Right to privacy puts eyes on infosec

Powered by SC Magazine
 

A serious invasion of privacy could include unauthorised surveillance.

The Gillard Government spurred by recent data breaches will shortly issue a discussion paper seeking public opinion on introducing a right to privacy that will require increased attention to information security.

For larger enterprises, the new statutory right will fuel demand for data privacy and security analysts to ensure they can defend against new contingent liabilities due to lax business practices in securing or managing users' information.

An Australian Law Reform Commission (ALRC) recommendation for such a right has been on the Government’s list since August 2008.

However, a spate of recent privacy breaches, including the News of the World scandal, has spurred the Government into action.

Smaller ISPs and companies have been exempt from privacy laws so far, but the move will require increased attention to security and privacy practices for all.

It may also prompt new exemptions in 'terms of use' arrangements, in the form of opt-in clauses that offer some relief - if not a full defence - from privacy breaches due to data loss or hacking.

In addition, it will be interesting to see how the new privacy right interacts with calls by copyright lobbyists for 'three strikes' legislation.

As recommended by the ALRC, disclosure of a person’s privacy would be acceptable if it was required by law or “incidental to the exercise of a lawful right of defence of person or property.”

At the time of the release of ALRC report, several media companies described the recommendation as an attack on investigative journalism without a complementary right of freedom of expression. 

However the announcement today said the Government backed both principles and promises that “any changes to our laws will have to strike a balance between the two ideals.”

The ALRC made seven recommendations on the new statutory right for a "serious invasion of privacy".

For example, a serious invasion of privacy may occur where an individual has been subjected to unauthorised surveillance, where their communications have been interfered with or sensitive facts relating to their private life have been disclosed.

To establish a claim for invasion of privacy, a user must show that there was a reasonable expectation of privacy; and the act or conduct complained of is highly offensive to a reasonable person of ordinary sensibilities.

A court would also be asked to take into account whether the public interest in maintaining the claimant’s privacy outweighed other matters of public interest (including the interest of the public to be informed about matters of public concern and the public interest in allowing freedom of expression).

Defences against an action would include that the act was required by law or the conduct was incidental to the exercise of a lawful right of defence of person or property.

Copyright © iTnews.com.au . All rights reserved.


Right to privacy puts eyes on infosec
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  3%
 
A Federal Government agency (ATO, Centrelink etc)
  19%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1851

Vote
Do you support the abolition of the Office of the Information Commissioner?