First Anniversary of GDPR Passes Quietly but Ominously
When Europe’s General Data Protection Regulation took effect a year ago, many in Australia shrugged their shoulders and said, “Nice for them, but not my problem.” But that might not be quite the case. In California a ‘lite’ version of GDPR called the California Consumer Privacy Act has already passed into law. Can changes to Australia’s privacy laws be far behind? In a recent article for Brink, Matthew McCabe points out that “Regulators intended for the reach of the GDPR to extend far beyond the EU’s borders, with the rights granted under it following wherever an individual’s data may sprawl.…
Accelerating Privacy Regulation – the Top Emerging Risk for Organisations
According to Gartner’s recent quarterly Emerging Risks Monitor Report (1Q19), 98 risk, audit and compliance executives have ranked rapidly accelerating privacy regulations and their associated regulatory burdens as their top emerging risk that organizations face globally (see: Gartner, Inc.’s Emerging Risks Monitor Report). Rapidly accelerating privacy regulations is defined as the risk of progressively complicated statutory regimes, which cover the use and protection of customer data, creating the potential for legal and financial exposure. This risk has overtaken ‘Talent Shortages’ which led last quarter and is followed by ‘Pace of Change’ (see Figure 1 below and ‘Gartner top-ten-emerging-risks’, attached). According to Matt…
The Consumer Data Right – coming to a bank near you…
1 July 2019 sees the four big Australian banks commence a pilot program for the Consumer Data Right (CDR) to test how they will comply with the federal government’s plan (announced on 26 November 2017) to enable consumer’s data to be made available to third parties (with the customer’s permission) in order to more easily be able to compare banking products. This is Open Banking (still to be legislated) – to be followed by similar regimes for the telecommunications and energy sectors… and more to come. The theory is that consumers own their data – not banks, telecommunications companies etc…
Artificial Intelligence, Australia’s Ethics Framework
The Federal government recognises that ‘Artifical Intelligence (AI) has the potential to provide social, economic and environmental benefits. For Australia to realise these benefits, it’s important for citizens to have trust in how AI is being designed, developed and used by business and government.’ In order to seek public input, CSIRO’s Data61 was engaged to draft the Artifical Intelligence, Australia’s Ethics Framework, A Discussion Paper. Data Governance Australia participated in the Future AI Forum hosted by KPMG which comprises a cross section of interested parties that provided a joint submission to this Discussion Paper – see here. As with most…
Digital Platforms Inquiry: submission in response to the Preliminary Report
The Association for Data-driven Marketing & Advertising (ADMA) submitted a response to the Australian Competition & Consumer Commission’s (ACCC) Digital Platform Inquiry Preliminary Report on behalf of ADMA and its sister associations, Data Governance Australia (DGA) and the Institute of Analytics Professionals of Australia (IAPA).
Can good business outcomes and government regulation happily coincide?
According to Forrester’s Predictions 2019: B2C Marketing report, ‘Brands know that their most valuable asset is their relationship with existing customers.’ Trust. To build trust, consumers want control over their info, and so marketers will turn to zero-party data. “Zero-party data is explicit, the consumer knows when they’re giving it, chooses to, and normally there’s a reward when it’s done properly,” says Scott McNealy, Founder of Sun Microsystems and Chairman of Wayin. Zero data is data a customer intentionally and proactively shares with your brand. Zero-party data is precious because it means your customer trusts you to use it appropriately.…
Just because you can, doesn’t mean you should…
Clive Palmer has been the face of the United Australia Party’s recent campaign, the SMS aspect of which raised the ire of many. While sending the messages was not in contravention of Australian laws his response to consumer sentiment only added fuel to the fire. Registered political parties (and others) are exempt from certain provisions of the Commonwealth’s Spam Act and so the United Australia Party’s SMSs would not constitute Spam within the meaning of the Act provided they contained sender information. A similar provision also applies under the Commonwealth’s Do Not Call Register Act. Compliance with the law…
The Digital Platform Inquiry – in a nutshell
The ACCC Digital Platform Inquiry’s Preliminary Report covers a lot of ground. In the interests of brevity (and sanity) DGA has prepared a summary of key points for your reference. Issues for consideration The ACCC has indicated that it is interested in a range of issues. assessing the market power of digital platforms the implications of digital platforms for media content creators, advertisers and consumers longer term trends in the media and advertising services markets the effectiveness of existing regulation and proposals for change Areas of Concern In broad terms, the Preliminary Report touched on several areas of potential concern,…
The Consumer Data Right – draft technical standards released
The Consumer Data Right has moved on to its next phase with The Treasury announcing on 5 November 2018 that the Working Draft of the technical standards has been published. In referring to the draft standards The Treasury observed: “These standards have been developed to facilitate the Consumer Data Right by acting as a specific baseline for implementation. The standards are governed by the Consumer Data Standards team inside Data61. Data61 has been appointed as technical advisors to the interim data standards body. The work of the team is overseen by Mr. Andrew Stevens as interim Chair, with industry and…
