As you might expect, the recent investigation by the Office of the Victorian Information Commissioner (OVIC) into the public release of data about myki card users includes important insights into de-identification and re-identification, which were pick…

Read More >

A recent case illustrates the importance of robust, mandatory privacy training for staff, to avoid privacy breaches – or, if a breach does happen, in order to avoid liability for when a rogue employee goes off on a privacy-invading frolic of their own….

Read More >

A recent case illustrates the need to think about privacy in both system design and human decision-making.  Plus, how keeping user experience (UX) front of mind when designing systems or processes should result in better privacy outcomes too – and mayb…

Read More >

You say data breach, I say cybersecurity incident You say privacy breach, I say an individual sending out emails Potato, potahto, tomato, tomahto Let’s call the whole thing off (With apologies to Ella Fitzgerald)   What is a data breach?  Is it th…

Read More >

We’ve written before about the common causes of data breaches, but what about all the other types of privacy risks your organisation might face? This month we have helpfully compiled for you a list of Ten Things To Do or Not to Do or Privacy Risks to A…

Read More >

Hey get ready people, it’s almost Privacy Awareness Week! OAIC’s theme for 2019 is ‘Don’t be in the dark about privacy’, while OPC NZ and OVIC’s theme is ‘Protecting privacy is everyone’s responsibility’.  No matter which slogan you prefer, the point i…

Read More >

Imagine reading an ethical framework for organising birthday parties, which says that it will be important to meet legal requirements in terms of not making too much noise, that matching napkins and paper plates are fundamental to planning your party,…

Read More >

If a year ago I had attached a piece of string to the personal information I provided in order to enter an online competition, would I be surprised how many organisations had my string threading through them by now? Almost certainly my string would by…

Read More >

February marks 12 months since the start of the notifiable data breach scheme here in Australia, and nine months since the European notification scheme started under the GDPR.  American notification laws have been running for years now. All of which me…

Read More >

If 21 is the age at which a person is considered to have matured, what are we to make of a law when it turns 21? 2019 marks the 21st birthday of PPIPA (aka the Privacy and Personal Information Protection Act 1998), the key privacy statute in my home st…

Read More >