data Officer (CDO) research and advisory practice. He is an accomplished practitioner and recognized authority on data and analytics strategy, and is a three-time […]
2021 Solomon Lecture
This year’s Solomon Lecture presented by the Queensland Office of the Information Commissioner featured Professor Beth Simone Noveck on ‘Solving Public Problems with Data’. Professor Noveck’s lecture explores how traditionally, the right to know is rooted in the belief that members of the public should know what their government does in order to hold the government to account, lessen the risk of corruption and shine a light on wasteful and inefficient operations. Beth Simone Noveck discusses how a focus on public problem solving and improving people’s lives changes how we think about data. She discusses specific policy prescriptions for creating a right to know that fosters better government, stronger citizenship and more agile solutions to contemporary challenges. Watch the Solomon Lecture here.
Preventing Digital Harm
The World Economic Forum published Pathways to Digital Justice report to address systemic legal and judicial gaps, and help guide law and policy efforts towards combating data-driven harms. This is particularly important with the increase in online activities and digitization of services, which – when misused – can present new types of risk. The white paper, produced in collaboration with an advisory committee consisting of experts from around the world, is intended to guide policy efforts towards combating data-driven harms. The hope is that legal and judicial systems can then evolve to embed redress mechanisms that enable the creation of a data ecosystem which protects individuals and is accountable to them. Read the World Economic Forum statement here or the report.
Exposure Draft of the Data Availability and Transparency Bill
The draft Data Availability and Transparency Bill aims to modernise and streamline the sharing of government data between agencies and with the private and research sectors. Under the legislation, data will be shared for three purposes: government services delivery, informing government policy and programs, and research and development. The Consultation Paper contains a simplified summary of the legislative package. Submissions made by a group of multidisciplinary practitioners and academics highlight privacy and governance concerns. These include the override of Australia Privacy Principle (APP) 6 and the inherent conflict of National Data Commissioner whose mandate is to encourage data sharing with the enforcement of the regulation. The submission recommends that governance and assurance be regulated the Australian Information and Privacy Commissioner. You can read the submission here.
Automated Decision Making Transparency under GIPA Act
The increasing adoption of technology requires the preservation, assurance and assertion of information access rights. To achieve these outcomes, government licensing and contractual arrangements should ensure accessibility and ‘explainability’ in the provision of government services and decision making. The issue of algorithmic transparency of a government agency’s contractor is currently before the NSW Civil and Administrative Tribunal. The Agency provided some information to the Applicant but decided that other information is not held by the Agency as it is held by the Contractor and remains its intellectual property. The GIPA Act provides a right to access information held in a record of an NSW Government agency and that right may also apply to information held by contractors providing services to the public. The NSW IPC has published guidance for agencies under section 121 of the GIPA Act, including a template clause for agencies to include in contracts with third parties […]
Protecting Privacy by Minimizing Data
Posted with permission from Active Navigation, originally published on June 1. Ten years ago, there was no such thing as too much data. Notions about data being the “new oil” prompted organizations to horde every byte they could, hoping that they might be able to harness it down the road. […]
Read More
Is Your Data Estate an Unstructured Mess? How a Spring-Cleaning Project Can Reduce Your Organization’s Risk
Posted with permission from Active Navigation, originally published on June 10. In this special guest feature, Dean Gonsowski, Chief Revenue Officer at Active Navigation, InfoGovANZ’s Foundation Sponsor, focuses on what steps a company needs to follow to review, understand and clean-up their data to eliminate security risks. As a former […]
Read More
COVID19 – Data and Privacy
COVID-19 has brought to the forefront the importance of real-time accurate data for scientists to analyze and model and for government leaders to make decisions on. InfoGovANZ has complied a series of COVID-19 curated articles and resources, updated monthly. June 2020 OVIC has released new guidance on how the exemptions in the Freedom of Information Act should be applied. OVIC has updated the FOI and COVID19 FAQs for agencies – read them here – to include questions about the new COVID-19 regulations including: what to do if your agency is completely shut down; and how to verify an applicant’s identity. Australian Information and Privacy Commissioner (OAIC) has updated it’s FOI FAQ with the latest COVID-19 relevant questions including how to make an FOI complaint during the COVID-19 outbreak. May 2020 Australian and New Zealand Information Access Commissioners join with their international counterparts in their clear call for documentation, preservation and […]
COVID19 – EU, US & International Resources
Below is a collection of useful privacy and data protection resources from the EU, US and globally. Data Protection Authorities guidance on COVID-19 published by Data Protection Authorities (DPAs) collated by International Association of Privacy Professionals. These provide information and frequently asked questions on data processing and COVID-19 across a range of countries. Resources page on crucial privacy and data protection law issues arising from COVID-19 covering the EU & globally by Law, Science, Technology & Society of the Vrije Universiteit Brussel. The Initiative is of direct interest for LSTS researchers, most notably in the context of the Brussels Privacy Hub (BPH) work on data protection in humanitarian action as well as the work of ALTEP-DP project. US Privacy and Data Protection Resources related to COVID-19, together with other international resources has been compiled by the Future of Privacy Forum.
