In case you missed it, below is a summary of recent posts from CPW.  Please feel free to reach out if you are interested in additional information on any of the developments covered.

US Banking Regulators Issue Final Rule Regarding Data Incident Reporting – Consumer Privacy World

Australia’s Online Privacy Bill and Privacy Act Discussion

In the Australian Government’s first step towards enhancing and enforcing privacy compliance in Australia, the Attorney-General’s Department has released two publications regarding amendments to Australia’s privacy regime:

  • An exposure draft introducing amendments to the Privacy Act 1988 (Cth) (the Privacy Act), which will establish an online privacy code applicable to major online platforms and introduce increased penalties for non-compliance with the Privacy Act for all entities (the Online Privacy Bill); and
  • A discussion paper seeking further submissions on up to 67 proposals to amend the Privacy Act and introduce a raft of amendments to Australian privacy law focused on increasing enforcement, empowering individuals and aligning Australia with global privacy regimes (the Discussion Paper).

Continue Reading Australia’s Online Privacy Bill and Privacy Act Discussion Paper: First Steps Towards an Enhanced Australian Privacy Regime

Digital Facial RecognitionLast week (9th July), the ICO announced that it would join forces with the Office of the Australian Information Commissioner (OAIC) to investigate the use of personal information, including biometric data, by Clearview AI, Inc. (Clearview). Limited information is available so far, but given the focus of the investigation, this is an important step in determining data protection rights and obligations, where information is ‘scraped’ from ‘publicly available’ sources, for the purposes of tackling crime.
Continue Reading ICO and Australian Information Commissioner Team-up to Investigate Clearview AI, Inc. Facial Recognition Tool and Data Scraping

As the world struggles to deal with the spread of coronavirus disease 2019 (COVID-19), governments are turning to technology to help “flatten the curve” and slow the rate of transmissions. Although Australia has been relatively successful in mitigating the widespread health impacts of COVID-19, the federal government has encouraged all Australians to download its COVIDSafe

Australian FlagThe previous decade saw the expansion of data privacy laws in Australia and throughout the globe in terms of their application, enforceability and scope, as well as the protections made available to individuals through primary legislation.[1] As we enter a new decade, we are beginning to see the evolution of privacy and data as a multi-regulatory compliance issue, as data protection issues start to permeate additional legal frameworks. Data privacy and protection is no longer confined to issues between a business and its customer, with a privacy regulator, such as the Office of the Australian Information Commissioner, overseeing this relationship in light of applicable laws. Instead, data privacy and protection is becoming increasingly relevant in previously unconsidered aspects of a business’ operational cycle. This article examines this trend by considering data privacy and protection developments within Australian takeovers and foreign acquisitions law.
Continue Reading Data Privacy and Protection – A New Focus Within Australian Takeovers Law

More than twelve months after the commencement of the Australian Notifiable Data Breach Scheme,[1] statistics published by the Office of the Australian Information Commissioner (OAIC) have begun to reveal trends present in the 812 notifiable data breaches recorded in Australia between 22 February and 31 December 2018. One key trend is the clear susceptibility of the health care industry, which suffered one fifth of all data breaches recorded in Australia throughout 2018, the highest number on an  industry scale.
Continue Reading The Un-healthiness of the Australian Health Sector’s Data Security

The Office of the Australian Information Commissioner (OAIC) released its second quarterly statistics report into the Notifiable Data Breach Scheme on 31 July 2018 (Report). The Report provides further insight into the operation of the new scheme, which commenced February this year. The scheme provides for mandatory reporting of ‘eligible’ data breaches to the OAIC and to potentially affected individuals. Whether a data breach is eligible depends on whether the unauthorised disclosure, or loss, of data is likely to result in serious harm to affected individuals.
Continue Reading Australian Information Commissioner’s Office Releases Report on Notifiable Data Breach Scheme