RIMPA and InfoGovANZ announce continued alliance
RIMPA and InfoGovANZ are delighted to announce their continued alliance. RIMPA has been aligned with InfoGovANZ for some years enabling members to embrace and learn from InfoGovANZ leaders in information governance. The term ‘information governance’ brings together a broad range of professionals from information and records management, legal, privacy, eDiscovery, […]
Read More
Changes to Australia’s Privacy Act: Overview and Preparation Checklist
In the wake of the recent wave of high-profile data breaches at Optus, Medibank and MyDeal, Attorney-General Mark Dreyfus tabled the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 (the Bill) in Parliament on 26 October 2022. The Attorney-General referred to the data breaches having highlighted ‘the potential to cause […]
Read More
InfoGovANZ is delighted to announce a new platinum sponsorship with Ansarada
Ansarada is a global information governance platform that companies, advisors and governments rely on for securely managing their critical information in high-stakes processes like deals, risk, compliance, board governance and infrastructure procurement. Ansarada is the software relied upon by business professionals in over 180 countries worldwide. As businesses grow and […]
Read More
Questions for boards to ask about cybersecurity
The Australian Cyber Security Centre (ACSC) has released a guide for boards and executives that discusses high-level topics to know about cyber security within organisations. Boards need to proactively build an understanding of their organisation’s specific cyber threat and risk environment. The Guide sets out how the board can understand as […]
Read More
Optus Data Breach – the risks of data over – retention
The Optus Data Breach incident has shed some much-needed light on the need for robust, top-down board governance over organisational data and information. It is evident that this attack has demonstrated the need for organisations to sufficiently invest in cyber-attack prevention, detection and response. While the Optus data breach is still under investigation, the consensus from government statements and external experts seems to be that that human error played a significant part in this data breach. It is not uncommon for human factors to either cause or amplify technical weaknesses resulting in a data breach, about one-third of all reported personal data breaches from OAIC’s Notifiable Data Breaches Reports are attributed to human error as the primary factor. Whether data breaches are caused by human error or technical fault, security experts widely agreed that organisations should consider data breaches a question of ‘when’ rather than ‘if’. This in turn […]
RIMPA and InfoGovANZ announce continued alliance
RIMPA and InfoGovANZ are delighted to announce their continued alliance. RIMPA has been aligned with InfoGovANZ for some years enabling members to embrace and learn from InfoGovANZ leaders in information governance. The term ‘information governance’ brings together a broad range of professionals from information and records management, legal, privacy, eDiscovery, […]
Read More
2022 Information Awareness Month One Day Seminar
This year’s Information Awareness Month One Day Seminar took place at the iconic Institute Building (1861), the first public cultural building in South Australia and was also livestreamed. The theme was “Building Trust in Information” and discussions revolved around facets that we need to trust in order to have trust in information. These included trust in people, process, technology and government. The seminar opened with remarks from Geoff Strempel, Director, State Library of South Australia. As a society we are “drowning in data” and in a knowledge economy IM practitioners are the trustees of information. A huge challenge is the massive data sets that need computers and machine learning to extract patterns and interpretations, but human intellect is still required to assess the outcomes and ultimately arrive at wisdom. ML and AI also raise ethical and privacy dilemmas as technology enable computers to essentially have free reign across the data. […]
New Frontiers and Information Technology Governance
Professor Michael Adams, Head of UNE Law School, InfoGovANZ Advisory Board Introduction The last two years have been a period of disruption due to COVID-19 pandemic and the need for all businesses and organisations to “pivot”. In the information governance space this has been a major positive and a serious risk. The positive is an up-grade in technology, so people can work from home. The use of collaborative tools, such as Sharepoint, MS Teams, ZOOOM, Google docs and many more have been a boon for flexibility. The EY 2022 Future Workplace Index [1] based on over 500 company responses across many sectors that 75% anticipate no central physical office in the foreseeable future and 72% have hybrid remote/office approaches in place. The big news is Pre-COVID about 45% of companies expected everyone in the office and only 15% could work remotely. Currently the status is only 27% in the office […]
InfoGovANZ releases the Information Governance Primer
Susan Bennett, Executive Director of Australian based think tank, Information Governance ANZ (InfoGovANZ), is delighted to launch the Information Governance Primer, which provides a wide-ranging overview on the fundamentals of good information governance. In today’s digital environment, the growing number and complexity of challenges associated with data and information have […]
Read More
IAM 2021 Events Summary Report
Information Awareness Month (IAM) is the opportunity for industry bodies and industry practitioners to work together to celebrate the amazing profession of managing information. The collaboration of industry groups continues to evolve by strengthening relationships which in turn, provides added exposure to all things information for all members. Industry bodies worked together to determine the trending issues impacting Information Management (IM) in 2021 and agreed that the National Archives of Australia (NAA) new policy “Building Trust in the Public Record” provided guidance on the theme for this year’s IAM. The IAM 2021 Events Summary report provides collaborative group members a summation of the discussions that occurred at each of the round tables with ideas to follow up in the ensuing years.
InfoGov IAM2021 Roundtable Report
The Information Governance (IG) Roundtable had an engaged discussion covering a wide range of current issues and drivers for information governance. The discussion covered: Drivers of Information Governance in 2021, the compelling reasons for organisations to implement Information Governance, what are the current challenges and actions for protecting information and more. Participants included Roxanne Missingham, Kathryn Dan, Alex Caughey Hutt, Dr Chris Colwell, Dani Wickman, Fiona Beatty, Judy Anderson, David Brous, Genevieve Dwyer, Brandon Voight, David Church, Amanda Dolman and Simon Costello. The roundtable was hosted by InfoGovANZ, facilitated by Susan Bennett and sponsored by ActiveNav. IG Drivers in 2021 Our discussion considered key trends in IG, noting that the InfoGovANZ IG Industry Report 2021 identified the three main drivers for IG as: External regulatory compliance and legal obligations; Good business management practices; and Internal technology restructuring or transitions. The role of regulatory compliance as a mechanism to elevate […]
Pioneer of IG – Dame Fiona Caldicott
Dame Fiona Caldicott, the first UK National Data Guardian for Health and Social Care passed away this year. Dame Fiona was the UK pioneer of Information Governance, with the publication of the Caldicott Report in 1997 setting the benchmark for the collection and use of personal information and the need for robust information governance to protect personal information. The Caldicott report established what became known as the Caldicott principles of information governance. The original six principles included: justify the purpose for using confidential information; use confidential information only when it is necessary; use the minimum necessary confidential information; access should be on a strict need-to-know basis; making sure anyone accessing confidential information is aware of their responsibilities; and comply with the law. In 2013, the Information Governance Review Report, chaired by Dame Fiona added a seventh principle and following a further review in 2016 an eighth principle was added. These made it clear […]
7 Information Governance Takeaways for 2021
As we put 2020 behind us and look forward to 2021, InfoGovANZ reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021. We’ve seen the different ways governments have responded to the COVID-19 pandemic and the results in managing the pandemic. Similarly, organisations have had to adapt to the changes and, in particular, to faster digital transformation. Robust governance of organisations and of information has never been so important. Increased cyber risks and the importance of access to real-time and accurate data for decision-making, both at the board level and throughout the organisation, are now critical issues. Given the expected ongoing complex and uncertain operating environment in 2021, robust information governance is needed to provide […]
Accountability & IG – Sonya Sherman
As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021. We’ve seen the different ways governments have responded to the COVID-19 pandemic and the results in managing the pandemic. Similarly, organisations have had to adapt to the changes and, in particular, to faster digital transformation. Robust governance of organisations and of information has never been so important. Increased cyber risks and the importance of access to real-time and accurate data for decision-making, both at the board level and throughout the organisation, are now critical issues. Our expert panel included InfoGovANZ Advisory Board member, Sonya Sherman, with over 20 years’ experience is a highly regarded […]
Collaboration & IG – Bryn Bowen
As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021. We’ve seen the different ways governments have responded to the COVID-19 pandemic and the results in managing the pandemic. Similarly, organisations have had to adapt to the changes and, in particular, to faster digital transformation. Robust governance of organisations and of information has never been so important. Increased cyber risks and the importance of access to real-time and accurate data for decision-making, both at the board level and throughout the organisation, are now critical issues. Our expert panel included InfoGovANZ International Council member, Brynmor Bowen, Principal Consultant at Greenheart Consulting Partners, and a Board […]
Trust & Information Insights – Sarah Auva’a
As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021. We’ve seen the different ways governments have responded to the COVID-19 pandemic and the results in managing the pandemic. Similarly, organisations have had to adapt to the changes and, in particular, to faster digital transformation. Robust governance of organisations and of information has never been so important. Increased cyber risks and the importance of access to real-time and accurate data for decision-making, both at the board level and throughout the organisation, are now critical issues. In the world of data privacy, unfortunately trust and confidence in the way that organisations use data was already […]
Hindsights and Insights Report – Information governance reflections on 2020 and insights for 2021
As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021. You can read the insights of our expert panel in InfoGovANZ Key Learnings from 2020 – Action and Insights for 2021 Report, which is available for download here. The recording of the webinar on InfoGovANZ Key Learnings from 2020 – Action and Insights for 2021, which took place on 28 January 2021, is available for download here.