What is Good Government Data Sharing?
The Australian Federal Government has been conducting an extended consultation as to how data linkage and data sharing between government agencies might be accommodated through a special purpose statute that walks the fine line of maintaining digital trust and meeting data privacy concerns of citizens and civil society organisations, while facilitated controlled good data sharing between agencies. The Data Availability and Transparency Bill (DATA), is proposed to be released in this calendar quarter. In this in depth analysis, Professor Peter Leonard has canvassed the challenges which this new federal data sharing law will need to address and compared current proposals with existing government agency data sharing laws in NSW, Vic and SA. While Peter concludes that the DATA is a welcome development, he also notes that bigger questions loom about use of the powerful tools which data sharing puts into the hands of Governments, as illustrated by the Robodebt controversy. […]
Privacy-Preserving Data Sharing Frameworks
This is the third in a series of papers and develops a practical solution providing a framework for privacy preserving data sharing, addressing technical challenges as well as data sharing issues more broadly. It builds on the 2018 ACS Report, Privacy in Data Sharing: A Guide for Business and Government, expanding the concept of a Personal Information Factor and introducing a Utility Factor with worked examples. Download the report here
Infonomics – valuing information assets
Infonomics is the discipline of valuing Information Assets and it is based on the idea that information is an enterprise asset that should be counted and managed. This article explains why Infonomics is becoming increasingly important. Information Assets (data, information, published content and knowledge) are arguably an organisation’s most vital and strategic resource. Providing the right data to the right people at the right time is critical to every business activity, every business process and every business decision. Information Assets are the only ones that cannot be replaced if lost or destroyed. They are foundational to all high-profile business solutions and technology enablement: to analytics, artificial intelligence and machine learning; cyber-security; cloud computing; Blockchain and the Internet Of Things; and almost any form of innovation and disruption. Unlike other physical or even financial assets that can only be used once then are used-up, any Information Assets can be used […]
Identity Conference 2019 – Identity as taonga: now and in the future
He taonga te tuakiri: āianei, haere ake nei New Zealand’s Identity Conference 2019 was the fourth in a series of conferences that began in 2008. The conference was held at the Museum of New Zealand Te Papa Tongarewa, Wellington, on 26 and 27 August 2019. The conference purpose or ‘big idea is to look at the identity-related problems of today and the solutions of tomorrow’. Carol Feurriegel recounts some of the highlights from the conference. “Identity is a complex and sensitive area. It reflects our sense of self and it is also at the heart of relationships between people and organisations. Our Identity is our taonga” to quote Professor Steve Warburton, in his keynote address as Chair of the Identity Conference 2019 on Monday 26thAugust. It is fitting that the premier event that takes a multi-disciplinary perspective on Identity is held at Te Papa Tongawera, Museum of New Zealand in Wellington. “Taonga” means ‘treasure’ in […]
Data as a Strategic National Resource: The Importance of Governance and Data Protection
As we rapidly move toward a technology-driven, globally interconnected world, the exponential growth in data collected by business and government enables significant value to be derived from this resource. In December 2015, the Australian Government released its Australian Government Public Data Policy Statementas part of the National Innovation and Science Agenda, recognising data as ‘a strategic national resource that holds considerable value for growing the economy, improving service delivery and transforming policy outcomes’. While there is the potential to derive enormous value from data, there is a fundamental requirement that data be secured, meaning both government and business must protect citizens’ and consumers’ personal information. Key to achieving the benefits of data optimisation and mitigating the inherent risks is governance. Good governance enables organisations to control data by securing, protecting, managing and optimising the value of data. Supporting the Australian Government’s digital transformation is the Digital Continuity Policy 2020, which applies […]
