A case involving facial recognition technology and customer satisfaction surveys offers plenty of lessons in how privacy law applies to Australian businesses. In June 2020, the 7-Eleven chain of convenience stores began using a new customer feedback su…
Archives for 2021
Privacy and gender: what to ask, when and why
Hey, before we start, can I just ask: are you male, female or other? Are you bristling at even being asked? Collecting accurate data on gender can, when done appropriately, be a key way to ensure a product, program or policy is designed with gender di…
What covid apps can teach us about privacy, utility and trust in tech design
The release last week of the report into the first 12 months of the federal government’s beleaguered ‘COVIDSafe’ app got me thinking about the importance of Privacy by Design – and in particular, how the ‘design’ part of the equation is not just about…
Cat or carrot? Assessing the privacy risks from algorithmic decisions
Artificial intelligence (AI), and its impacts on privacy and other human rights, have been the focus of much attention in the past two months. From the European Commission considering a new AI-specific law, to the Australian Human Rights Commission (A…
Not too much identity technology, and not too little
The World Health Organisation (WHO) has released the first of a series of design documents concerning digital proof of COVID-19 vaccination, as the start of a process to standardise digital versions of existing paper “home-based” records and the intern…
For all the privacy officers caught in the middle of a tug of war
Oh, privacy advisers, we hear your pain. No matter whether you work in government or the private sector, your organisations will no doubt be keen to maximise the benefits from your information assets, in order to gain insights into how best to run your…
How to earn your social licence: the role of trust in project design
If you’re asking if your customers trust you, you’re asking the wrong question. Privacy risk management is not just about legal compliance, but about ensuring that you can meet your customers’ expectations. (In the context of public services, your ‘cu…
Representative redress required to mop up after asylum seeker data breach
The Office of the Australian Information Commissioner’s recent determination in ‘WP’ and Secretary to the Department of Home Affairs highlights the traction that can be gained through a representative complaint that stems from a single data breach – ev…
Design jam leaves customers in a privacy pickle
A recent determination by the OAIC in the Flight Centre case demonstrates the potential to cause privacy harm when personal information is recorded and stored inappropriately. In that case a free-text field designed for a different purpose was used by…