Ethics & Implementing AI Responsibly – Aurelie Jacquet
As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021. Our expert panel included InfoGovANZ International Council member Aurelie Jacquet, who works on leading global initiatives for the implementation of Responsible AI with both the International Standards Organisation (ISO) and the Institute of Electrical and Electronics Engineers (IEEE). With ISO, Aurelie is the chair of the Standards Australia committee representing Australia at the international standards on Artificial Intelligence. With the IEEE, she is an expert for the Ethics Certification Program for Autonomous and Intelligent Systems, and leads the work stream on Dignity and Agency as part of IEEE’ s Digital Inclusion, Identity, Trust, and […]
Cybersecurity & IG Insights – Dr Peter Chapman
As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021. We’ve seen the different ways governments have responded to the COVID-19 pandemic and the results in managing the pandemic. Similarly, organisations have had to adapt to the changes and, in particular, to faster digital transformation. Robust governance of organisations and of information has never been so important. Increased cyber risks and the importance of access to real-time and accurate data for decision-making, both at the board level and throughout the organisation, are now critical issues. Our expert panel included InfoGovANZ Advisory Board member Dr Peter Chapman who brings expertise in cybersecurity and Information Governance. […]
Unlocking Data Value – Ronke Ekwensi
As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021. We’ve seen the different ways governments have responded to the COVID-19 pandemic and the results in managing the pandemic. Similarly, organisations have had to adapt to the changes and, in particular, to faster digital transformation. Robust governance of organisations and of information has never been so important. Increased cyber risks and the importance of access to real-time and accurate data for decision-making, both at the board level and throughout the organisation, are now critical issues. Our expert panel included InfoGovANZ International Council member Ronke Ekwensi, who is Vice President of Data Management at Prudential. […]
Building trust in the public record – Public Release schedule
The National Archives of Australia‘s new whole-of-government information management policy, Building Trust in the Public Record: managing information and data for government and community is now in force – https://bit.ly/3nfgGlV The new policy supports a holistic approach to information and asset management using information governance. The aim of the policy is to continue to improve information management capability within the Australian Government (Cth) to meet current and future needs for trusted, authentic and reliable records, information and data for government and community. Accompanying the policy release are new, updated and existing National Archives guides and supporting advice to help government agencies implement the policy and meet each of the 17 policy actions. Learn more about what is required here including reviewing and updating your information governance framework to incorporate enterprise-wide information management including governance of records, information and #data: https://bit.ly/3ndX5CC
Building Trust in the Public Record Highlights
Information Governance ANZ was pleased to host an interactive forum with David Fricker, Director-General of the National Archives of Australia regarding the new policy Building Trust in the Public Record: managing information and data for government and community. This interactive session covered: · Key information management requirements for Australian Government agencies · Actions that agencies can take to build information management capability and address areas of low performance · Current and future needs for authentic and reliable information and dat a by government and community The importance of trust David outlined the role of the National Archives and its responsibilities under the Archives Act 1983. NAA identifies archival resources, preserves them and provides the government and community with access to those resources. The Archives also develops standards to help Commonwealth agencies manage data and information – ensuring the integrity and accessibility of these resources for as long as they are needed. The public […]
Universities information governance in a time of COVID-19
Without a shadow of a doubt, 2020, will be remember for the impact of COVID-19, lockdowns, deaths and hospitals stretched to the limits. For Australia, the pandemic also followed the worst drought in a century and the worst bushfires in recorded history. This has had a profound impact on one of Australia’s largest exports, valued at over trillion dollars, education. Universities across Australia have been impacted in so many ways, which have pushed their systems to their limits. It has highlighted the importance of data and technology and the crucial importance of information governance. Issues In April 2020, I was interviewed by GRC Professional journal on the risks to universities (before COVID-19 had taken a grip, but once Chinese student visas were cancelled). I was asked “What are some the broad risks that universities face?” My reply was the current risk in Australian universities is, without doubt, the impact of […]
AI Transparency in Digital Government
In celebration of International Access to Information Day and Right to Know Week in NSW 2020, we held an event on AI Transparency in Digital Government with NSW Information Commissioner Elizabeth Tydd, Victorian Information Commissioner Sven Bluemmel and Dr Jat Singh, Senior Research Fellow at the University of Cambridge. The discussion focused on the duty government agencies have to disclose algorithms used in providing services and making decisions about services and benefits to citizens. The Commissioners highlighted that robust procurement processes are essential where technology using algorithms are being procured by agencies. Commissioner Bluemmel said the bar needs to be set really high where the algorithmic decision-making involves people and their liberties and livelihood. Transparency is necessary to understand how the decisions are made in order to assert our rights. Dr Singh pointed out that transparency needs to be meaningful so that it allows us to be able to interrogate, scrutinize and challenge, and it requires organisations to give careful consideration […]
NAA’s new policy: Building Trust in the Public Record
The National Archives of Australia (NAA) published in July 2020 the draft policy Building Trust in the Public Record: managing information and data for government and community. It was been released together with a list of supporting advice that exists, or will be developed or updated, to support the policy. InfoGovANZ submitted its feedback in response to the new policy, which is available here. The new policy will take effect from 1 January 2021 and will follow the current Digital Continuity 2020 policy (DC2020) which concludes at the end of this year. The policy seeks to improve information management capability within the Australian Government to meet current and future needs for authentic and reliable information and data by government and community.
For Governance, Integration Matters
Effective corporate governance is not a one-size-fits-all approach, as recognised by regulators and self-regulatory organisations around the world. Principles propounded by local advisory and governing bodies provide guidance on how to effectively and transparently manage an organization and ensure it is meeting its obligations to all stakeholders. We will examine how corporate governance principles can be enhanced and improved by the explicit integration of information governance into companies’ corporate governance schema. Corporate Governance Corporate governance is, in its most general terms, how a business is controlled, governed, and operated. Principles of good corporate governance include fairness, accountability, responsibility, and transparency. A company’s system of governance is its framework of rules, relationships, controls, and processes. Company management and boards have myriad responsibilities. These range from planning for pandemics, natural disasters, and other major events that can affect a company’s basic ability to conduct business and disrupt operations; managing the company’s […]
Information Governance Key to Good Corporate Governance
Information governance, data protection and security, privacy, cybersecurity and artificial intelligence (AI) have all become critical topics for boards and government bodies to consider. Historically, the issues tended to be dealt with under either ‘IT’ issues or records and information compliance issues. In recent years, the importance of cybersecurity, AI and data analytics together with changing privacy regulations have brought new governance challenges to the forefront of the minds of directors. Top issues for Directors There are common themes in the surveys of top issues confronting Boards of Directors, which have been carried out in recent years. These include the opportunities and challenges arising from technology innovation and disruption, the overriding concern of cybersecurity and data breach, which is highlighting the importance of information security, and regulatory compliance including changing privacy regulations. The Akin Gump Lawyers group in the USA report an annual “Top 10 topics for Directors” each year, […]
COVID19 – Global Open Data Initiatives
The Open Government Partnership (OGP) has created a webpage collating government approaches responding to COVID-19. The open government community is focused on applying the principles of transparency, accountability and participation to the COVID-19 response. The webpage contains a crowd sourced list from a wide range of countries with a variety of initiatives, including: the release of theoretical models and data underpinning governments’ strategies; digital platforms and apps to keep citizens informed; and efforts tackling misinformation and disinformation online. The Open Government Partnership (OGP) is a multilateral initiative that aims to secure concrete commitments from national and local governments to promote open government, empower citizens, fight corruption, and harness new technologies to strengthen governance. Formed in 2011, its members now include governments from across 78 countries and thousands of civil society groups, representing more than 2 billion people worldwide. Open government strives to provide transparency and accountability to the public, […]
Information and Data Governance Driving Interoperability
Achieving interconnected services, sharing and re-using information and data assets requires strategic planning and investment. The Data Interoperability Maturity Model (DIMM) is the latest advice from the National Archives of Australia for building interoperability under the Digital Continuity 2020 Policy. It highlights the importance of information and data governance to drive interoperability initiatives. The Director-General of the National Archives of Australia, David Fricker stated, ‘it is often said the data is the ‘oil’ of the 21st century, because in the future data will be the principal resource that drives our economy and our way of life. Just like oil, data has to be properly managed. It must discoverable, and of sufficient quality – pure, authentic and reliable – to drive the processes that rely on it. Unified information and data governance empowers an organisation to align its interoperability objectives while balancing associated risks.’ The DIMM’s downloadable assessment tool helps your […]
Automated Speech Recognition
While Automated Speech Recognition (ASR) technology has been present in various forms for decades, advances in statistical modelling, artificial intelligence (AI) and automation connectively have resulted in a new frontier for speech-based interaction between humans and computer systems. In this article Dr Peter Chapman, Director in the KPMG Forensic Technology team and InfoGovANZ advisory board member, details some of the current applications of ASR technology and offers guidance on a number of emerging governance issues associated with these technologies. As a concept, computerised Automated Speech Recognition (ASR) has been around almost as long as the computer itself. However, only in the last decade have the capabilities of ASR technology reached the point where wide-scale commercial adoption is viable1. Natural human speech contains slang terms, dialect peculiarities, abbreviations and other “non-standardised” content. While humans are very adept at managing these issues, the enormous variability of human speech makes ASR a very […]
Shaping a Layered Approach to Cybersecurity in Australia
“We shape our buildings; thereafter they shape us,” – Winston Churchill. At Relativity, we believe in shaping our security posture in layers so it will continue to grow and better adapt to the needs of the market, the threat landscape, and our customers around the world. In the APAC market […]
Read More
Optus Data Breach – the risks of data over – retention
The Optus Data Breach incident has shed some much-needed light on the need for robust, top-down board governance over organisational data and information. It is evident that this attack has demonstrated the need for organisations to sufficiently invest in cyber-attack prevention, detection and response. While the Optus data breach […]
Read More
2022 Information Awareness Month One Day Seminar
This year’s Information Awareness Month One Day Seminar took place at the iconic Institute Building (1861), the first public cultural building in South Australia and was also livestreamed. The theme was “Building Trust in Information” and discussions revolved around facets that we need to trust in order to have trust […]
Read More
OAIC Data Breach Notification Report
The Office of the Australian Information Commissioner’s (OAIC) latest Notifiable Data Breaches Report highlights how OAIC expects entities to prevent and respond to data breaches caused by ransomware and impersonation fraud. The OAIC received 446 data breach notifications from January to June 2021, with 43% of these breaches resulting from cyber security incidents. Data breaches arising from ransomware incidents increased by 24%, from 37 notifications in the last reporting period to 46. Read the latest report here.
Trust & Information Insights – Sarah Auva’a
As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on […]
Read More
Cyber Risk Management and the Value of Cyber Insurance
The technology revolution has created unprecedented developments in the way that business is transacted, how information is obtained, how we communicate with each other and how data is sourced and stored. The reality of these developments has also lead to unparalleled increases in the ability of criminals to act in a digital environment rather than in the physical world and cyber crime has never been more financially rewarding. Cyber risk and cyber exposure exists for every business that uses technology and connects to any form of information systems and networks. Size of business, industry factors and reliance on technology for critical operations can increase cyber risk vulnerability, but no business is immune. Managers are faced with the challenge of protecting against cyber risk and implementing strategies and procedures to safeguard against the potential loss and damage suffered in a cyber event. Cyber risk management is a holistic approach to evaluating […]
Cybersecurity & IG Insights – Dr Peter Chapman
As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on […]
Read More
OAIC Data Breach report: January – June 2020
The Office of the Australian Information Commissioner (OAIC) has released its Notifiable Data Breaches (NDB) Report for January to June 2020. Malicious or criminal attacks remain the leading cause of data breaches involving personal information in Australia. Commissioner Angelene Falk said, ‘this trend has significant implications for how organisations respond to suspected data breaches — particularly when systems may be inaccessible due to these attacks. It highlights the need for organisations to have a clear understanding of how and where personal information is stored on their network, and to consider additional measures such as network segmentation, robust access controls and encryption.’ In other findings: Health service providers continued to be the top reporting sector (115 notifications), followed by the finance and education sectors, and the insurance industry making the top 5 sectors for the first time. The number of notifications resulting from social engineering or impersonation has increased by 47%. Actions taken by […]
Information Security Risk Management Practitioner Guide – OVIC
The Office of the Victorian Information Commissioner (OVIC) issues security guides to support the Victorian Protective Data Security Standards (VPDSS). This document provides organisations with guidance on security risk management fundamentals to enable them to undertake a Security Risk Profile Assessment (SRPA) as required under s89 of the Privacy and Data Protection Act 2014(PDP Act) and is designed to support practitioners and information security leads.
