Government’s privacy review has some strong recommendations – now we really need action

Attorney-General Mark Dreyfus yesterday released a report with 30 proposals for updating Australia’s privacy regime. The proposals are practical, necessary and overdue. However, they are just proposals, which have been made several times in the past before disappearing into the “too hard basket” of the Australian, state and territory governments.
We can expect to see lots of noise about specific proposals and hope the Albanese government (copied by state/territory counterparts) gives us the legislation we need. Read More

I’ve given out my Medicare number. How worried should I be about the latest Optus data breach?

Medicare card numbers are the latest personal details to be exposed as part of the Optus data breach. Optus has confirmed this affects 14,900 valid Medicare numbers that have not expired, and a further 22,000 expired card numbers. But this isn’t the first time Australians’ Medicare numbers have been exposed. And some privacy and cybersecurity experts have long been concerned about the security of our health data. Here’s what you can do if you’re concerned about the latest Medicare breach, and what needs to happen next. Read More

Towards a post-privacy world: proposed bill would encourage agencies to widely share your data

The federal government has announced a plan to increase the sharing of citizen data across the public sector.

This would include data sitting with agencies such as Centrelink, the Australian Tax Office, the Department of Home Affairs, the Bureau of Statistics and potentially other external “accredited” parties such as universities and businesses.

The draft Data Availability and Transparency Bill released today will not fix ongoing problems in public administration. It won’t solve many problems in public health. It is a worrying shift to a post-privacy society.

It’s a matter of arrogance, rather than effectiveness. It highlights deficiencies in Australian law that need fixing. Read More

Keep calm, but don’t just carry on: how to deal with China’s mass surveillance of thousands of Australians

Recent news that Chinese company Zhenhua Data is profiling more than 35,000 Australians isn’t a surprise to people with an interest in privacy, security and social networks. We need to think critically about this, knowing we can do something to prevent it from happening again.

The company operates under Chinese law and doesn’t appear to have a presence in Australia. That means we can’t shut it down or penalise it for a breach of our law. Also, Beijing is unlikely to respond to expressions of outrage from Australia or condemnation by our government – especially amid recent sabre-rattling.

Zhenhua is reported to have data on more than 35,000 Australians – a list saturated by political leaders and prominent figures. Names, birthdays, addresses, marital status, photographs, political associations, relatives and social media account details are among the information extracted. Read More

Let’s face it, we’ll be no safer with a national facial recognition database

A commitment to share the biometric data of most Australians – including your driving licence photo – agreed at Thursday’s Council of Australian Governments (COAG) meeting will result in a further erosion of our privacy.
That sharing is not necessary. It will be costly. But will it save us from terrorism? Not all, although it will give people a false sense of comfort. Read More

Assassination by pacemaker: Australia needs to do more to regulate internet-connected medical devices

Wireless medical devices need greater security than, say, an internet-connected fridge. We need to ensure that information provided by the devices is safeguarded and that control of the devices – implantable or otherwise – is not compromised. Australia’s Therapeutic Goods Administration must learn to deal with software and cybersecurity, rather than simply bits of metal and plastic. Read More