Putting People and their Data at the Centre – investing in the social wellbeing of Aotearoa
Jacinda Ardern’s announcement of her intention to deliver New Zealand’s first ‘Wellbeing Budget’ at the World Economic Forum in Davos in January caused headlines as the world’s youngest female head of state outlined an approach to economic measurement that put people’s needs at the centre of the government investment agenda. Ardern said “politics needed to be more altruistic and more long term” to address the deep-rooted inequalities in New Zealand’s current economic outlook and to address the challenges emerging from issues such as climate change and automation. World leaders and economic institutions have been watching the ‘little country at the bottom of the world’ with great interest, as they embark on this experiment that could change the way governments develop social strategy and assess the effectiveness of their social policies. For many years institutions like the OECD have been encouraging economies to look beyond just economic measures of success and […]
ChatGPT Proves a Mediocre Law Student
[Note: InfoGovANZ thanks Craig Bell for permission to republish his article here, which was first published on Ball in Your Court] I recently spent a morning testing ChatGPT’s abilities by giving it exercises and quizzes designed for my law and computer science graduate students. Overall, I was impressed with its […]
Read More
AI National and International Regulatory Landscape
The NSW Information and Privacy Commissioners have undertaken a high level scan of the national and international regulatory relevant to AI, which includes: Governance models used internationally in regulating AI and a recognition of Horizontal and Hybrid (broad based and legislative/policy) and Vertical (rights specific and single treatment type) approaches […]
Read More
UK proposals for new AI Rule Book
The UK Government has put forward proposals on the future regulation of Artificial Intelligence, to help develop consistent rules to promote innovation and protect the public. It comes as the Data Protection and Digital Information Bill is introduced to Parliament which will transform the UK’s data laws to boost innovation in technologies such as AI. The Bill will seize the benefits of Brexit to keep a high standard of protection for people’s privacy and personal data while delivering around £1 billion in savings for businesses. The new AI paper outlines the government’s approach to regulating the technology in the UK, with proposed rules addressing future risks and opportunities so businesses are clear how they can develop and use AI systems and consumers are confident they are safe and robust. This approach will create proportionate and adaptable regulation so that AI continues to be rapidly adopted in the UK to boost […]
NSW AI Assurance Framework
All NSW government agencies are required from March 2022 to use the AI Assurance Framework. The Framework assists project teams using AI to comprehensively analyse and document their projects’ AI specific risks. It also assists teams to implement risk mitigation strategies and establish clear governance and accountability measures. Under the AI Policy and AI Assurance Framework, agencies are required to abide by the following ethical principles: Community benefit – AI should deliver the best outcome for the citizen, and key insights into decision-making. Fairness – use of AI will include safeguards to manage data bias or data quality risks. Privacy and security – AI will include the highest levels of assurance. Transparency – review mechanisms will ensure citizens can question and challenge AI-based outcomes. Accountability – decision-making remains the responsibility of organisations and individuals. View the NSW AI Assurance Framework here.
Urgent action needed over AI risks
UN High Commissioner for Human Rights Michelle Bachelet stressed the urgent need for a moratorium on the sale and use of artificial intelligence (AI) systems that pose a serious risk to human rights until adequate safeguards are put in place. She also called for AI applications that cannot be used in compliance with international human rights law to be banned. As part of its work on technology and human rights, the UN Human Rights Office has published a report that analyses how AI – including profiling, automated decision-making and other machine-learning technologies – affects people’s right to privacy and other rights. Read the UN High Commissioner for Human Rights’ statement or report.