Information Governance + COVID-19 Roundtable Report
To celebrate Information Awareness Month (IAM2020) and Privacy Awareness Week (PAW2020), we kicked off with an online panel discussion on the myriad of Information Governance issues arising from the COVID-19 pandemic. Our panellists included – Melanie Marks, Christopher Colwell, Sonya Sherman, Dr Peter Chapman, Matthew Golab and the discussion was facilitated by Susan Bennett. The importance of connectivity and of access to trusted information, the role of fit for purposes systems to capture records during a crisis and accountability for decisions made during the pandemic period were all highlighted. Discussion around the COVIDSafeApp emphasised that privacy by design and governance of data are key for user trust. A key focus of the discussion were increased information security and cybersecurity risks with the move to working from home. These include the risks of data leakage, data breach, shadow IT and cyber-crimes. In summary, the discussion emphasised that the myriad of information, records, […]
Broken Trust – The Information Security Dangers of Insider Threats
The increasing awareness of external cyber-security threats has executives focused on how their organisation can be defended against the “enemy at the gates”. But are organisations just as much at risk from an “enemy within”? In this article Dr Peter Chapman, Director in the Ferrier Hodgson Forensic Technology and eDiscovery team and InfoGovANZ advisory board member, provides an opinion and case study on insider threat. The media provides us with constant reminders of the threat of cyber-criminals and other external attackers. Recent legislative and regulatory changes such as the European Union GDPR requirements and mandatory breach notification amendments to the Australian Privacy Act have only increased our awareness, specifically with regards to ensuring that personally identifiable information (PII) in the possession of the organisation is safeguarded. While PII data is undoubtedly a target of external attackers, and external threats must be guarded against, organisations may be overlooking significant insider […]
Information Security & Information Governance – how they work together
Information (data) security, cybersecurity and IT security all usually refer to the protection of computer systems and information assets by suitable controls, such as policies, processes, procedures, organizational structures and software and hardware functions. The type and extent of controls depends on the scope and maturity of the business function (usually the Security Department) applying the controls, or, depends on the specialisation/focus of the team, such as Perimeter/Firewall or Identity Management. Each function tends to have a different perspective of information security, compared to other functions, due to their focused specialisation. A close parallel is the health profession. You see a GP doctor when unwell, and are referred to a specialist who knows much more than your GP about a particular field of expertise. I know that my GP would not want to perform open heart surgery at all. And equally, a heart specialist would not have up-to-date and practical […]
Cyber Insurance: how it works and the benefits of Information Governance
As the number and size of cyber attacks on businesses continues to increase, the risk of experiencing a data breach is higher than ever. The resulting cost of these breaches can be significant – according to the Ponemon Institute’s 2017 Cost of Data Breach Study, these totalled $2.51 million per year across the organisations that were recruited for the research. As a result, an increasing number of organisations are choosing to invest in a cyber insurance policy, which allows them to claim cyber incident response expenses, regulatory fines, legal defence costs and business interruption losses. In other words, offset the cost of a potential data breach. This article outlines the benefits of cyber insurance and explains why, in today’s digital age, it is vital for organisations to invest in this class of insurance, in addition to understanding the information governance obligations that their insurance policy places on them. What […]
LawFest 22: Re-connecting & challenging your thinking
On 28 September, 365 legal professionals from across Aotearoa and abroad gathered in person in Auckland for the premier legal innovation and technology event on the New Zealand calendar. LawFest is the only opportunity in New Zealand for the legal and technology community to come together to network, collaborate and […]
Read More
Retention and deletion of PI collected during COVID-19
OAIC has published a new guidance on retention and deletion of personal information (PI) collected during the COVID-19 pandemic. As restrictions continue to ease, entities should take stock of personal information they hold and assess whether it is necessary to continue to collect and retain PI. Australian Privacy Principles 11.1 and 11.2 require that reasonable steps be taken to protect personal information and personal information be destroyed or deidentified once it is no longer needed. If information is stored electronically, such as in cloud-based storage, servers, USBs or with a third-party provider, you should ensure that the digital records are permanently destroyed, including in any back-up system or offsite storage. It is also important to consider whether employees require any training to ensure that personal information is securely destroyed. Access the Guidance here.
IAPP Global Summit 2022 Report
Celebrating the joy of reconnecting was the theme of the opening address by Trevor Hughes, President and CEO of IAPP. This year’s Global Privacy Summit had over 4,000 attendees and took place over four jam-packed days in Washington DC. The Opening General Session got off to a flying start with three very different and thought-provoking key notes. Bestselling author Malcolm Gladwell highlighted the lessons to be learned from his recent book “The Bomber Mafia”. Warning against asking the wrong questions and solving the wrong problems, he noted that technology takes time to evolve and that “visionaries need help” with practical application. Gladwell urged the audience to be humble about what technology can do and patient before deploying well-intended technological innovations with uncharted moral consequences. Professor Amy Gajda, author of “Seek and Hide”, discussed the pivotal 1928 Supreme Court case of Olmstead v. United States, in which Justice Louis Brandeis dissented […]
OAIC’s updated guidance on vaccination status and protecting privacy
OAIC has updated its guidance on COVID-19: Vaccinations and privacy rights as an employee and Vaccinations: Understanding your privacy obligations to your staff. Key points include: Vaccination status information can only be collected without consent in circumstances where the collection is required or authorised by law (including a state or territory public health order or direction). Only the minimum amount of personal information reasonably necessary to maintain a safe workplace should be collected, used or disclosed. Vaccination status information should only be used or disclosed on a ‘need-to-know’ basis. You must inform employees about how their vaccination status information will be handled. Ensure you take reasonable steps to keep employee vaccination status and related health information secure.
New Zealand’s Privacy Commissioner releases a paper on biometric regulation
New Zealand’s Office of the Privacy Commissioner (OPC) has released a position paper setting out how the Privacy Act regulates biometrics. The increasing role of biometric technologies in the lives of New Zealanders has led to calls for greater regulation of biometrics. In a statement releasing the paper, the OPC said, ‘[it] believes that the privacy principles and the regulatory tools in the Privacy Act are currently sufficient to regulate the use of biometrics from a privacy perspective.’ The paper is intended to inform decision-making about biometrics by all agencies covered by the Privacy Act, in both the public and private sectors. This position paper will be reviewed six months after publication, in consultation with key stakeholders, to assess its impact and whether any further steps are required. Read the OPC’s summary of key issues or the full position paper.
Digital Identity Legislation
The Australian Government has released an exposure draft of the Digital Identity legislation (the Trusted Digital Identity Bill) to support the expansion of the Australian Government Digital Identity System (the System). The proposed legislation aims to enshrine in law, privacy and consumer safeguards in the System as it expands to include more services and sectors. The legislation also establishes permanent governance arrangements to be guided by principles of independence, transparency and accountability. Feedback is being sought on the draft legislation and the accompanying documents to make sure the System meets the expectations of Australians and Australian businesses. Available on the Digital Identity website: Guide to the Digital Identity legislation Trusted Digital Identity Bill 2021 exposure draft Trusted Digital Identity Framework (TDIF) accreditation rules Trusted Digital Identity rules Regulation Impact Statement (RIS)
OVIC Guidance on Collaboration Tools
The rise of flexible working arrangements means that collaboration tools, such as videoconferencing and instant messaging tools, as well as cloud-based document creation and sharing services, are increasingly essential to facilitate collaboration. The Office of the Victorian Information Commissioner has provided guidance to assist organisations to consider their privacy obligations when implementing and using collaboration tools, plus information security and record-keeping considerations. Read the Guidance here.
National COVID-19 Privacy Principles
The Office of the Australian Information Commissioner and State and Territory privacy commissioners have produced universal privacy principles to support a nationally consistent approach to solutions and initiatives designed to address the ongoing risks related to the COVID-19 pandemic. These high-level principles provide a framework to guide a best practice approach to the handling of personal information during the pandemic by government and business. Read the Principles here.
Protection of Personal Information in Universities
The protection of information by universities has come under focus in recent years as a number of Australian universities have been subject to cybersecurity attacks. These attacks highlight the risks of data breaches and the potential impact on students, staff, and research participants. This led to the Office of the Victorian Information Commissioner (OVIC) examining the policies and procedures that Victorian universities have implemented to protect the personal information that they hold from loss and misuse. The Victorian Information Commissioner released its report on the Examination of Victorian universities’ privacy and security policies report on 29 June 2021 (report). The findings included that not all universities have clear policies and procedures to guide staff to destroy personal information when it is no longer needed, and some do not have written guidance about sharing personal information with third parties to support staff to consider information security risks. The Victorian Information Commissioner, […]
Protection of personal data in universities Examination Report
Victoria’s Information Commissioner recently released a report following an examination of the privacy policies and procedures in eight Victorian universities. The report found that many universities don’t have clear policies to guide staff to destroy personal information when it is no longer needed. While Universities are prioritising ICT and cybersecurity risks, in general, they have less of a focus on managing risks to personal information related to physical and personnel security. The report includes recommendations for universities to strengthen the protection of personal information by developing policies and procedures to identify and document the personal information they hold, where it is held, and for sharing information with third parties and contracted service providers. InfoGovANZ is hosting a session with Sven Bluemmel – Victorian Information Commissioner to highlight the key findings of the report and discuss the recommendations, book your ticket here. Read more about the report here.
OAIC guidelines on the collection of staff vaccination status
With the COVID-19 vaccine national rollout underway, the Office of the Australian Information Commissioner has released a new COVID-19 Vaccinations privacy guidance for employers to understand their obligations when collecting, using, storing and disclosing employee health information related to the vaccine. It complements the COVID-19 Guidance for employers which provides more general information about the privacy obligations of Australian Government agencies and organisations covered by the Privacy Act 1988.
OPC’s new interactive online tools
The Office of the Privacy Commissioner has created two new interactive online tools to help organisations and businesses understand what they need to do if they are sending New Zealanders’ personal information overseas to comply with the new principle 12. The Principle 12 Decision Tree – is designed to help organisations, especially SMEs, easily work out if principle 12 applies to information they are disclosing overseas and whether they have to comply with it. You can try the Principle 12 Decision Tree here. If principle 12 does apply to the disclosure of information, the best and most practical way to comply with it might be to have an agreement with your foreign person or entity that provides for comparable safeguards to New Zealand’s Privacy Act. Businesses and organisations now use the Model Contract Clause Builder to generate an agreement. You can try the Model Contract Clauses Agreement Builder here.