DGA viewpoint: Healthcare and data │Universal Declaration of Human Rights
HEALTHCARE is well-worth a focus when discussing data generally as many of the issues that sector faces apply equally throughout the economy. According to CISRO’s recently released Future of Health report ‘Behavioural change is needed by all healthcare stakeholders to ensure the growing volume of personal health data is securely shared, collated, analysed, interpreted, and paired with action for improved health and wellbeing’. ‘Unlocking the value of digitised data in the health sector will involve tackling issues that are present in many Australian sectors and so could involve collaborations for efficient solution development.’ Some of these issues include ‘community levels…
2018 Event Roundup
DGA hosted some great events in 2018. It’s been a great year. Here are some of the highlights: Private boardroom breakfast for 20 Data Privacy & Protection Leaders where KPMG’s Kelly Henney, National Leader of Data Privacy and Paul Black, Cyber Forensics Practice, spoke on the topic of ‘What questions should executives and the board be asking to ensure their organisations are data-ready – both in terms of mitigating risk and maximising opportunities?’ This was followed by a roundtable discussion which included sharing experiences and ideas. Private boardroom Healthcare and Data luncheon with Stephen Duckett, Director, Health Program, GRATTAN Institute,…
Encryption –vital laws or a backdoor for hackers?
The “Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018” (known as the A&A Act) has an innocuous name though many may believe it to be something of a misnomer, certainly with respect to the “assistance” and “access” references! Passed on 6 December 2018, the impetus for the new encryption laws is national security, and the rush was Christmas on the apparent basis that the potential for acts of terror increases during the festive season. Just why we needed to pass this legislation before this Christmas, allowing only four days to push 173 proposed amendments through both Houses of…
The Digital Platform Inquiry – regulatory creep personified!
DGA’s sister association, ADMA, has taken a deep dive into the content of the report in its article. In brief, the inquiry was launched with terms of reference that focused on the impact of digital platforms on competition and market powers, particularly in relation to the “supply of news and journalistic content, and the implications of this for media content creators, advertisers and consumers”. Further below is our summary of the preliminary report, however, here is our take: It would seem that the ACCC’s inquiry and the research commissioned have opened a Pandora’s box. To some extent, this is understandable,…
Happy 30th anniversary to the Privacy Act – and the breaches keep coming…
In addressing highlights from its 2017 – 2018 Annual Report, the Australian Information Commissioner and Privacy Commissioner, Angelene Falk, said “the OAIC’s work across the reporting period has continued to enhance transparency and accountability for the community”. Key statistics for the period noted by the OAIC included: drafted 29 submissions on legislative proposals and other issues such as open banking and privacy in the digital age conducted 21 privacy assessments in areas such as identity verification, telecommunications, digital health and government received 305 reports under the Notifiable Data Breaches scheme, compared to 114 voluntary reports in 2016–17 received 19,407 privacy…
Update Consumer Data Right consultation: October 2018
Both Treasury and the Australian Competition & Consumer Commission have been conducting ongoing consultations on the Consumer Data Right. With the next round of submissions about to close, we examine both the past and the future of this consultation process.
Data Governance Australia – what is our purpose?
DGA appeals to all organisations that hold and use data – and, in particular, Chief Data Officers, Chief Privacy Officers, Chief Risk Officers, General Counsel, Compliance Officers, Cybersecurity leaders and the like. It is also equally important that Non-Executive Directors, CEOs and other C-suite executives are across data issues, as these increasingly impact every facet of business.
My Health Record – the latest in the ongoing debate
The My Health Records Amendment (Strengthening Privacy) Bill 2018 was before both the House of Representatives and the Senate on 19 September 2018. The House of Representatives agreed to a third reading and the Senate moved the second reading of the Bill.
Employees Cause Majority of Notifiable Data Breaches
Privacy regulator, OAIC, releases first Quarterly Report into the Notifiable Data Breaches Scheme, revealing majority of notifiable data breaches are caused by employees and human error.
The Limits of Consent
A recent decision in a privacy case challenges the limits of consent, suggesting consumer consent does not validate over-collection of personal information and cannot override an entity’s requirement to only collect the personal information reasonably necessary for its functions and activities
CLOUD Moots Microsoft Case
The long-awaited decision between Microsoft and the US Justice Department about cross-border access to data will be waited no more, with the US Supreme Court declaring there is no longer a case to decide following the passage of the CLOUD Act.