EU bodies call for facial recognition ban in public
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have supported the call on the European Commission’s Proposal for a Regulation on the use of artificial intelligence technologies but expressed concern by the exclusion of international law enforcement cooperation from the scope of the proposal. The EDPB and EDPS go further than the European Commission’s proposal for a regulation issued in April — urging that the planned legislation should be broader to include a ‘general ban on any use of AI for automated recognition of human features in publicly accessible spaces, such as recognition of faces, gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioural signals, in any context.’ Read the EDPB release here and the Proposal here.
Australians deserve tech that protects their rights
A new report by the Australian Human Rights Commission calls for far-reaching changes to ensure government, companies and others safeguard human rights in the design, development and use of new technologies like artificial intelligence (AI). The Human Rights and Technology Final Report makes 38 recommendations to ensure human rights are […]
Read More
New regulations for Artificial Intelligence in the EU
The European Commission has just announced a package of proposed regulations to make sure that AI systems used in the EU are safe, transparent, ethical, unbiased and under human control. They are categorised by risk with checks imposed on any ‘high-risk’ technology and also include a ban on most surveillance including live facial scanning, as well as AI systems to filter school, job or credit scoring. AI applications used in critical infrastructure migration and law enforcement would also be subject to strict safeguards. The proposed regulation is one of the broadest of its kind to be introduced by a Western government, and part of the EU’s expansion of its role as a global tech enforcer. Regulators could fine a company up to €30million or 6% of annual world-wide revenue for the most severe violations. Read more about the EU’s approach to AI in Excellence and trust in artificial intelligence | European Commission (europa.eu) and New rules for […]
Using artificial intelligence to make decisions: Addressing the problem of algorithmic bias
This technical paper is a collaborative partnership between the Australian Human Rights Commission, Gradient Institute, Consumer Policy Research Centre, CHOICE and CSIRO’s Data61. We explore how the problem of algorithmic bias can arise in decision making that uses artificial intelligence (AI). This problem can produce unfair, and potentially unlawful, decisions. We demonstrate how the risk of algorithmic bias can be identified, and steps that can be taken to address or mitigate this problem. AI is increasingly used by government and businesses to make decisions that affect people’s rights, including in the provision of goods and services, as well as other important decision making such as recruitment, social security and policing. Where algorithmic bias arises in these decision-making processes, it can lead to error. Especially in high-stakes decision making, errors can cause real harm. The harm can be particularly serious if a person is unfairly disadvantaged on the basis of their […]
AI Transparency in Digital Government Highlights
To celebrate Right to Know 2020, Information Governance ANZ were delighted to host a timely discussion on the right to access information and the use of algorithms in government decision-making. This interactive forum was facilitated by Susan Bennett, Founder of InfoGovANZ and our special guests included: NSW Information Commissioner – Elizabeth Tydd Victorian Information Commissioner – Sven Bluemmel Senior Research Fellow, University of Cambridge – Dr Jat Singh The increasing adoption of technology across society, including in government, requires the preservation, assurance and assertion of information access rights. The right of access to government information also extends to information held by contractors that provide services to the public on behalf of government. Applying and challenging these rights becomes more complex in the new world of automated decision-making. Legal frameworks, licensing and contracts must evolve to ensure information governance is applied to the design and use of algorithms, so that rights and […]
Principles of Explainable AI
The US National Institute of Technology and Standards (NIST) has released a draft paper of 4 principles of explainable AI, which is one of several properties that characterise trust in AI systems. Other properties may include resiliency, reliability, bias and accountability. Usually, these terms are defined as a part or set of principles or pillars. This draft paper sets out there are 4 principles encompassing the core concepts of explainable AI as follows: Explanation: Systems deliver accompanying evidence or reason(s) for all outputs. Meaningful: Systems provide explanations that are understandable to individual users. Explanation Accuracy: The explanation correctly reflects the system’s process for generating the output. Knowledge Limits: The system only operates under conditions for which it was designed or when the system reaches a sufficient confidence in its output.
