I think I am suffering indigestion, but it’s not from the delicious breakfast served at the opening event to mark Privacy Awareness Week this year. It’s more like mental indigestion, as my brain tries to absorb all the nutrients found in the smorgasbord of news, insights, opinion, legal developments and regulatory guidance dished up to a hungry audience of privacy professionals in the space of just one week. Here’s my wrap-up of the events I was able to attend.
Australian Privacy Commissioner Timothy Pilgrim kicked things off with the release of the results of the OAIC’s assessment of the online privacy policies of 20 entities regulated by the APPs. Disturbingly, 55% of the policies reviewed did not adequately address one or more of the requirements in APP 1, such as how an individual could make a complaint, or access their personal information. The median length of the 20 policies reviewed was 3,413 words, but over breakfast we heard that the longest was 18,000 words! The issue of readability was further aired on the ABC TV’s Lateline program that night.
Pilgrim also spoke about the strategic direction of his office, which will be more focused on reviewing entities’ implementation and compliance, rather than issuing guidance, now that more than 12 months has elapsed since the APPs became law. There were also some morsels about international cooperation in the regulatory space, including the next GPEN sweep which will focus on website and mobile apps impacting on children’s privacy.
And not for the last time during the week, there was mention of the privacy risks posed by the federal government’s new mandatory data retention laws, which include ensuring telecoms have adequate data security measures in place. For privacy advocates, the silver lining in the data retention cloud is the reinvigoration of the bill to also introduce mandatory data breach notification.
Keynote speaker Mark Pesce – inventor, educator and broadcaster – described his fear that as individuals, we are no longer seen as citizens or even as consumers, but as “data harvesters”, acting blindly on behalf of corporations, which are hijacking our basic human desire to connect and share with others. Mercifully he ended with his prediction of a more privacy-positive future, in which businesses see a competitive edge in ‘privacy by design’ offerings – albeit with a warning that we risk creating a two-tier society in which only the wealthy can afford their privacy.
An invigorating panel discussion followed, which included other insights into the near-future, such as UQ legal academic Dr Mark Burdon’s offering of the “sensorised home“, in which your health can be monitored through constant urine testing built into your toilet, and the CSIRO’s Dr Christine O’Keefe who spoke about technological developments which will challenge our very notion of what personal information means, such as geolocation data, and eventually even “smart dust”! (No, I didn’t understand what smart dust means either, but it sounds even scarier than smart toilets, right?)
While Facebook’s Head of Policy Mia Garlick spoke of managing such privacy risks by spreading privacy knowledge and capacity to engage in ‘privacy by design’ throughout an entity by using cross-functional review teams, ZDNet Editor Chris Duckett and Dr Burdon spoke against allowing the market to self-regulate, with Duckett describing companies as sociopaths hell-bent on hoovering up personal information, and Burdon noting that the very philosophy of ‘big data’ is fundamentally opposed to the limitations upon collection and secondary use posed by privacy regulation.
Phew – that was all before 9am on the first day!
Then there was the launch of the OAIC’s new Privacy Management Framework, workshops on how to conduct a PIA (facilitated by yours truly), and the timely release of the controversial Grubb v Telstra determination, which itself moves forward the debate about the meaning of “personal information” and the importance of geolocation data. (I will write more about the implications of the Grubb case soon.)
Later in the week the NSW Privacy Commissioner Dr Liz Coombs hosted a Privacy Matters Forum, which looked at the link between ‘privacy by design’ and great customer service. The keynote speaker was Michael Pratt, the inaugural NSW Customer Service Commissioner, who made the link between customer service and privacy by talking about customer-centric thinking in business process design, which engenders the customer trust necessary to underpin the sharing of personal information. There was some spirited banter from panellists (who included our Associate Stephen Wilson) and the audience about whether privacy really is good for business, but sadly Chatham House rules prevent me from quoting anyone.
Dr Coombs also announced plans for another forum in November, featuring social researcher and prolific writer Hugh Mackay – I’m looking forward to hearing his insights on all things privacy. Hopefully by then, my breakfast will have gone down, and I’ll be ready for the next course. Bon appetit!
Photograph © Shutterstock