APAC Privacy Law Update: Cross Border Transfers
With a range of new regulations, tools and projects underway, Information Governance ANZ were pleased to host a virtual forum with updates on the latest data privacy developments across the Asia Pacific region. This interactive session was facilitated by Susan Bennett, Founder of InfoGovANZ and our special guests included: NZ Privacy Commissioner – John Edwards Senior Research Fellow, Asian Business Law Institute – Dr Clarisse Girot Director, Simply Privacy – Daimhin Warner New Zealand’s Privacy Act 2020 comes into force on 1 December 2020 and introduces new limitations on cross-border transfers. Commissioner Edwards spoke about the new legislation and provided a brief history of the Act since 1993. It applies across the economy (both public and private sector organisations), is based on the 1980 OECD data protection principles and is technology-neutral. He noted the Act has remained largely unamended during the intervening decades. New Zealand received an ‘adequacy ruling’ by […]
OAIC Data Breach report: January – June 2020
The Office of the Australian Information Commissioner (OAIC) has released its Notifiable Data Breaches (NDB) Report for January to June 2020. Malicious or criminal attacks remain the leading cause of data breaches involving personal information in Australia. Commissioner Angelene Falk said, ‘this trend has significant implications for how organisations respond to […]
Read More
Protecting Privacy by Minimizing Data
Posted with permission from Active Navigation, originally published on June 1. Ten years ago, there was no such thing as too much data. Notions about data being the “new oil” prompted organizations to horde every byte they could, hoping that they might be able to harness it down the road. Combined with the notion that “storage is cheap,” this belief has led many companies to exponentially increased their risk rather than their opportunity. New data privacy regulations in Europe and the United States impose a significant burden of care on organizations regarding their data collection processes. In fact, data minimization is a fundamental principle within the European Union’s General Data Protection Regulation (GDPR). Whether governed by the GDPR or state privacy regulations like the California Consumer Privacy Act (CCPA), businesses must now limit the personal data they collect and dispose of it once it is no longer needed for a […]
P3 Project Privacy Podcast from Active Navigation
Looking for a new podcast about data privacy? Active Navigation has exactly what you need – the P3: Project Privacy Podcast aims to help you understand the evolving data privacy landscape. Episodes include: The ROI of Proper Data Management; Records Management in Highly Regulated Industries; High Stakes Records Management; The NIST Privacy Framework; Open Data During Times of Crisis. You can listen to the podcast anytime on the Active Navigation website.
Information Security Risk Management Practitioner Guide – OVIC
The Office of the Victorian Information Commissioner (OVIC) issues security guides to support the Victorian Protective Data Security Standards (VPDSS). This document provides organisations with guidance on security risk management fundamentals to enable them to undertake a Security Risk Profile Assessment (SRPA) as required under s89 of the Privacy and […]
Read More
OAIC Privacy Assessment tool
OAIC launched a new Privacy Impact Assessment Tool (DOCX), which helps you conduct a PIA, report its findings and respond to recommendations. Accompanying the Guide to undertaking privacy impact assessments, entities are encouraged to take a flexible approach and adapt this tool to suit the size, complexity and risk level of their project.
Data Privacy in APAC – comparative review on cross-border transfers
In June, ABLI published an important comparative study on the laws and regulations relating to personal data transfers in Asia. We are heartened to see this comparative study widely disseminated and used in all national and supra-national forums where data transfer issues are discussed. The write-up of that study was supported by a comparative table of the various provisions relating to these transfers in 14 APAC jurisdictions, which we have made freely available for the benefit of all. We are pleased to announce that this table was updated on 20 November to take into account multiple recent developments that took place in the legal systems of several of those jurisdictions, including the release for comments of the draft Personal Data Protection Law of China, the entry into force of the new Privacy Act of New Zealand, the amendments made to the Personal Information Protection Act and the Network Act of […]
COVID19 – Data and Privacy
COVID-19 has brought to the forefront the importance of real-time accurate data for scientists to analyze and model and for government leaders to make decisions on. InfoGovANZ has complied a series of COVID-19 curated articles and resources, updated monthly. June 2020 OVIC has released new guidance on how the exemptions in the Freedom of Information Act should be applied. OVIC has updated the FOI and COVID19 FAQs for agencies – read them here – to include questions about the new COVID-19 regulations including: what to do if your agency is completely shut down; and how to verify an applicant’s identity. Australian Information and Privacy Commissioner (OAIC) has updated it’s FOI FAQ with the latest COVID-19 relevant questions including how to make an FOI complaint during the COVID-19 outbreak. May 2020 Australian and New Zealand Information Access Commissioners join with their international counterparts in their clear call for documentation, preservation and […]
Culture of FOI in Victoria
The Office of the Victorian Information Commissioner (OVIC) published new research on freedom of information (FOI) culture in Victoria and the importance of proactive and informal release of information. “The release of documents under the FOI Act is not the only way that governments can share information with the public” said Information Commissioner Sven Bluemmel. “Governments can also get on the front foot and proactively release information, without the need for individuals to first make an FOI request.” OVIC strongly encourages all agencies to adopt policies and systems that facilitate the release of information proactively and informally. Proactive transparency will help to build public trust, which will assist governments to address complex policy issues and improve service delivery. Read the key findings here.
Information Access Study
Information Access Commissioners and Commonwealth Ombudsman have released the findings of their second cross jurisdictional study of community attitudes on access to government information. The 2021 Information Access Study measures citizens’ awareness of the right to access government information, and their experiences and outcomes in exercising that right. Key findings include: The importance of the right to access information is consistently recognised by respondents in each jurisdiction. The majority of respondents in each jurisdiction were aware that they had the right to access information from government departments/agencies. In general, citizens were able to obtain information successfully in each jurisdiction. Read the statement from the Commissioners or view the research findings here.
Response to Tune Review
The Australian Government has agreed or agreed in principle to all 20 recommendations made by the Functional and Efficiency Review of the National Archives of Australia(NAA) referred to as the Tune Review. While the Tune Review recommended a proposed Government Information Management Model (GIMM), where records management across government would be centralised to the NAA, the Government intends as the first step to convene a committee to drive efficiencies and improvements in the short to medium term. Read the Tune review and the Government’s response.
OVIC Guidance on Collaboration Tools
The rise of flexible working arrangements means that collaboration tools, such as videoconferencing and instant messaging tools, as well as cloud-based document creation and sharing services, are increasingly essential to facilitate collaboration. The Office of the Victorian Information Commissioner has provided guidance to assist organisations to consider their privacy obligations […]
Read More
Report into delay in Victorian FOI decisions
The Victorian Information Commissioner’s report into the delay in disclosure of government documents under the Freedom of Information Act 1982 (Vic) was recently tabled in the Victorian Parliament. Between 2015 and 2020, the proportion of FOI decisions made on time in Victoria declined from 95% to 79%. The investigation examined the extent and causes of delay at agencies, which included resourcing issues, process, technology, culture, communication and the impact of the COVID-19 pandemic. Read the report here.
NAA receives $67m to digitalise old records
Almost 300,000 records of Australian history including radio recordings of former prime minister John Curtin and a petition to King George V for Indigenous representation in Federal Parliament will be saved after a $67.7 million funding injection into the National Archives. The Tune Review, released in March this year said immediate action was needed to preserve deteriorating records in paper-based form, as well as magnetic tape audiovisual records, photos and film, to ensure they weren’t lost forever. Cybersecurity was also underscored as an urgent priority, with the collection of government records otherwise vulnerable to obsolescence, attack, compromise or loss.
The Tune Report
The recently released Tune Report proposes a new integrated, whole of government model for information management and record keeping and for the storage, digitisation and preservation of government records across the Australian federal government. The model seeks to generate efficiencies across government sufficient to support the necessary investment in digital capacity within the National Archives and other priorities. It has three tranches: A major investment in a new 5th Generation Digital Archive (5thGDA) that will bring the National Archives ICT systems into the digital age, enabling end-to-end handling of records from creation through to access A Government Information Management Model (GIMM), with the National Archives having responsibility for information management across Australian Government agencies, to support improved records management, to provide better compliance with the objectives set down in the Archives Act, and to escalate digitisation of the Archives records. This seeks to provide whole-of- government efficiencies A Centralised Storage […]
Integrated information governance: InfoSec and RM working together for safer sharing
This article aims to generate discussion about strategies to improve information security – in particular to support people in appropriately handling sensitive information (recognising the human factor as one of the main weaknesses in security programs); leveraging existing systems and frameworks to enhance interoperability; and encouraging knowledge sharing between IG professionals across different domains. Please share your thoughts in the comments section below. SUMMARY Both national security and crisis management require highly sensitive information to be securely shared between applications, individuals, organisations and jurisdictions. Vulnerabilities could leave agencies exposed to greater risks during a period with a high threat of espionage. Automation can support people sharing sensitive documents, to reduce manual handling and human error. This could be achieved by enhancing existing capabilities and standards, drawing on frameworks from both information security and records management. Geopolitics and COVID-19 bring renewed focus to cybersecurity Cybersecurity is a priority for all organisations, […]
Building trust in the public record – Public Release schedule
The National Archives of Australia‘s new whole-of-government information management policy, Building Trust in the Public Record: managing information and data for government and community is now in force – https://bit.ly/3nfgGlV The new policy supports a holistic approach to information and asset management using information governance. The aim of the policy is to continue […]
Read More
Building Trust in the Public Record Highlights
Information Governance ANZ was pleased to host an interactive forum with David Fricker, Director-General of the National Archives of Australia regarding the new policy Building Trust in the Public Record: managing information and data for government and community. This interactive session covered: · Key information management requirements for Australian Government agencies · Actions […]
Read More
AI Transparency in Digital Government
In celebration of International Access to Information Day and Right to Know Week in NSW 2020, we held an event on AI Transparency in Digital Government with NSW Information Commissioner Elizabeth Tydd, Victorian Information Commissioner Sven Bluemmel and Dr Jat Singh, Senior Research Fellow at the University of Cambridge. The […]
Read More
NAA’s new policy: Building Trust in the Public Record
The National Archives of Australia (NAA) published in July 2020 the draft policy Building Trust in the Public Record: managing information and data for government and community. It was been released together with a list of supporting advice that exists, or will be developed or updated, to support the policy. […]
Read More
Is Your Data Estate an Unstructured Mess? How a Spring-Cleaning Project Can Reduce Your Organization’s Risk
Posted with permission from Active Navigation, originally published on June 10. In this special guest feature, Dean Gonsowski, Chief Revenue Officer at Active Navigation, InfoGovANZ’s Foundation Sponsor, focuses on what steps a company needs to follow to review, understand and clean-up their data to eliminate security risks. As a former litigator/GC/AGC, Dean has a proven track record of accelerating the rapid development of high growth, venture backed software companies (such as Relativity/kCura, Clearwell/Veritas, Recommind/Opentext). He is a seasoned professional with the ability to build/manage teams, run P&Ls in executive leadership roles including Sales, Strategy, Business Development, Marketing and Professional Services. Dean has a JD from the University of San Diego School of Law and a BS from the University of California, Santa Barbara. The volume and variety of data created in the past decade doesn’t show signs of slowing down – nor does the pace of hacking attempts. Unstructured data, also […]
Release of the Palace Letters – National Archives of Australia
After 37 years we can view the correspondence between the Governer-General and the Palace in the lead up to the dismissal of the Whitlam Government. Watch National Archives of Australia Director-General David Fricker on the release of the Palace Letters – all 1,200 pages, here: https://bit.ly/300Kb0U Congratulations to Professor Jenny Hocking on the historic High Court win enabling the National Archives of Australia to release the records. The Palace Letters are now available to download as PDFs on the National Archives of Australia website.