AI Transparency in Digital Government
In celebration of International Access to Information Day and Right to Know Week in NSW 2020, we held an event on AI Transparency in Digital Government with NSW Information Commissioner Elizabeth Tydd, Victorian Information Commissioner Sven Bluemmel and Dr Jat Singh, Senior Research Fellow at the University of Cambridge. The […]
Read More
EU/US data transfers under Privacy Shield invalidated
On 16 July 2020, the European Court of Justice invalidated its previous Decision (2016/1250) and the EU-US Privacy Shield, which enabled certified companies to transfer personal data between the EU and the US. The case was brought by Max Schrems (the founder of NYOB) an Austrian resident, who had lodged a complaint with the Irish privacy regulator that the transfer of his Facebook data from Facebook’s servers in Ireland to the US did not provide sufficient protection against access by the US public authorities. The Court found that, based on the use and access by US public authorities and surveillance programmes, interfered with the fundamental right of persons whose data is transferred to the US. However, the Court also determined that the Commission Decision 2010/87 on standard contractual clauses for the transfer of personal data to processors established in third countries is valid. Read more Court of Justice of the […]
EDPS Opinion on the EU Commission’s White Paper on AI – the European approach to excellence and trust
As a part of a wider package of strategic documents, the European Commission published a White Paper on “Artificial Intelligence: A European approach to excellence and trust”, which we brought you in our April newsletter and is available here. This Opinion presents the EDPS views on the White Paper as a whole, as well as on certain specific aspects, such as the proposed risk-based approach, the enforcement of AI regulation or the specific requirements for the remote biometric identification (including facial recognition). The EDPS recommendations in this opinion aim at clarifying and, where necessary, further developing the safeguards and controls with respect to protection of personal data. Read the EDPS Opinion here.
The impact of the GDPR on Automated-Decision Making
Addressing the relation between the EU General Data Protection Regulation (GDPR) and artificial intelligence (AI) this report considers challenges and opportunities for individuals and society, and the ways in which risks can be countered and opportunities enabled through law and technology. The study led by Professor Sartor for the Future of Science and Technology (STOA), within the Secretariat of the European Parliament, discusses the tensions and proximities between AI and data protection principles, such as purpose limitation and data minimisation. The report makes a thorough analysis of automated decision-making, considering the extent to which it is admissible, the safeguard measures to be adopted, and whether data subjects have a right to individual explanations. The study then considers the extent to which the GDPR provides for a preventive risk-based approach, focused on data protection by design and by default. Read the report here.
NZ – Algorithm Charter for Aotearoa New Zealand
On 29 July 2020, more than New Zealand 20 Government agencies signed the Aotearoa Algorithm Charter, committing to be transparent about when they use algorithms and how those algorithms operate. This makes New Zealand the first country to develop standards governing the use of algorithms by the public sector, after Statistics Minister James Shaw made his annoucements. The charter, which has already been signed by 21 ministries and agencies, requires signatories to be transparent about when they use algorithms and how those algorithms function. “Most New Zealanders recognise the important role algorithms play in supporting government decision-making and policy delivery, however they also want to know that these systems are being used safely and responsibly. The Charter will give people that confidence,” Shaw said. The Algorithm Charter for Aotearoa New Zealand is an evolving piece of work that needs to respond to emerging technologies and also be fit-for-purpose for government […]
AI Standards: From Principles to Implementation
With the proliferation of AI principles worldwide1, industry is faced with a new challenge: how to implement these AI principles? Since 2017, the international committee responsible for the standardization of AI (SC 42) has been tackling this challenge: it is developing standards covering both technical and organisational specifications to enable responsible and trustworthy AI. Forty-four countries are currently involved in the work of SC 42, and Australia plays an active role in the development of the AI international standards, as it has formed standards committee IT-043 to be Australia’s voice at SC 42. When it comes to AI, it is essential to provide for interoperability and global governance, and this is why AI international standards have the buy in from key governments (such as China, the US and the EU). Australia has also identified AI standards as an important national priority. In March this year, Standards Australia released its Artificial […]
UK – AI and its impact on Public Standards
On 10 February 2020, the UK’s Committee on Standards in Public Life published its report on AI and its impact on Public Standards to ensure that high standards of conduct are upheld as technologically assisted decision making is adopted more widely across the public sector. The report makes clears that on issues of transparency and data bias in particular, there is an urgent need for guidance and regulation. The report also emphasises that public bodies must comply with the law surrounding data-drive technology and implement clear, risk-based governance for their use of AI.