Facebook scandal reveals urgent need for greater data transparency, trust and ethics
Greater data use relies on improved consumer understanding and control, and a higher standard of ethics
DGA Board reiterates its purpose and sets a path for increased momentum
On 16 April 2018 the DGA Board held a day-long workshop to renew its strategy for DGA, setting its direction and priorities for the year ahead, and reiterating DGA’s long term goals.
Research Findings Overview – Consumer Attitudes Towards Privacy
The research undertaken by DGA and ADMA is the first research into consumer attitudes to be conducted on a global scale
Customer Data Right & Review into Open Banking in Australia
The Government has decided that the Customer Data Right (CD-R) will be implemented economy-wide on a sector-by-sector basis, initially in the banking, energy, and telecommunications sectors
Code Enforcement Delayed
the DGA Board unanimously passed a vote to delay the enforcement provisions of the DGA Code of Practice
The Australian privacy agency is investigating Facebook
The Office of the Australian Information Commissioner has announced it is conducting a formal investigation into Facebook following the Cambridge Analytica scandal
ACCC Inquiry into Digital Platforms Consultation: 13 April 2018
DGA will consult with members in relation to the issues raised in the Issues Paper and will provide a response to the ACCC.
Regulation of (Borderless) Data
How laws or regulations limited to clearly defined borders effectively govern borderless issues is becoming increasingly complex
Notifiable Data Breaches Scheme Commences but Awareness and Preparedness is Low
We are just about two weeks into Australia’s first laws that require entities to notify individuals and the OAIC of certain types of data breaches.
Australian Information Commissioner and Privacy Commissioner departs
Although this book doesn’t specifically focus on data governance, “Who Can You Trust” reveals some timely lessons on trust.
China Releases New Personal Information Privacy Standards
On 25th January 2018, the Standardisation Administration of China (SAC) released the final version of the Personal Information Security Specification.
Government Sends Clear Message About Importance of Customer Data Security
Attorney-General and Minister for Law Enforcement and Cyber Security send a message that cyber security and data security is on the Government’s agenda
Book review: ‘Who Can You Trust?’
Although Rachel Botsman’s 2017 book “Who Can You Trust?” is not specifically about data governance, it reveals some very relevant lessons for data governance professionals.
Sharing without caring: The challenges of an open-data economy
With the rapid growth of the open-data economy, businesses need to ensure that they stay ahead of changing technologies to avoid unintended consequences.
Good privacy is good for business, says Cisco study
Coinciding with Data Privacy Day (28 Jan), Cisco released their annual Privacy Maturity Benchmark study, highlighting the importance of good privacy process in business.
New initiatives for DGA members
DGA has introduced some exciting new initiatives to ensure its members are kept abreast of new developments in data governance and related areas.
Millennials don’t care about privacy because they share (or overshare) their life on social media, or so we are told
Millennials are generally seen as ‘oversharers’ and there is a general assumption that they’re not concerned about privacy. But is that really the case?
Coming Soon: Consumer Data Right and the Government’s Response to the PC Report
On 26 November 2017 the Government announced that it will legislate a national Consumer Data Right in 2018, allowing customers open access to their data.
DGA Hosts Digital Economy Strategy Roundtable
As a key stakeholder in the digital economy, DGA is participating in the consultation process with the Federal Government on developing a national Digital Economy Strategy.
Australia to Participate in APEC Cross Border Privacy Rules
On 23 November 2017 the Attorney General’s Department announced that Australia will participate in the APEC Cross Border Privacy Rules. The announcement follows public consultation with industry stakeholders in July 2017.
Cybersecurity and privacy: it takes two to tango!
With vast amounts of data generated via the increasing number of connected devices, new methods and technologies need to be implemented for data security and protection. This is where the EU’s General Data Protection Regulation (GDPR) steps in.
Consumers value trust over convenience
Trust is more important to Australian consumers than convenience, as a highly popular new messaging app has learned recently.
Your voice in Canberra: DGA meets with Government
Read about DGA’s recent meetings with various Government Departments and Ministers.
DGA Code of Practice update
Public Consultation on the Draft DGA Code of Practice closed on 26th July 2017. Find out what’s next here.
Draft APS Privacy Governance Code revealed
The OAIC has revealed the Draft APS Privacy Governance Code. The Commissioner is now seeking feedback about the Code, so have your say.
Share your thoughts on the APEC Cross Border Privacy Rules
The APEC Cross Border Privacy Rules facilitate the flow of personal information across borders. Provide feedback about the rules today.
DGA meets with PM&C Taskforce to discuss Data Portability
DGA representatives discussed Data Portability and the DGA’s Draft Code of Practice with the PM&C Taskforce to ensure an effective self-regulatory regime.
Avoidable data breaches threaten innovation in health sector
Sixty per cent of data breaches are due to human error. Avoidable breaches are threatening innovation, especially in the health sector.