Digital Records and the GIPA Act – IPC NSW
The Information and Privacy Commissioner NSW has developed a fact sheet to provide guidance about the definition of record, in particular digital records under the GIPA Act and what it means for agencies. The fact sheet also outlines the importance of agencies maintaining good digital recordkeeping practices to ensure it is able to comply with its legislative obligations.
IAM2020 – Critical role of Information in our changing environment
IAM2020 was launched by Director-General of the National Archives of Australia, David Fricker with an engaging panel discussion with Information Commission NSW – Elizabeth Tydd, digital media expert on the role of information and impact of misinformation Dr Timothy Graham, and Kathryn Dan, Blue Shield Australia. The critical roles of data, access to information and the challenges of misinformation were highlighted in the current COVID-19 pandemic as well as the recent Australian bushfires. You can access the recording of the session here: IAM2020 Launch High Res Recording | IAM2020 Launch Low Res Recording
Information Governance + COVID-19 Roundtable Report
To celebrate Information Awareness Month (IAM2020) and Privacy Awareness Week (PAW2020), we kicked off with an online panel discussion on the myriad of Information Governance issues arising from the COVID-19 pandemic. Our panellists included – Melanie Marks, Christopher Colwell, Sonya Sherman, Dr Peter Chapman, Matthew Golab and the discussion was […]
Read More
FOI and Building Trust
The theme of Building Trust was the focus of the FOI in WA conference recently. Trust was explored in two ways. Firstly, considering how Freedom of Information (FOI) can build public trust in government; and secondly, advice and inspiration to help practitioners trust themselves and the FOI process to meet the objects of the FOI Act (WA): to enable the public to participate more effectively in governing the State’ and to make the persons and bodies that are responsible for State and local government more accountable to the public. Emeritus Professor Geoff Gallop AC gave the keynote presentation. He discussed the role of openness as a foundation for democracy. This is based on the view that information held by government is a public resource which should be used for public benefit; and that the community has a right to be informed about government operations. FOI and information governance FOI is […]
RIMPA Live Convention 2019
RIMPA Live 2019 was held at the Marvel Stadium in Melbourne, marking 50 years of RIMPA and its 35th Annual Conference. It was a conference filled with a keynotes, plenary sessions and roundtables over the three days of the conference. There were several keynotes including CTO and entrepreneur Gus Balbontin, Richard Foy, New Zealand’s Chief Archivist, information thought-leader Randy Kuhn Esq from the US and Kevin Sheedy AO, AFL Legend. The conference kicked off with David Moldrich Life FRIM outlining the history of the Australian recordkeeping profession and some of the key moments in the professions’ history such as the establishment of the Records Management Association of Australia (RMAA now RIMPA) and the development and implementation computer-aided records management systems and their successors the Electronic Document and Records Management System or EDRMS. David highlighted the contribution of the Australian recordkeeping profession to the state of recordkeeping around the world mainly […]
Recordkeeping in Information Governance
Information Governance is by its very nature interdisciplinary. Of course it needs leaders, but great information governance leaders are those that enable a multi-disciplinary team approach to thrive. This is best done by allowing the distinct approaches to information brought by members of the team to exist in both cooperation and creative dissent. The organisational context and information culture determines exactly which skills are brought into the collective mix of information governance, but typically it includes compliance, risk, privacy, risk, security, recordkeeping, data management and analytics (and more in the American context, e-discovery). Each of these focus areas bring specific approaches to their patch of information governance – the trick is to get each to play to their strengths without drowning out or diminishing the important roles of others. Playing nicely across information disciplines is not a given, and fostering that capability is the skill of the information governance leader. […]
APAC Primer for eDiscovery published
Setting the global standards for eDiscovery, the EDRM – Electronic Discovery Reference Model has released version 1.0 of the Primer for eDiscovery in the Asia Pacific (APAC) region. The goal of the Primer is to help foreign practitioners involved in legal proceedings in APAC to understand the different discovery requirements in each of the countries covered together with privacy issues and cross-border discovery considerations. Susan Bennett, Project Trustee and Principal Drafter, led a global team to create a primer on eDiscovery in the APAC region. The following countries were researched and written by these drafters: Australia, Maureen Duffy; China, Jared T. Nelson and Tom Groom; India, Sandeep Jadav; Japan, Sebastian Ko and Daryl Osuch; Hong Kong, Sebastian Ko; Korea, David Kang; Malaysia, Gita Radhakrishna; New Zealand, Maureen Duffy and Andrew King; and Singapore, Gita Radhakrishna. Originally chartered by The Sedona Conference®, EDRM has published this primer at the request of the project team and Sedona. EDRM plans to webify the content and provide pages […]
LawFest 21: collaborating and networking in person again
In late March, 280 legal professionals from across Aotearoa gathered in person in Auckland for the premier legal innovation and technology event on the New Zealand calendar. Like so many events globally, LawFest had considerable disruption and challenges from the COVID-19 pandemic to run the event in person. However, in Aotearoa we have been fortunate to be able to bring together again the legal and technology community to celebrate, collaborate, network and learn about legal innovation – and all in person. The last year has reinforced why we need to innovate and leverage technology – LawFest 21 demonstrated how we can go about this! The event was once again a must for anyone interested in driving efficiency in their organisation. The key highlights The one-day event was a great opportunity to hear from leaders and change makers in the innovation space. The programme provided something for everyone, from those […]
The Data Explosion & IG, Reducing eDiscovery Costs – Richard Kessler
As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on […]
Read More
Adapting to Technology – Andrew King
As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on the road to recovery in 2021. We’ve seen the different ways governments have responded to the COVID-19 pandemic and the results in managing the pandemic. Similarly, organisations have had to adapt to the changes and, in particular, to faster digital transformation. Robust governance of organisations and of information has never been so important. Increased cyber risks and the importance of access to real-time and accurate data for decision-making, both at the board level and throughout the organisation, are now critical issues. Our expert panel included InfoGovANZ Advisory Board member Andrew King, founder and Strategic Advisor of E-Discovery Consulting, where he […]
Legalweek NYC 2020 – The Down Under Perspective
Legalweek 2020 brought together thousands of legal professionals to discuss business, regulatory, technology and talent drivers impacting the industry. The week featured workshop boot camps, conferences, networking events and hundreds of technology exhibitors on the tradeshow floor. There are three main conferences: Legaltech (the world’s longest running legal technology trade show), LegalCIO, and Legal Business Strategy. Around the main conferences there are many other events, a few of these are highlighted below. The following week The Sedona Conference’s International Working Group 6 annual program focusing on cross-border discovery and data privacy was held at the New York Law School. AI and Privacy This year’s Legalweek in New York City was dominated by the themes of AI, new and developing technologies and privacy. The impact of privacy regulations, particularly the GDPR and the California Consumer Privacy Act (CCPA) is driving up compliance costs and also the cost of discovery in legal […]
Social Media Perils in Litigation – InfoGovANZ
In this InfoGovANZ event, the implications and dangers of the widespread use of social media and apps were highlighted in their evidential value in investigations and litigation. The importance of technical and forensic expertise in the discovery process was demonstrated by reference to particular cases and technology tools by Brett Webber, Principal, ConsilAD and Matthew Golab, Director of Legal Informatics and R&D at Gilbert + Tobin. Susan Bennett, Executive Director InfoGovANZ and Principal, Sibenco Legal & Advisory discussed the duties of technology competence and confidentiality, which extends to cybersecurity to protect client information and the implications of a recent High Court decision. As Michael Tieu, posted on LinkedIn following the event, ‘[i]t was truly astounding to see how important it is to be wary of who, what, when and where you post on social media. Once the genie is out of the bottle, it’s nearly impossible to put it back […]
How eDiscovery is managing the challenge of what constitutes Personal Information
The terms Personal Information or Personal Data have been increasing in usage for a while, and with the recent focus on the European GDPR, and the Australian NDB (Notifiable Data Breaches). This article considers these definitions from the perspective of document production in litigation and regulatory investigations – the process of eDiscovery. In eDiscovery we are used to redacting sensitive information – most typically legally privileged or commercially sensitive information. However, prior to the commencement of the Royal Commission into the Financial Services Industry (FSRC) the volume of documents requiring redaction was fairly modest in most matters. This certainly changed with the FSRC, as all documents that are tendered at a public hearing are required to have contact information and customer names redacted. This has resulted in significant efforts in reviewing all documents that are going to be tendered to ensure that the documents have been adequately redacted. What […]
AI and the Law – the future is here
Artificial intelligence (AI) is already making significant inroads to the practice of law and producing efficiencies and cost savings. This article looks at how AI is being utilised in different parts of legal practice and the transformation of legal practice that is already underway in the delivery of legal services from litigation through to contract management and Chatbots. Litigation & eDiscovery The production of documents has traditionally been a very expensive part of the litigation process. The development of eDiscovery software tools to identify, retrieve, process, filter and search provides significant costs savings in the litigation process. These cost savings are even more significant with latest software tools and right expertise are utilised. The latest developments in the eDiscovery industry include the use of AI technology. Early forms of AI were built into the globally dominant eDiscovery platforms. For the past 10 years these platforms enabled document clustering and concept […]
The Governance of Things – eDiscovery in Australia and New Zealand
eDiscovery is the production of relevant documents that parties to litigation or an inquiry are required to produce to either a Court, Royal Commission, Commission of Inquiry or to a government regulator. The eDiscovery industry is a global industry reflecting the enormous growth in information and the specialised technology which has developed to meet that challenge. While eDiscovery is a specialist area of legal technology the challenge of document production extends well beyond in-house legal departments and requires the assistance of IT departments and records management. Download Now
The Governance of Things – Increasing Acceptance of Technology Assisted Review
In December 2016, the Supreme Court of Victoria endorsed the use of Technology Assisted Review (TAR) in the eDiscovery process in the case of McConnell Dowell Constructors v Santam. This was the first time TAR had been approved for use in litigation in an Australian Court. The use of technologies like TAR assists parties in litigation to meet the requirements ‘of a just, efficient and cost-effective resolution of the dispute’ by reducing the time and cost involved in large scale document production during the discovery process. Download Now
OAIC Notifiable Data Breaches Scheme – The first 4 years
The Notifiable Data Breaches (NDB) scheme commenced in February 2018, introducing new obligations for Australian government agencies and private sector organisations with an annual turnover of $3 million AUD or more. Notably, under the NDB scheme organisations are required undertake an assessment should they suspect: Unauthorised access to or disclosure of personal information, or loss of personal information where access by unauthorised persons is likely to occur, Serious harm to the individuals to whom the information relates is likely to occur, and The risk of serious harm cannot be addressed through remedial action. If the assessment indicates that serious harm is likely to result from a data breach, they must notify the Office of the Australian Information Commissioner (OAIC) as well as all affected individuals so they can take action to address possible consequences and also. As data breaches and subsequent investigations are often significantly complex, an organisation or agency […]
Five Common Misconceptions about Structured and Unstructured Data
Key Takeaways: Structured data is quantitative (anything you can easily store in rows and columns) and relatively easier to keep compliant. Unstructured data is qualitative (think your emails and Teams chats) and much harder to manage. Nearly all organizations are operating under one or more misconceptions about their data (and compliance or lack thereof with new privacy laws!). The Two Types of Data Your Organization is Accumulating (and Why You Should Care) We’ll start with why you should care. If you’re familiar with the data compliance space, you already know that new laws require your organization to take specific steps to protect the rights of anyone whose data they hold. (If you’re not familiar with data compliance – surprise!) The first step to maintaining compliance with these laws is understanding what data your organization actually has. Not having this understanding is dangerous for three reasons: The less you know about your data holdings, the […]
New Data Availability and Transparency Act 2022 in force
The Data Availability and Transparency Act 2022 commenced in April. The Act establishes a new, best practice DATA scheme for sharing Australian Government data, underpinned by strong safeguards and simplified, efficient. For an introduction to how the Scheme works, read more at A Scheme for sharing Australian Government data. Commonwealth, state and territory government agencies can now apply to be accredited users under the DATA Scheme. And from 1 August, Australian universities will be able to apply for accreditation as data users and as data service providers. Follow these links to learn more about participating in the DATA Scheme or to access the scheme-on-a-page overview.
