Right to privacy puts eyes on infosec

Powered by SC Magazine
 

A serious invasion of privacy could include unauthorised surveillance.

The Gillard Government spurred by recent data breaches will shortly issue a discussion paper seeking public opinion on introducing a right to privacy that will require increased attention to information security.

For larger enterprises, the new statutory right will fuel demand for data privacy and security analysts to ensure they can defend against new contingent liabilities due to lax business practices in securing or managing users' information.

An Australian Law Reform Commission (ALRC) recommendation for such a right has been on the Government’s list since August 2008.

However, a spate of recent privacy breaches, including the News of the World scandal, has spurred the Government into action.

Smaller ISPs and companies have been exempt from privacy laws so far, but the move will require increased attention to security and privacy practices for all.

It may also prompt new exemptions in 'terms of use' arrangements, in the form of opt-in clauses that offer some relief - if not a full defence - from privacy breaches due to data loss or hacking.

In addition, it will be interesting to see how the new privacy right interacts with calls by copyright lobbyists for 'three strikes' legislation.

As recommended by the ALRC, disclosure of a person’s privacy would be acceptable if it was required by law or “incidental to the exercise of a lawful right of defence of person or property.”

At the time of the release of ALRC report, several media companies described the recommendation as an attack on investigative journalism without a complementary right of freedom of expression. 

However the announcement today said the Government backed both principles and promises that “any changes to our laws will have to strike a balance between the two ideals.”

The ALRC made seven recommendations on the new statutory right for a "serious invasion of privacy".

For example, a serious invasion of privacy may occur where an individual has been subjected to unauthorised surveillance, where their communications have been interfered with or sensitive facts relating to their private life have been disclosed.

To establish a claim for invasion of privacy, a user must show that there was a reasonable expectation of privacy; and the act or conduct complained of is highly offensive to a reasonable person of ordinary sensibilities.

A court would also be asked to take into account whether the public interest in maintaining the claimant’s privacy outweighed other matters of public interest (including the interest of the public to be informed about matters of public concern and the public interest in allowing freedom of expression).

Defences against an action would include that the act was required by law or the conduct was incidental to the exercise of a lawful right of defence of person or property.

Copyright © iTnews.com.au . All rights reserved.


Right to privacy puts eyes on infosec
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1094

Vote