Right to privacy puts eyes on infosec

Powered by SC Magazine
 

A serious invasion of privacy could include unauthorised surveillance.

The Gillard Government spurred by recent data breaches will shortly issue a discussion paper seeking public opinion on introducing a right to privacy that will require increased attention to information security.

For larger enterprises, the new statutory right will fuel demand for data privacy and security analysts to ensure they can defend against new contingent liabilities due to lax business practices in securing or managing users' information.

An Australian Law Reform Commission (ALRC) recommendation for such a right has been on the Government’s list since August 2008.

However, a spate of recent privacy breaches, including the News of the World scandal, has spurred the Government into action.

Smaller ISPs and companies have been exempt from privacy laws so far, but the move will require increased attention to security and privacy practices for all.

It may also prompt new exemptions in 'terms of use' arrangements, in the form of opt-in clauses that offer some relief - if not a full defence - from privacy breaches due to data loss or hacking.

In addition, it will be interesting to see how the new privacy right interacts with calls by copyright lobbyists for 'three strikes' legislation.

As recommended by the ALRC, disclosure of a person’s privacy would be acceptable if it was required by law or “incidental to the exercise of a lawful right of defence of person or property.”

At the time of the release of ALRC report, several media companies described the recommendation as an attack on investigative journalism without a complementary right of freedom of expression. 

However the announcement today said the Government backed both principles and promises that “any changes to our laws will have to strike a balance between the two ideals.”

The ALRC made seven recommendations on the new statutory right for a "serious invasion of privacy".

For example, a serious invasion of privacy may occur where an individual has been subjected to unauthorised surveillance, where their communications have been interfered with or sensitive facts relating to their private life have been disclosed.

To establish a claim for invasion of privacy, a user must show that there was a reasonable expectation of privacy; and the act or conduct complained of is highly offensive to a reasonable person of ordinary sensibilities.

A court would also be asked to take into account whether the public interest in maintaining the claimant’s privacy outweighed other matters of public interest (including the interest of the public to be informed about matters of public concern and the public interest in allowing freedom of expression).

Defences against an action would include that the act was required by law or the conduct was incidental to the exercise of a lawful right of defence of person or property.

Copyright © iTnews.com.au . All rights reserved.


Right to privacy puts eyes on infosec
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 337

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 141

Vote