Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interpreting Privacy Principles: Chaos or Consistency?

Published bySusanto Santoso Modified over 6 years ago

Similar presentations

Presentation on theme: "Interpreting Privacy Principles: Chaos or Consistency?"— Presentation transcript:

1 Interpreting Privacy Principles: Chaos or Consistency?
Symposium Interpreting Privacy Principles: Chaos or Consistency? 17 May 2006, Sydney Interpreting the Security Principle Nigel Waters, Principal Researcher

2 Methodology of Investigation
Identify issues Identify ‘cases’ expressly involving the security principle Primary source - WorldLII Privacy Law Project Identify issues – from Guidelines, previous analysis/papers, own experience Identify ‘cases’ expressly involving the security principle – by e.g. key words in case summaries (Cases include Commissioner/tribunal/court decisions; settled complaint summaries; reports of own-motion investigations; audit reports) Primary source - WorldLII Privacy Law Project

3

4 Methodology of Investigation
Search for relevant material Iterative process Will review all published cases Initial focus on information privacy laws Progressively extension to other relevant laws Search across and within main privacy caselaw and commentary databases Iterative process – as other cases reviewed, new issues identified Project will aim to review all published cases Initial focus on principal information privacy laws - will also progressively extend scope to other relevant laws – e.g. surveillance laws, laws with secrecy provisions

5 Security measures are designed to mitigate
… Unauthorised Use of p.i. … Unauthorised Disclosure of p.i. … … Loss or corruption of p.i. Security measures are designed to mitigate the RISK of … … by someone with authorised access i.e. exceeding their authority … by an unauthorised third party e.g. by hacking or phishing Misuse Including: Authorised but improper use?

6 Security Principle - Issues
Reasonableness Generic Industry standards vs customised standards for personal information? Generic ‘all mode’ vs mode/technology-specific standards Human (Personnel) security Reasonableness Implies proportionality Need to take account of tensions between security and: Efficiency, Convenience, Accountability,Historical/archival objectives Some of these tensions also involves quality, retention and correction principles ‘Need to know’ principle Generic Industry standards vs customised standards for personal information? How far can users rely on security industry standards without at least analysing their adequacy for personal information, and if necessary refining and adapting the standards? Should privacy regulators be more involved in specification and design of security tools? Generic ‘all mode’ vs mode/technology-specific standards e.g. are same standards required for paper/computer records and for Information in transit by different means - post/fax/ /data/voice transmission? (Communications security) Many of the issues are the same, but new technologies give rise to additional issues and may affect the conclusion (e.g. whole subset of issues about passwords/PINS, encryption and logging and audit trails (cases inc cost – FH case – applicable to non IT security?) Human (Personnel) security Selection, training, monitoring (employee privacy issues)

7 Security Principle - Issues
Liability – organisation vs employee vs contractors Relationship between security and disclosure Carelessness Liability – organisation vs employee vs contractors In what circumstances can organisation walk away from responsibility for effect of a security breach? Relationship between security and disclosure An ‘event’ that breaches use/disclosure/quality principle does not necessarily mean a breach of security principle. Does there have to have been an event for there to have been a breach of the security principle? Does a complainant have to have been personally affected by an event to have standing to bring a complaint about a security breach? Carelessness Many examples – highlight NV case

8

9

10

11

12

13

14

15

Download ppt "Interpreting Privacy Principles: Chaos or Consistency?"

Similar presentations

Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.

Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.
Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.

Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
What SMS means for an Operator’s relationship with the CAA

What SMS means for an Operator’s relationship with the CAA
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.

13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.
Enw / Name. How legislation affects business computer users How important is health and safety legislation to a business and how does it affect a workers.

Enw / Name. How legislation affects business computer users How important is health and safety legislation to a business and how does it affect a workers.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.

Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Ensuring the Safety of Future Developments

Ensuring the Safety of Future Developments
An NZFFBS Training Module.  Objective 1  State the purpose and principles of the Privacy Act and the Code of Ethics.  Objective 2  Apply the principles.

An NZFFBS Training Module.  Objective 1  State the purpose and principles of the Privacy Act and the Code of Ethics.  Objective 2  Apply the principles.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
A LEADING LAW FIRM WITH A APPROACH Limitation Periods Clare Swinhoe.

A LEADING LAW FIRM WITH A APPROACH Limitation Periods Clare Swinhoe.

Similar presentations

Ads by Google