US – Draft Guidance for AI regulation
On 7 January 2020 the White House’s Office of Science and Technology Policy (OSTP) released a draft Guidance for Regulation of AI for Federal Agencies to consider for the use of AI including: public trust, public participation, fairness, scientific integrity, risk assessment, benefits and costs, flexibility, fairness, transparency, safety and security, and interagency co-ordination. In contrast to the position taken by the Europeans, the US government position is that it does want AI to be highly regulated, with the OSTP draft Guidance stating, ‘Federal agencies must avoid regulatory or non-regulatory actions that needlessly hamper AI innovation and growth’. On 24 February 2020, the Department of Defense adopted 5 Principles for AI: Responsible, Equitable, Traceable, Reliable and Governable. Secretary Esper stated, ‘AI technology will change much about the battlefield of the future, but nothing will change America’s steadfast commitment to responsible and lawful behaviour’.
Singapore – Model AI Governance Framework
The Singaporean Privacy Data Protection Commission (PDPC) released the second edition of the Model AI Governance Framework in January 2020. The Guiding Principles includes that decisions made by AI should be explainable, transparent and fair and that AI systems should be human-centric. Along with the framework is a Compendium of Use Cases, demonstrating how local and international organisations, across different sectors and sizes, implemented or aligned their AI governance practices with all sections of the Model Framework. There is also an Implementation and Self-Assessment Guide for Organisations (ISAGO), which is a collaboration with the World Economic Forum’s Centre for the Fourth Industrial Revolution.
COVID-19
COVIDSafe privacy report
In November, OAIC published their final COVIDSafe privacy report in accordance with s 94ZB of the Privacy Act, which examined compliance and risk throughout the ‘information lifecycle’ of COVID app data collected during the pandemic. Read the COVIDSafe Report May–November 2022 here.
Read More
National COVID-19 Privacy Principles
The Office of the Australian Information Commissioner and State and Territory privacy commissioners have produced universal privacy principles to support a nationally consistent approach to solutions and initiatives designed to address the ongoing risks related to the COVID-19 pandemic. These high-level principles provide a framework to guide a best practice […]
Read More
Report into delay in Victorian FOI decisions
The Victorian Information Commissioner’s report into the delay in disclosure of government documents under the Freedom of Information Act 1982 (Vic) was recently tabled in the Victorian Parliament. Between 2015 and 2020, the proportion of FOI decisions made on time in Victoria declined from 95% to 79%. The investigation examined […]
Read More
COVID19 – Data and Privacy
COVID-19 has brought to the forefront the importance of real-time accurate data for scientists to analyze and model and for government leaders to make decisions on. InfoGovANZ has complied a series of COVID-19 curated articles and resources, updated monthly. June 2020 OVIC has released new guidance on how the exemptions […]
Read More
Australia and New Zealand’s COVID-19 Contact Tracing Apps – Differences in Approach on the Road to Recovery
While Australia and New Zealand were able to flatten the COVID-19 curve, the approaches of each country have somewhat differed, both in relation to the level of restrictions imposed on citizens, as well as the type of contact tracing technology deployed. Australia and New Zealand stand alongside Germany, South Korea and Singapore as examples of countries that followed the advice of their scientists and moved into lockdown in a timely way to limit the spread of the COVID-19 virus. Australia, similar to other countries, experienced a doubling of COVID-19 positive people every two days as it went into lockdown. The containment of the coronavirus in Australia and New Zealand is a result of a multipronged strategy that includes prompt lockdowns restricting movement and requiring social distancing; quarantining of international travellers for 14 days; and a high rate of testing and contact tracing. The governments of both countries have developed their […]
COVID19 – Contact Tracing publications