DGA Chairman delivers National Press Club Address
DGA Chairman, Graeme Samuel AC, delivered an address to the National Press Club on the balancing act of consumer protection and benefits of data innovation.
Three Pitfalls marketers encounter when they collect data
It would be a big mistake to assume that consumers are willing to write brands a blank cheque when it comes to the use of personal data. Instead marketers need to work harder than ever to build trust amongst customers and prospects of the brands they represent.
DGA discusses Productivity Commission’s Final Report at Roundtable with Government’s new Taskforce
Recently the Government established a Data Availability & Use Taskforce (“Taskforce”) within the Department of the Prime Minister and Cabinet.
OIAC Draft Guidelines for Mandatory Data Breach Scheme
The Office of the Australian Information Commissioner (OAIC) has released business resources for the new Notifiable Data Breaches (NDB) scheme set to commence in 2018.
DGA meets with Government to discuss Code of Practice and PC Report
During May, Jodie Sangster (CEO) and Irene Halforty (Legal & Regulatory Affairs Manager) were in Canberra as part of DGA’s advocacy strategy, for a series of high-level government meetings.
Privacy vs convenience: a ‘smart’ trade-off?
We live in the era of convenience – smart devices and the Internet of Things (IoT) make consumers’ lives so much easier and more convenient. But at what cost?
Three reasons consumers will share their data – and three reasons they will not
In a digital economy consumers often give up part of their personal data for added benefits. Here are the top 3 reasons why consumers will share their data.
A transparent Code
Being clear about your purpose is important to people and industry bodies alike. As you read this, the DGA team is deep into the late stages of development for our Code of Practice.
DGA goes to Canberra
Having clear links to and solid relationships with Government is a vital part of DGA’s purpose, especially at a time of digital transformations.
DGA Working groups assist the Board
As part of the DGA’s commitment to members, we have formed a number of Board Advisory Committees (BACs) to report directly to the DGA Board and ensure focus on data issues that affect Australian businesses now and into the future.
Privacy, metadata and the new landscape
On 19 January the Federal Court of Australia handed down its long-awaited decision in the Privacy Commissioner’s submission: Grubb vs Telstra – a case of some significance to privacy.
The art of building consumer trust
In the age of data, building consumer trust is imperative for businesses to survive. So what is the key to building trust?
Privacy Amendment: The Law Explained webinar
If you missed this practical and informative webinar on the Privacy Amendment (Notifiable Data Breaches) Bill 2016, watch it now to catch up on all the information you need to know.
Privacy Amendment Passes
On Monday 13 February, the Privacy Amendment (Notifiable Data Breaches) Bill 2016, passed in the Senate with support from both sides of the aisle.
Predictions for 2017
2017 is set to be an interesting year for data: decisions around sharing, managing consumer trust, merging technologies and increasing consumer understanding will propel further forward the current data revolution. These are our predictions for the year ahead.
Privacy Amendment Bill 2016: cause and effect
Amendments to two key pieces of legislation relating to data will be considered in this parliamentary year – The Privacy Amendment (Re-identification Offence) Bill 2016 and the Privacy Amendment (Notifiable Data Breaches) Bill 2016. Find out what the possible implications are if the amendments are passed…
European Data Protection Laws explained
Changes to the European Data Protection legislation will impact marketers around the globe. The European law will affect companies based in Europe and also extends to any organisations that holds data about individuals who are based out of Europe. This means that Australian companies may be affected by the new laws.
Submission to Productivity Commission on data availability and use
In November, Australia’s Productivity Commission published a set of findings and recommendations in response to the Inquiry into Data Availability and Use. In its submission, DGA was unrelenting in its agenda on behalf of members, for a self-regulatory framework and an innovation-led agenda. Read the submission here.
The importance of data governance in the case of ATO’s data loss
On Monday, the Australian Taxation Office (ATO) announced an unprecedented enterprise hardware failure that resulted in the shutdown of their website, closure of e-portals, staff being sent home because internal systems failed to operate and the loss of 1000 Terabytes of data.
Data Governance – What is it?
The shift to the digital economy has seen the volume of data created by consumers and business grow exponentially in the past five years. Indeed, it has been estimated that in the past two years more data has been created than in the entire previous history of the human race. The staggering potential benefits of data for everything from marketing and customer acquisition through to post-sale servicing and product creation have not gone unnoticed by the broader business community with 75% of companies recently surveyed by Gartner confirming that they have invested or plan to significantly invest in big data…
Governance and Analytics Will Be Top Priorities
Gartner’s first survey of working chief data officers finds that their main mandate and objective is to manage, govern and exploit information as an organizational asset. As a newly emerging role, there is a high degree of variability in what CDOs do, to whom they report and how they are measured.