The relationship between technology, technological advancement, security and the preservation of an individual’s right to privacy are; in our computer-dependant post 9/11 society, among the most contentious issues facing humanity today. On the global stage most countries have in one way or another proposed and enacted various “Privacy” and “Security” related laws designed to address these issues from the local perspective.
Global Variation is Counterproductive
The biggest problem with these legislations is that they do address the need for the protection of an individual’s privacy to varying degrees from the local perspective which means that on the global stage there is considerable variation of law from one geographical region to the next. This fact alone is not conducive to rapid economic/marketplace development in the highly competitive open economy confronting business today.
The Impact of Computers on Privacy
With the ability of the Internet and ecommerce to transcend national and geographical borders and limitations it is now more vital than ever that those in one country are aware of the prevailing circumstances, regulations and legislation in other countries; especially if they have an inclination to enter into a business relationship with foreign and foreign-based interests. Let us check out the current state of affairs regarding Privacy and Privacy legislation here in Australia.
In the early days personal computers were used in isolation and personal computing was based around playing games, word processing, and book keeping. As time progressed this has changed dramatically and continues to do so.
Then with the advent of the Internet individuals were for the first time able to send their personal private information all around the world. ISPs required individuals to supply Personally Identifiable Information (PII) as part of the user’s obligations when entering into service agreements with ISPs in order to gain Internet connectivity. Community attitudes towards privacy have changed dramatically as a direct result of Internet usage.
For example; recent surveys conducted by Roy Morgan Research show that 62% of respondents are generally more concerned and security conscious with regards to their Personally Identifiable Information (PII) when “surfing the net” than otherwise. In addition; 66% stated that they are more concerned now than they were 2 years ago. One of the most common reasons stated for this is attributable to Spam. People are becoming more careful with regards to their PII and their email details in particular for the simple reason they don’t want to be spammed.
The Australian Federal Government’s Privacy Act 1988
The Organization for Economic Co-operation and Development (OECD) saw this need for global consistency and put forth a number of ideas that after close examination led the Australian Law Reform Commission to making numerous recommendations; some of which the Australian Federal Government acted upon, when introducing the 1988 Privacy Act which was designed to protect personal information collected by Federal government agencies while at the same time giving individuals a degree of control over its collection and use.
Regulating Government – The Privacy Act 1988 and those protections embodied within it were squarely aimed at regulating government use of personal information and ensuring that government computers were secure. They did not apply to the private sector except when the private sector had dealings with government bodies or agencies.
Information Privacy Principles (IPPs) – One of the pivotal components of the Privacy Act 1988 are the Information Privacy Principles (IPPs) which give the individual the right to know what information federal government agencies collect and use along with access rights to their own personal information.
Other Legislation – Each State and Territory has their own set of laws regulating the use of computers. However; the majority of these laws (particularly early ones) are aimed at prosecuting cases of industrial espionage. Some laws protecting an individual’s privacy and the security of their PII worthy of mention include:
- TheTelecommunications Interception Act 1979
- ThePrivacy Act 1988
- TheTelecommunications Act 1997
- TheCorporations Act 2001
- The Federal Privacy Act December 2001 Amendments – These amendments are intended to be applicable and enforceable to many private sector organizations.
- The Spam Act 2003
National Privacy Principles (NPP)
Organizations operating within Australia are now required to comply with a set of National Privacy Principles (NPP). The NPPs define the ways in which Personally Identifiable Information (PII) can be collected, used, stored and disclosed. Here are a few of the IT related NPP regulations:
NPP 1.1 – Organizations can collect your personal information only when it is essential for said organization’s ability to deliver its normal day-to-day functions, services, or activities.
NPP 1.2 – Personal information must be collected in a fair and reasonable way.
NPP 1.3 – Organizations are also obligated to provide to the user the following information:
- The organization’s identity and contact details
- Mechanisms by which entities are able to access their own personal data
- Notifications detailing the purpose(s) behind the collection of this information
- Organization(s) that this information may be passed on or disclosed to
- Any law(s) that require the collection of this information
- Consequences for the individual if all or part of the information is not provided
- In addition online organizations may collect sensitive information including health information, only after you have formally provided your consent.
NPP 2.1 – The use and disclosure of your personal information for a secondary purpose is permitted only when the collecting organization(s) have complied in full accordance with certain specific exemption clauses detailed in NPP 2.1
NPP 3 – Online organizations must always ensure (verify) that your personal information is kept currently up-to-date and accurate before it is used.
NPP 4.1 – Requires organizations to take reasonable steps to ensure that your personal information is secured against hackers, malicious code, accidental disclosure etc.
NPP 8 – The Right to Expect – Everybody has the right to expect that organizations will permit anonymous on-line transactions if lawful and/or practical for organizations to do so.
NPP 9 – Personal information can only be exported to countries with adequate privacy protection, or if you have consented, or if other specific conditions are met.
The Office of the Privacy Commissioner (The OPC)
The OPC Website provides much information, advice, and tools designed to assist online users and companies to counteract and avoid hacking and employee theft. It also maintains a list of links and URLs; which users and organizations alike can follow, to a suite of tools designed to protect on-line privacy.
Privacy Impact Assessment (PIA)
Government at all levels & Private Sector Organizations alike can avoid interference(s) with privacy through conducting a Privacy Impact Assessment (PIA) to assist them to analyze the risks to privacy posed by new projects, technologies or rules and to proactively address risks before problems occur.
Unique Identifiers – All communications devices; including Network Interface Cards (NIC), contain a globally unique Media Access Control (MAC) Address which allows for machines to communicate since they can precisely and uniquely define sender and receiver.
Cookies – Cookies are used to collect all sorts of information including our browsing habits and the sites that we visit are placed by 3RD parties onto the individual user’s hard drive. When the user next opens an Internet session these cookies then upload the information that they have collected to the web site or those responsible for placing them on our hard drive.