There have been a variety of perspectives on the COVIDSafe app released on 26 April 2020 and the CovidSafe Act enacted on 14 May 2020. Professor Peter Leonard from UNSW Business School in ‘Novel coronavirus spawns novel law-making in Australia‘, looks at the consultative process that resulted in data governance and data accountability in the CovidSafe Act to ensure that the data collected would be safe from other arms of government for other purposes. Visting Professor Roger Clarke at UNSW Law has looked at early user-experiences of the app and questioned the ability of the app to achieve its aim – read his two articles here and here. In ‘The COVIDsafe APP: A Case Study in Professional Responsibility‘, Professor Clark sets out the role and onus of IT professionals to be realistic about the app’s limitations. Professor Greenleaf and Dr Kemp from UNSW Law, in ‘Austalia’s COVIDSafe Experiment, Phase III: […]
COVID19 – NZ COVID Tracer App
New Zealand’s Ministry of Health launched the NZ COVID Tracer app on 20 May 2020, in a move welcomed in a statement by the NZ Privacy Commissioner. You can read the privacy impact assessment here. Living in a world with COVID-19 means greater requirements to register your presence wherever you go. But what does that mean for your privacy? NZ Privacy Commissioner John Edwards speaks about good policy when it comes to protecting people’s privacy in any technical solution to contact tracing in this interview.
Information Governance + COVID-19 Roundtable Report
To celebrate Information Awareness Month (IAM2020) and Privacy Awareness Week (PAW2020), we kicked off with an online panel discussion on the myriad of Information Governance issues arising from the COVID-19 pandemic. Our panellists included – Melanie Marks, Christopher Colwell, Sonya Sherman, Dr Peter Chapman, Matthew Golab and the discussion was […]
Read More
Australia Considers How to Approach Pandemic Contacts Tracing
COVID-19 has brought to the forefront the importance of real-time accurate data for scientists to analyse and model and for government leaders to make decisions on. A number of articles have highlighted the importance of data and privacy, including Australia Considers How to Approach Pandemic Contacts Tracing by Jeremy Kirk, Executive Editor for Security and Technology, Information Security Media Group.
Video Conferencing – Privacy Policy Checks
Stay at home requirements during COVID-19 have led to a dramatic increase in video conferencing for both work and maintaining social connections with family and friends. The adoption of video conferencing tools over the last weeks has been impressive but it calls into question whether are most users aware of the data and privacy implications of using these tools. NYOB, an EU based not-for-profit with the mission of making privacy a reality, has carried out a review of the privacy policies of six video conferencing tools: Zoom, Webex Meetings (Cisco), Meeting (LogMeIn), Skype and Teams (both Microsoft) and Wire. Report on privacy policies of video conferencing services – 2020- NYOB
COVID19 – EU, US & International Resources
Below is a collection of useful privacy and data protection resources from the EU, US and globally. Data Protection Authorities guidance on COVID-19 published by Data Protection Authorities (DPAs) collated by International Association of Privacy Professionals. These provide information and frequently asked questions on data processing and COVID-19 across a […]
Read More
COVID19 – ANZ Legislation Update
In Australia, COVID-19 was declared a ‘human biosecurity emergency’ under the Biosecurity Act 2015 (C’th) on 21 March 2020. Dominic Villa SC has set up a useful collection of Australian legal resources relating to the coronavirus pandemic. Collating together the various statutory instruments that have been enacted by the Commonwealth and State Governments to deal with COVID-19, such as the Public Health (COVID-19 Restrictions on Gathering and Movement) Order 2020 (NSW) and similar orders in other states. In New Zealand, COVID-19 Response (Urgent Measures) Legislation Act 2020 is an omnibus Act to put in place for the necessary arrangements in order to implement COVID-19 Alert Level 4, or where arrangements are essential to respond effectively to COVID-19. The Law Society has published a COVID-19 Information page for legal practitioners, listing relevant NZ resources.
