As you might expect, the recent investigation by the Office of the Victorian Information Commissioner (OVIC) into the public release of data about myki card users includes important insights into de-identification and re-identification, which were pick…
Archives for 2019
Training is key to avoiding liability for rogue employees
A recent case illustrates the importance of robust, mandatory privacy training for staff, to avoid privacy breaches – or, if a breach does happen, in order to avoid liability for when a rogue employee goes off on a privacy-invading frolic of their own….
Stand in their shoes: Privacy by Design is needed everywhere
A recent case illustrates the need to think about privacy in both system design and human decision-making. Plus, how keeping user experience (UX) front of mind when designing systems or processes should result in better privacy outcomes too – and mayb…
You say potato: The meaning and causes of data breaches
You say data breach, I say cybersecurity incident You say privacy breach, I say an individual sending out emails Potato, potahto, tomato, tomahto Let’s call the whole thing off (With apologies to Ella Fitzgerald) What is a data breach? Is it th…
Top 10 Privacy Risks to Lose Sleep Over
We’ve written before about the common causes of data breaches, but what about all the other types of privacy risks your organisation might face? This month we have helpfully compiled for you a list of Ten Things To Do or Not to Do or Privacy Risks to A…
Privacy 101, for people who are new to privacy
Hey get ready people, it’s almost Privacy Awareness Week! OAIC’s theme for 2019 is ‘Don’t be in the dark about privacy’, while OPC NZ and OVIC’s theme is ‘Protecting privacy is everyone’s responsibility’. No matter which slogan you prefer, the point i…
The ethics of artificial intelligence: start with the law
Imagine reading an ethical framework for organising birthday parties, which says that it will be important to meet legal requirements in terms of not making too much noise, that matching napkins and paper plates are fundamental to planning your party,…
My Privacy String: Tie up loose threads to avoid privacy risks
If a year ago I had attached a piece of string to the personal information I provided in order to enter an online competition, would I be surprised how many organisations had my string threading through them by now? Almost certainly my string would by…
It’s the data breach countdown: the top 10 risks to avoid
February marks 12 months since the start of the notifiable data breach scheme here in Australia, and nine months since the European notification scheme started under the GDPR. American notification laws have been running for years now. All of which me…
PPIPA turns 21: should we celebrate?
If 21 is the age at which a person is considered to have matured, what are we to make of a law when it turns 21? 2019 marks the 21st birthday of PPIPA (aka the Privacy and Personal Information Protection Act 1998), the key privacy statute in my home st…