Doug Laney author of ‘Infonomics’ announces release of new book ‘Data Juice’
Data Juice is the latest book just released by Doug Laney, author of Infonomics: How to Monetize, Manage, and Measure Information as an Asset for Competitive Advantage. Containing more than 100 real-world examples and expert commentaries on how organizations around the world and in every industry are monetizing their own (and others’) data in diverse ways, Data Juice is a resource for data, business, and IT leaders looking to inspire their teams or executives with ways to thrive in the Digital Age. Further below is an excerpt from Data Juice, available to purchase now on Amazon About the author Doug Laney is the data & analytics strategy innovation fellow with the consultancy, West Monroe. Formerly he was a vice president and distinguished analyst with Gartner’s Chief Data Officer (CDO) research and advisory practice. He is an accomplished practitioner and recognized authority on data and analytics strategy, and is a three-time […]
2021 Solomon Lecture
This year’s Solomon Lecture presented by the Queensland Office of the Information Commissioner featured Professor Beth Simone Noveck on ‘Solving Public Problems with Data’. Professor Noveck’s lecture explores how traditionally, the right to know is rooted in the belief that members of the public should know what their government does in order to hold the government to account, lessen the risk of corruption and shine a light on wasteful and inefficient operations. Beth Simone Noveck discusses how a focus on public problem solving and improving people’s lives changes how we think about data. She discusses specific policy prescriptions for creating a right to know that fosters better government, stronger citizenship and more agile solutions to contemporary challenges. Watch the Solomon Lecture here.
Preventing Digital Harm
The World Economic Forum published Pathways to Digital Justice report to address systemic legal and judicial gaps, and help guide law and policy efforts towards combating data-driven harms. This is particularly important with the increase in online activities and digitization of services, which – when misused – can present new types of risk. The white paper, produced in collaboration with an advisory committee consisting of experts from around the world, is intended to guide policy efforts towards combating data-driven harms. The hope is that legal and judicial systems can then evolve to embed redress mechanisms that enable the creation of a data ecosystem which protects individuals and is accountable to them. Read the World Economic Forum statement here or the report.
The Data Explosion & IG, Reducing eDiscovery Costs – Richard Kessler
As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on […]
Read More
Unlocking Data Value – Ronke Ekwensi
As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on […]
Read More
Exposure Draft of the Data Availability and Transparency Bill
The draft Data Availability and Transparency Bill aims to modernise and streamline the sharing of government data between agencies and with the private and research sectors. Under the legislation, data will be shared for three purposes: government services delivery, informing government policy and programs, and research and development. The Consultation Paper contains a simplified summary of the legislative package. Submissions made by a group of multidisciplinary practitioners and academics highlight privacy and governance concerns. These include the override of Australia Privacy Principle (APP) 6 and the inherent conflict of National Data Commissioner whose mandate is to encourage data sharing with the enforcement of the regulation. The submission recommends that governance and assurance be regulated the Australian Information and Privacy Commissioner. You can read the submission here.
Automated Decision Making Transparency under GIPA Act
The increasing adoption of technology requires the preservation, assurance and assertion of information access rights. To achieve these outcomes, government licensing and contractual arrangements should ensure accessibility and ‘explainability’ in the provision of government services and decision making. The issue of algorithmic transparency of a government agency’s contractor is currently before the NSW Civil and Administrative Tribunal. The Agency provided some information to the Applicant but decided that other information is not held by the Agency as it is held by the Contractor and remains its intellectual property. The GIPA Act provides a right to access information held in a record of an NSW Government agency and that right may also apply to information held by contractors providing services to the public. The NSW IPC has published guidance for agencies under section 121 of the GIPA Act, including a template clause for agencies to include in contracts with third parties […]
Protecting Privacy by Minimizing Data
Posted with permission from Active Navigation, originally published on June 1. Ten years ago, there was no such thing as too much data. Notions about data being the “new oil” prompted organizations to horde every byte they could, hoping that they might be able to harness it down the road. […]
Read More
Is Your Data Estate an Unstructured Mess? How a Spring-Cleaning Project Can Reduce Your Organization’s Risk
Posted with permission from Active Navigation, originally published on June 10. In this special guest feature, Dean Gonsowski, Chief Revenue Officer at Active Navigation, InfoGovANZ’s Foundation Sponsor, focuses on what steps a company needs to follow to review, understand and clean-up their data to eliminate security risks. As a former […]
Read More
COVID19 – Data and Privacy
COVID-19 has brought to the forefront the importance of real-time accurate data for scientists to analyze and model and for government leaders to make decisions on. InfoGovANZ has complied a series of COVID-19 curated articles and resources, updated monthly. June 2020 OVIC has released new guidance on how the exemptions […]
Read More
COVID19 – EU, US & International Resources
Below is a collection of useful privacy and data protection resources from the EU, US and globally. Data Protection Authorities guidance on COVID-19 published by Data Protection Authorities (DPAs) collated by International Association of Privacy Professionals. These provide information and frequently asked questions on data processing and COVID-19 across a range of countries. Resources page on crucial privacy and data protection law issues arising from COVID-19 covering the EU & globally by Law, Science, Technology & Society of the Vrije Universiteit Brussel. The Initiative is of direct interest for LSTS researchers, most notably in the context of the Brussels Privacy Hub (BPH) work on data protection in humanitarian action as well as the work of ALTEP-DP project. US Privacy and Data Protection Resources related to COVID-19, together with other international resources has been compiled by the Future of Privacy Forum.
What is Good Government Data Sharing?
The Australian Federal Government has been conducting an extended consultation as to how data linkage and data sharing between government agencies might be accommodated through a special purpose statute that walks the fine line of maintaining digital trust and meeting data privacy concerns of citizens and civil society organisations, while facilitated controlled good data sharing between agencies. The Data Availability and Transparency Bill (DATA), is proposed to be released in this calendar quarter. In this in depth analysis, Professor Peter Leonard has canvassed the challenges which this new federal data sharing law will need to address and compared current proposals with existing government agency data sharing laws in NSW, Vic and SA. While Peter concludes that the DATA is a welcome development, he also notes that bigger questions loom about use of the powerful tools which data sharing puts into the hands of Governments, as illustrated by the Robodebt controversy. […]
Privacy-Preserving Data Sharing Frameworks
This is the third in a series of papers and develops a practical solution providing a framework for privacy preserving data sharing, addressing technical challenges as well as data sharing issues more broadly. It builds on the 2018 ACS Report, Privacy in Data Sharing: A Guide for Business and Government, expanding the concept of a Personal Information Factor and introducing a Utility Factor with worked examples. Download the report here
Infonomics – valuing information assets
Infonomics is the discipline of valuing Information Assets and it is based on the idea that information is an enterprise asset that should be counted and managed. This article explains why Infonomics is becoming increasingly important. Information Assets (data, information, published content and knowledge) are arguably an organisation’s most vital and strategic resource. Providing the right data to the right people at the right time is critical to every business activity, every business process and every business decision. Information Assets are the only ones that cannot be replaced if lost or destroyed. They are foundational to all high-profile business solutions and technology enablement: to analytics, artificial intelligence and machine learning; cyber-security; cloud computing; Blockchain and the Internet Of Things; and almost any form of innovation and disruption. Unlike other physical or even financial assets that can only be used once then are used-up, any Information Assets can be used […]
Identity Conference 2019 – Identity as taonga: now and in the future
He taonga te tuakiri: āianei, haere ake nei New Zealand’s Identity Conference 2019 was the fourth in a series of conferences that began in 2008. The conference was held at the Museum of New Zealand Te Papa Tongarewa, Wellington, on 26 and 27 August 2019. The conference purpose or ‘big idea is to look at the identity-related problems of today and the solutions of tomorrow’. Carol Feurriegel recounts some of the highlights from the conference. “Identity is a complex and sensitive area. It reflects our sense of self and it is also at the heart of relationships between people and organisations. Our Identity is our taonga” to quote Professor Steve Warburton, in his keynote address as Chair of the Identity Conference 2019 on Monday 26thAugust. It is fitting that the premier event that takes a multi-disciplinary perspective on Identity is held at Te Papa Tongawera, Museum of New Zealand in Wellington. “Taonga” means ‘treasure’ in […]
Data as a Strategic National Resource: The Importance of Governance and Data Protection
As we rapidly move toward a technology-driven, globally interconnected world, the exponential growth in data collected by business and government enables significant value to be derived from this resource. In December 2015, the Australian Government released its Australian Government Public Data Policy Statementas part of the National Innovation and Science Agenda, recognising data as ‘a strategic national resource that holds considerable value for growing the economy, improving service delivery and transforming policy outcomes’. While there is the potential to derive enormous value from data, there is a fundamental requirement that data be secured, meaning both government and business must protect citizens’ and consumers’ personal information. Key to achieving the benefits of data optimisation and mitigating the inherent risks is governance. Good governance enables organisations to control data by securing, protecting, managing and optimising the value of data. Supporting the Australian Government’s digital transformation is the Digital Continuity Policy 2020, which applies […]
Putting People and their Data at the Centre – investing in the social wellbeing of Aotearoa
Jacinda Ardern’s announcement of her intention to deliver New Zealand’s first ‘Wellbeing Budget’ at the World Economic Forum in Davos in January caused headlines as the world’s youngest female head of state outlined an approach to economic measurement that put people’s needs at the centre of the government investment agenda. Ardern said “politics needed to be more altruistic and more long term” to address the deep-rooted inequalities in New Zealand’s current economic outlook and to address the challenges emerging from issues such as climate change and automation. World leaders and economic institutions have been watching the ‘little country at the bottom of the world’ with great interest, as they embark on this experiment that could change the way governments develop social strategy and assess the effectiveness of their social policies. For many years institutions like the OECD have been encouraging economies to look beyond just economic measures of success and […]
UK proposals for new AI Rule Book
The UK Government has put forward proposals on the future regulation of Artificial Intelligence, to help develop consistent rules to promote innovation and protect the public. It comes as the Data Protection and Digital Information Bill is introduced to Parliament which will transform the UK’s data laws to boost innovation in technologies such as AI. The Bill will seize the benefits of Brexit to keep a high standard of protection for people’s privacy and personal data while delivering around £1 billion in savings for businesses. The new AI paper outlines the government’s approach to regulating the technology in the UK, with proposed rules addressing future risks and opportunities so businesses are clear how they can develop and use AI systems and consumers are confident they are safe and robust. This approach will create proportionate and adaptable regulation so that AI continues to be rapidly adopted in the UK to boost […]
NSW AI Assurance Framework
All NSW government agencies are required from March 2022 to use the AI Assurance Framework. The Framework assists project teams using AI to comprehensively analyse and document their projects’ AI specific risks. It also assists teams to implement risk mitigation strategies and establish clear governance and accountability measures. Under the AI Policy and AI Assurance Framework, agencies are required to abide by the following ethical principles: Community benefit – AI should deliver the best outcome for the citizen, and key insights into decision-making. Fairness – use of AI will include safeguards to manage data bias or data quality risks. Privacy and security – AI will include the highest levels of assurance. Transparency – review mechanisms will ensure citizens can question and challenge AI-based outcomes. Accountability – decision-making remains the responsibility of organisations and individuals. View the NSW AI Assurance Framework here.