COVID19 – Global Open Data Initiatives
The Open Government Partnership (OGP) has created a webpage collating government approaches responding to COVID-19. The open government community is focused on applying the principles of transparency, accountability and participation to the COVID-19 response. The webpage contains a crowd sourced list from a wide range of countries with a […]
Read MoreIG Case Studies
Cleansing and Organizing Unstructured Data Stores in Preparation for Migration – ActiveNav
Background Regional wholesaler and largest supplier of treated water in the United States serving 19 million people, The Metropolitan Water District of Southern California (The “District”) had accumulated 80 TB of data over 30 years of file share use. With 1800 employees, the process to clean up the data was […]
Read More
Active Navigation – Equifax Case Study
Following the highly publicised Equifax data breach in 2017, Active Navigation’s software was deployed into a complex tech stack and worked to identify, classify and protect sensitive data assets. While IG, Legal, Risk and eDiscovery practitioners understand the need to minimise data in accordance with justifiable disposition of data and […]
Read More
Ameritas Leverages Technology for Improved Information Governance
This latest case study from the Information Governance Initiative demonstrates how Ameritas, an insurer, began with a pilot project to tackle a clearly identified business problem which they addressed using data analysis, indexing, searching, tracking and reporting tools from Active Navigation. Read the article now
Read More
Roadmap to Reducing Your Biggest Information Risk
In this white paper, sponsored by IGANZ supporter Active Navigation, Russel Stalters, CEO of Clear Path Solutions, outlines a roadmap for reducing your organisation’s biggest information risk. Read the article
Read More
Making IG Real: Six Stories from the Front Lines of Information Governance Success
Over a typical business cycle, a large organisation produces staggering volumes of data. This will include essential records, valuable business intelligence, and knowledge uniquely relevant to the business. But frequently 50% or more of the content is utterly useless – it is dead weight, consuming storage capacity and obscuring the […]
Read More
Information Governance at Work: Pandora Media
With the help of the file analysis and governance experts, the Pandora GRC team discovered that at least 60% of its unstructured data had no value and there was no business or legal reason to continue to spend precious resources on protecting and storing it. So they took control, realising significant […]
Read More
Information Governance Case Study – Les Schwab
Looking at one organization’s experience with IG, can provide valuable lessons and practical insights that will help all IG professionals mature their IG programs. This case study details a common but complex IG problem: managing the relationships among key IG players. Read the article now
Read MoreIGANZ Industry Report 2021
Over the last 5 years, InfoGovANZ has been tracking the development and trends in information governance via a comprehensive survey.
Our third industry survey reveals IG trends, particularly within the Australian and New Zealand region and highlights the status, priorities and challenges of information governance for organisation
The survey was distributed to our members, promoted in InfoGovANZ communications and on the website.
IGANZ Industry Report 2019
InfoGovANZ is delighted to present the results of our industry survey, which was conducted over a 12 month period from July 2018 to July 2019.
The survey was distributed to our members, promoted in InfoGovANZ communications and on the website.
This report details the responses to this industry survey with a focus on identified market trends.
IGANZ Industry Report 2017
InfoGovANZ is delighted to present the results of our industry survey, which was conducted over a 12 month period from July 2016 to July 2017.
This report details the responses to this industry survey with a focus on identified market trends, including the importance of defining and implementing an IG framework within organsiations, the main factors used to quantify IG benefits and the biggest obstacles organisations face when implementing IG.
Governance of Things - Keeping Our Members Up To Date
Each month we send to our members The Governance of Things newsletter with feature articles, latest news and developments, and upcoming events. You can explore past editions of the Governance of Things below.
Member only content (join now)
Member only content (join now)
Member only content (join now)
Member only content (join now)
