Open Letter: Frontier software data breach and Ambulance SA data breach

This open letter from the Australian Privacy Foundation (APF) primarily responds to the recent Frontier software data breach, which rapidly followed on the heels of knowledge about the Ambulance SA data breach. As of yet, no publicly available response or remedial follow up has occurred in the context of the Ambulance breach, nor have affected individuals been contacted about the data loss. Read More

Kiss your privacy goodbye when you use an ambulance? The Australian Privacy Foundation says No.

People in South Australia need real answers and real responses to yet another data breach. The SA Ambulance Service has disclosed that the personal details of 28,000 patients have been stolen. Those details include people’s name, date of birth, age, address, and in some cases, their pension number and health notes. Juanita Fernando, chair of the Australian Privacy Foundation’s (APF’s) Health Committee said, “That’s prime fodder for identity theft and something we all need to take seriously.” The Ambulance Service says the data was on a storage device that was stolen from a consultancy firm in July. The consultants had apparently held the data since the early 2000s. Read More

Victorian information sharing Bill a threat to privacy

The Victorian Government’s Health Legislation Amendment (Information Sharing) Bill 2021 was rushed through its first parliamentary vote on 14 October 2021, raising many unanswered questions for patients and health care professionals in that state. Put plainly, this legislation allows agents of the Victorian Government a complete record of every Victorian person’s most sensitive and private information. The powers embodied in the Bill are unprecedented. Why does the Victorian Government need to harvest and store such a rich database of patient information? Read More

A new proposed privacy code promises tough rules and $10 million penalties for tech giants

This week the federal government announced proposed legislation to develop an online privacy code (or “OP Code”) setting tougher privacy standards for Facebook, Google, Amazon and many other online platforms. These companies collect and use vast amounts of consumers’ personal data, much of it without their knowledge or real consent, and the code is intended to guard against privacy harms from these practices. The higher standards would be backed by increased penalties for interference with privacy under the Privacy Act and greater enforcement powers for the federal privacy commissioner. However, relevant companies are likely to try to avoid obligations under the OP Code by drawing out the process for drafting and registering the code. They are also likely to try to exclude themselves from the code’s coverage, and argue about the definition of “personal information”. Read More

Attorney General’s Department releases discussion paper on reform to the Privacy Act 1988

On 25 October the Attorney General’s Department released its long awaited Privacy Act Review Discussion paper (the “Paper”). It is far from comprehensive. It avoids making recommendations about a statutory tort of privacy. Rather it continues the continual policy loop as governments of every persuasion push this issue into further review, then consultation then bury it in a report and then hope it goes away until it is recommended or otherwise finds itself before the Government. It has been a hugely expensive, time intensive waste of time. Read More

The government wants to expand the ‘digital identity’ system that lets Australians access services. There are many potential pitfalls

The federal government has been asking the public for feedback on proposed legislation to create a “trusted digital identity” system. The aim is for Australians to use it to prove their identity when accessing public services. But what will a national digital identity system actually involve, who will it serve, and if we need it, how should it be implemented? Read More

Too late? The new normal, State government slurps up all patient information.

The Victorian government’s “Health Legislation Amendment (Information Sharing) Bill 2021” was hurried through its first Parliamentary vote last week. The Bill links all patient medical and health information through a single portal, to be shared between authorised end-users, decided and controlled by the Secretary of the Department of Health. The powers embodied in the Bill are unprecedented, threatening patient-doctor confidentiality, risking health and wellness should some individuals decide not to seek clinical attention for potentially life threatening or serious illnesses and conditions. Read More

Vaccination status – when your medical information is private and when it’s not

We value the idea that our medical information is private and subject to special protection and that our doctor can’t freely share it with others. Yet suddenly, it seems we might be asked to hand over information about our vaccination status in many different situations.
It might be so we can keep doing our job, go into shops and restaurants or travel. It might make us uneasy. But can we refuse to tell others our vaccination status on privacy grounds? What does the law in Australia say about who can ask for it, and why, and what they can do with it? Read More