Urgent action needed over AI risks
UN High Commissioner for Human Rights Michelle Bachelet stressed the urgent need for a moratorium on the sale and use of artificial intelligence (AI) systems that pose a serious risk to human rights until adequate safeguards are put in place. She also called for AI applications that cannot be used in compliance with international human rights law to be banned. As part of its work on technology and human rights, the UN Human Rights Office has published a report that analyses how AI – including profiling, automated decision-making and other machine-learning technologies – affects people’s right to privacy and other rights. Read the UN High Commissioner for Human Rights’ statement or report.
EU bodies call for facial recognition ban in public
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have supported the call on the European Commission’s Proposal for a Regulation on the use of artificial intelligence technologies but expressed concern by the exclusion of international law enforcement cooperation from the scope of the proposal. The EDPB and EDPS go further than the European Commission’s proposal for a regulation issued in April — urging that the planned legislation should be broader to include a ‘general ban on any use of AI for automated recognition of human features in publicly accessible spaces, such as recognition of faces, gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioural signals, in any context.’ Read the EDPB release here and the Proposal here.
Australians deserve tech that protects their rights
A new report by the Australian Human Rights Commission calls for far-reaching changes to ensure government, companies and others safeguard human rights in the design, development and use of new technologies like artificial intelligence (AI). The Human Rights and Technology Final Report makes 38 recommendations to ensure human rights are […]
Read More
New regulations for Artificial Intelligence in the EU
The European Commission has just announced a package of proposed regulations to make sure that AI systems used in the EU are safe, transparent, ethical, unbiased and under human control. They are categorised by risk with checks imposed on any ‘high-risk’ technology and also include a ban on most surveillance including live facial scanning, as well as AI systems to filter school, job or credit scoring. AI applications used in critical infrastructure migration and law enforcement would also be subject to strict safeguards. The proposed regulation is one of the broadest of its kind to be introduced by a Western government, and part of the EU’s expansion of its role as a global tech enforcer. Regulators could fine a company up to €30million or 6% of annual world-wide revenue for the most severe violations. Read more about the EU’s approach to AI in Excellence and trust in artificial intelligence | European Commission (europa.eu) and New rules for […]
Ethics & Implementing AI Responsibly – Aurelie Jacquet
As we put 2020 behind us and look forward to 2021, we reflected in an interactive virtual discussion forum on the key IG learnings from the past 12 months and the insights and actions we now need to be taking to make the most of the opportunities and challenges on […]
Read More
Using artificial intelligence to make decisions: Addressing the problem of algorithmic bias
This technical paper is a collaborative partnership between the Australian Human Rights Commission, Gradient Institute, Consumer Policy Research Centre, CHOICE and CSIRO’s Data61. We explore how the problem of algorithmic bias can arise in decision making that uses artificial intelligence (AI). This problem can produce unfair, and potentially unlawful, decisions. We demonstrate how the risk of algorithmic bias can be identified, and steps that can be taken to address or mitigate this problem. AI is increasingly used by government and businesses to make decisions that affect people’s rights, including in the provision of goods and services, as well as other important decision making such as recruitment, social security and policing. Where algorithmic bias arises in these decision-making processes, it can lead to error. Especially in high-stakes decision making, errors can cause real harm. The harm can be particularly serious if a person is unfairly disadvantaged on the basis of their […]
AI Transparency in Digital Government Highlights
To celebrate Right to Know 2020, Information Governance ANZ were delighted to host a timely discussion on the right to access information and the use of algorithms in government decision-making. This interactive forum was facilitated by Susan Bennett, Founder of InfoGovANZ and our special guests included: NSW Information Commissioner – Elizabeth Tydd Victorian Information Commissioner – Sven Bluemmel Senior Research Fellow, University of Cambridge – Dr Jat Singh The increasing adoption of technology across society, including in government, requires the preservation, assurance and assertion of information access rights. The right of access to government information also extends to information held by contractors that provide services to the public on behalf of government. Applying and challenging these rights becomes more complex in the new world of automated decision-making. Legal frameworks, licensing and contracts must evolve to ensure information governance is applied to the design and use of algorithms, so that rights and […]
Principles of Explainable AI
The US National Institute of Technology and Standards (NIST) has released a draft paper of 4 principles of explainable AI, which is one of several properties that characterise trust in AI systems. Other properties may include resiliency, reliability, bias and accountability. Usually, these terms are defined as a part or set of principles or pillars. This draft paper sets out there are 4 principles encompassing the core concepts of explainable AI as follows: Explanation: Systems deliver accompanying evidence or reason(s) for all outputs. Meaningful: Systems provide explanations that are understandable to individual users. Explanation Accuracy: The explanation correctly reflects the system’s process for generating the output. Knowledge Limits: The system only operates under conditions for which it was designed or when the system reaches a sufficient confidence in its output.
AI Transparency in Digital Government
In celebration of International Access to Information Day and Right to Know Week in NSW 2020, we held an event on AI Transparency in Digital Government with NSW Information Commissioner Elizabeth Tydd, Victorian Information Commissioner Sven Bluemmel and Dr Jat Singh, Senior Research Fellow at the University of Cambridge. The […]
Read More
EU/US data transfers under Privacy Shield invalidated
On 16 July 2020, the European Court of Justice invalidated its previous Decision (2016/1250) and the EU-US Privacy Shield, which enabled certified companies to transfer personal data between the EU and the US. The case was brought by Max Schrems (the founder of NYOB) an Austrian resident, who had lodged a complaint with the Irish privacy regulator that the transfer of his Facebook data from Facebook’s servers in Ireland to the US did not provide sufficient protection against access by the US public authorities. The Court found that, based on the use and access by US public authorities and surveillance programmes, interfered with the fundamental right of persons whose data is transferred to the US. However, the Court also determined that the Commission Decision 2010/87 on standard contractual clauses for the transfer of personal data to processors established in third countries is valid. Read more Court of Justice of the […]
EDPS Opinion on the EU Commission’s White Paper on AI – the European approach to excellence and trust
As a part of a wider package of strategic documents, the European Commission published a White Paper on “Artificial Intelligence: A European approach to excellence and trust”, which we brought you in our April newsletter and is available here. This Opinion presents the EDPS views on the White Paper as a whole, as well as on certain specific aspects, such as the proposed risk-based approach, the enforcement of AI regulation or the specific requirements for the remote biometric identification (including facial recognition). The EDPS recommendations in this opinion aim at clarifying and, where necessary, further developing the safeguards and controls with respect to protection of personal data. Read the EDPS Opinion here.
The impact of the GDPR on Automated-Decision Making
Addressing the relation between the EU General Data Protection Regulation (GDPR) and artificial intelligence (AI) this report considers challenges and opportunities for individuals and society, and the ways in which risks can be countered and opportunities enabled through law and technology. The study led by Professor Sartor for the Future of Science and Technology (STOA), within the Secretariat of the European Parliament, discusses the tensions and proximities between AI and data protection principles, such as purpose limitation and data minimisation. The report makes a thorough analysis of automated decision-making, considering the extent to which it is admissible, the safeguard measures to be adopted, and whether data subjects have a right to individual explanations. The study then considers the extent to which the GDPR provides for a preventive risk-based approach, focused on data protection by design and by default. Read the report here.
NZ – Algorithm Charter for Aotearoa New Zealand
On 29 July 2020, more than New Zealand 20 Government agencies signed the Aotearoa Algorithm Charter, committing to be transparent about when they use algorithms and how those algorithms operate. This makes New Zealand the first country to develop standards governing the use of algorithms by the public sector, after Statistics Minister James Shaw made his annoucements. The charter, which has already been signed by 21 ministries and agencies, requires signatories to be transparent about when they use algorithms and how those algorithms function. “Most New Zealanders recognise the important role algorithms play in supporting government decision-making and policy delivery, however they also want to know that these systems are being used safely and responsibly. The Charter will give people that confidence,” Shaw said. The Algorithm Charter for Aotearoa New Zealand is an evolving piece of work that needs to respond to emerging technologies and also be fit-for-purpose for government […]
AI Standards: From Principles to Implementation
With the proliferation of AI principles worldwide1, industry is faced with a new challenge: how to implement these AI principles? Since 2017, the international committee responsible for the standardization of AI (SC 42) has been tackling this challenge: it is developing standards covering both technical and organisational specifications to enable responsible and trustworthy AI. Forty-four countries are currently involved in the work of SC 42, and Australia plays an active role in the development of the AI international standards, as it has formed standards committee IT-043 to be Australia’s voice at SC 42. When it comes to AI, it is essential to provide for interoperability and global governance, and this is why AI international standards have the buy in from key governments (such as China, the US and the EU). Australia has also identified AI standards as an important national priority. In March this year, Standards Australia released its Artificial […]
UK – AI and its impact on Public Standards
On 10 February 2020, the UK’s Committee on Standards in Public Life published its report on AI and its impact on Public Standards to ensure that high standards of conduct are upheld as technologically assisted decision making is adopted more widely across the public sector. The report makes clears that on issues of transparency and data bias in particular, there is an urgent need for guidance and regulation. The report also emphasises that public bodies must comply with the law surrounding data-drive technology and implement clear, risk-based governance for their use of AI.
US – Draft Guidance for AI regulation
On 7 January 2020 the White House’s Office of Science and Technology Policy (OSTP) released a draft Guidance for Regulation of AI for Federal Agencies to consider for the use of AI including: public trust, public participation, fairness, scientific integrity, risk assessment, benefits and costs, flexibility, fairness, transparency, safety and security, and interagency co-ordination. In contrast to the position taken by the Europeans, the US government position is that it does want AI to be highly regulated, with the OSTP draft Guidance stating, ‘Federal agencies must avoid regulatory or non-regulatory actions that needlessly hamper AI innovation and growth’. On 24 February 2020, the Department of Defense adopted 5 Principles for AI: Responsible, Equitable, Traceable, Reliable and Governable. Secretary Esper stated, ‘AI technology will change much about the battlefield of the future, but nothing will change America’s steadfast commitment to responsible and lawful behaviour’.
Singapore – Model AI Governance Framework
The Singaporean Privacy Data Protection Commission (PDPC) released the second edition of the Model AI Governance Framework in January 2020. The Guiding Principles includes that decisions made by AI should be explainable, transparent and fair and that AI systems should be human-centric. Along with the framework is a Compendium of Use Cases, demonstrating how local and international organisations, across different sectors and sizes, implemented or aligned their AI governance practices with all sections of the Model Framework. There is also an Implementation and Self-Assessment Guide for Organisations (ISAGO), which is a collaboration with the World Economic Forum’s Centre for the Fourth Industrial Revolution.
Automated Speech Recognition
While Automated Speech Recognition (ASR) technology has been present in various forms for decades, advances in statistical modelling, artificial intelligence (AI) and automation connectively have resulted in a new frontier for speech-based interaction between humans and computer systems. In this article Dr Peter Chapman, Director in the KPMG Forensic Technology […]
Read MoreCOVID-19
National COVID-19 Privacy Principles
The Office of the Australian Information Commissioner and State and Territory privacy commissioners have produced universal privacy principles to support a nationally consistent approach to solutions and initiatives designed to address the ongoing risks related to the COVID-19 pandemic. These high-level principles provide a framework to guide a best practice […]
Read More
Report into delay in Victorian FOI decisions
The Victorian Information Commissioner’s report into the delay in disclosure of government documents under the Freedom of Information Act 1982 (Vic) was recently tabled in the Victorian Parliament. Between 2015 and 2020, the proportion of FOI decisions made on time in Victoria declined from 95% to 79%. The investigation examined […]
Read More
COVID19 – Data and Privacy
COVID-19 has brought to the forefront the importance of real-time accurate data for scientists to analyze and model and for government leaders to make decisions on. InfoGovANZ has complied a series of COVID-19 curated articles and resources, updated monthly. June 2020 OVIC has released new guidance on how the exemptions […]
Read More
Australia and New Zealand’s COVID-19 Contact Tracing Apps – Differences in Approach on the Road to Recovery
While Australia and New Zealand were able to flatten the COVID-19 curve, the approaches of each country have somewhat differed, both in relation to the level of restrictions imposed on citizens, as well as the type of contact tracing technology deployed. Australia and New Zealand stand alongside Germany, South Korea and Singapore as examples of countries that followed the advice of their scientists and moved into lockdown in a timely way to limit the spread of the COVID-19 virus. Australia, similar to other countries, experienced a doubling of COVID-19 positive people every two days as it went into lockdown. The containment of the coronavirus in Australia and New Zealand is a result of a multipronged strategy that includes prompt lockdowns restricting movement and requiring social distancing; quarantining of international travellers for 14 days; and a high rate of testing and contact tracing. The governments of both countries have developed their […]
COVID19 – Contact Tracing publications
There have been a variety of perspectives on the COVIDSafe app released on 26 April 2020 and the CovidSafe Act enacted on 14 May 2020. Professor Peter Leonard from UNSW Business School in ‘Novel coronavirus spawns novel law-making in Australia‘, looks at the consultative process that resulted in data governance and data accountability in the CovidSafe Act to ensure that the data collected would be safe from other arms of government for other purposes. Visting Professor Roger Clarke at UNSW Law has looked at early user-experiences of the app and questioned the ability of the app to achieve its aim – read his two articles here and here. In ‘The COVIDsafe APP: A Case Study in Professional Responsibility‘, Professor Clark sets out the role and onus of IT professionals to be realistic about the app’s limitations. Professor Greenleaf and Dr Kemp from UNSW Law, in ‘Austalia’s COVIDSafe Experiment, Phase III: […]
COVID19 – NZ COVID Tracer App
New Zealand’s Ministry of Health launched the NZ COVID Tracer app on 20 May 2020, in a move welcomed in a statement by the NZ Privacy Commissioner. You can read the privacy impact assessment here. Living in a world with COVID-19 means greater requirements to register your presence wherever you go. But what does that mean for your privacy? NZ Privacy Commissioner John Edwards speaks about good policy when it comes to protecting people’s privacy in any technical solution to contact tracing in this interview.
Information Governance + COVID-19 Roundtable Report
To celebrate Information Awareness Month (IAM2020) and Privacy Awareness Week (PAW2020), we kicked off with an online panel discussion on the myriad of Information Governance issues arising from the COVID-19 pandemic. Our panellists included – Melanie Marks, Christopher Colwell, Sonya Sherman, Dr Peter Chapman, Matthew Golab and the discussion was […]
Read More
Australia Considers How to Approach Pandemic Contacts Tracing
COVID-19 has brought to the forefront the importance of real-time accurate data for scientists to analyse and model and for government leaders to make decisions on. A number of articles have highlighted the importance of data and privacy, including Australia Considers How to Approach Pandemic Contacts Tracing by Jeremy Kirk, Executive Editor for Security and Technology, Information Security Media Group.
Video Conferencing – Privacy Policy Checks
Stay at home requirements during COVID-19 have led to a dramatic increase in video conferencing for both work and maintaining social connections with family and friends. The adoption of video conferencing tools over the last weeks has been impressive but it calls into question whether are most users aware of the data and privacy implications of using these tools. NYOB, an EU based not-for-profit with the mission of making privacy a reality, has carried out a review of the privacy policies of six video conferencing tools: Zoom, Webex Meetings (Cisco), Meeting (LogMeIn), Skype and Teams (both Microsoft) and Wire. Report on privacy policies of video conferencing services – 2020- NYOB
COVID19 – EU, US & International Resources
Below is a collection of useful privacy and data protection resources from the EU, US and globally. Data Protection Authorities guidance on COVID-19 published by Data Protection Authorities (DPAs) collated by International Association of Privacy Professionals. These provide information and frequently asked questions on data processing and COVID-19 across a […]
Read More
COVID19 – ANZ Legislation Update
In Australia, COVID-19 was declared a ‘human biosecurity emergency’ under the Biosecurity Act 2015 (C’th) on 21 March 2020. Dominic Villa SC has set up a useful collection of Australian legal resources relating to the coronavirus pandemic. Collating together the various statutory instruments that have been enacted by the Commonwealth and State Governments to deal with COVID-19, such as the Public Health (COVID-19 Restrictions on Gathering and Movement) Order 2020 (NSW) and similar orders in other states. In New Zealand, COVID-19 Response (Urgent Measures) Legislation Act 2020 is an omnibus Act to put in place for the necessary arrangements in order to implement COVID-19 Alert Level 4, or where arrangements are essential to respond effectively to COVID-19. The Law Society has published a COVID-19 Information page for legal practitioners, listing relevant NZ resources.
COVID19 – Global Open Data Initiatives
The Open Government Partnership (OGP) has created a webpage collating government approaches responding to COVID-19. The open government community is focused on applying the principles of transparency, accountability and participation to the COVID-19 response. The webpage contains a crowd sourced list from a wide range of countries with a […]
Read MoreIG Case Studies
Active Navigation – Equifax Case Study
Following the highly publicised Equifax data breach in 2017, Active Navigation’s software was deployed into a complex tech stack and worked to identify, classify and protect sensitive data assets. While IG, Legal, Risk and eDiscovery practitioners understand the need to minimise data in accordance with justifiable disposition of data and […]
Read More
Ameritas Leverages Technology for Improved Information Governance
This latest case study from the Information Governance Initiative demonstrates how Ameritas, an insurer, began with a pilot project to tackle a clearly identified business problem which they addressed using data analysis, indexing, searching, tracking and reporting tools from Active Navigation. Read the article now
Read More
Roadmap to Reducing Your Biggest Information Risk
In this white paper, sponsored by IGANZ supporter Active Navigation, Russel Stalters, CEO of Clear Path Solutions, outlines a roadmap for reducing your organisation’s biggest information risk. Read the article
Read More
Making IG Real: Six Stories from the Front Lines of Information Governance Success
Over a typical business cycle, a large organisation produces staggering volumes of data. This will include essential records, valuable business intelligence, and knowledge uniquely relevant to the business. But frequently 50% or more of the content is utterly useless – it is dead weight, consuming storage capacity and obscuring the […]
Read More
Information Governance at Work: Pandora Media
With the help of the file analysis and governance experts, the Pandora GRC team discovered that at least 60% of its unstructured data had no value and there was no business or legal reason to continue to spend precious resources on protecting and storing it. So they took control, realising significant […]
Read More
Information Governance Case Study – Les Schwab
Looking at one organization’s experience with IG, can provide valuable lessons and practical insights that will help all IG professionals mature their IG programs. This case study details a common but complex IG problem: managing the relationships among key IG players. Read the article now
Read MoreIGANZ Industry Report 2021
Member only content (join now)
OR
Sign up to the mailing list to get access to InfoGovANZ Industry Reports.
IGANZ Industry Report 2019
Member only content (join now)
OR
Sign up to our mailing list using the form above to get access to InfoGovANZ Industry Reports.
IGANZ Industry Report 2017
Member only content (join now)
OR
Sign up to our mailing list using the form above to get access to InfoGovANZ Industry Reports.
Governance of Things - Keeping Our Members Up To Date
Each month we send to our members The Governance of Things newsletter with feature articles, latest news and developments, and upcoming events. You can explore past editions of the Governance of Things below.
Member only content (join now)
Member only content (join now)
Member only content (join now)
Member only content (join now)
