Earlier this month was Privacy Awareness Week (PAW). We have been involved in PAW events for a number years now, but we have to say that PAW2015 feels quite different.

It has often been said that in our increasing online lives, privacy as we know it will cease to exist – but after attending the PAW2015 launch breakfast on Monday and hearing the panel speak on ‘Privacy – living in the future’, we think the opposite is true. It seems that people value their privacy now more than ever. They know their privacy rights, and they are not afraid to exercise them. In the last year, the number of privacy complaints received by the OAIC has almost doubled. We’re also talking about our privacy a lot more. Large scale data breaches now make news headlines around the world, and in our own backyard we have seen fierce public debate around the privacy implications of our new (and controversial) data retention laws. These conversations, and the fact that events like PAW exist, suggest to us that privacy is anything but dead.

PAW2015 started off with a bang. On Monday, the OAIC announced a landmark decision in which it found that Telstra breached the Privacy Act 1988, by refusing to provide Fairfax journalist Ben Grubb with access to metadata that Telstra stored about him. The decision is an interesting read, and you can find it here. Importantly, the Privacy Commissioner ruled that the metadata, including Internet Protocol (IP) addresses, Uniform Resource Locator (URL) information and cell tower location information, constitutes personal information, which must be treated in accordance with the Australian Privacy Principles.

The Privacy Commissioner addressed the question of whether the metadata sought was information ‘about’ an individual. Telstra argued that the person’s identity was not apparent on the face of the metadata, and as such was not personal information. However, the Privacy Commissioner took the view that through a process of cross-matching different datasets, the individual’s identity could be reasonably ascertained. This interpretation will no doubt have far-reaching consequences, in light of the Government’s mandatory data retention regime. Telstra has been fast to announce that they will appeal the decision.

The PAW2015 breakfast also gave us some useful insight into what we can expect from the OAIC in the year ahead. The Privacy Commissioner announced the results of the OAIC’s sweep assessment of online privacy policies, which showed there is room for improvement. Of the 20 organisations assessed, more than half failed to meet the basic content requirements set out in the APPs. The Privacy Commissioner indicated that this kind of assessment activity by them is a sign of things to come, so if you haven’t reviewed your organisation’s privacy policy in a while, now’s the time.

The OAIC also launched its new Privacy Management Framework, a four step methodology designed to help organisations embed privacy into their business as usual practices, and create a culture of privacy awareness through governance, leadership and accountability. The Privacy Commissioner said he expects all organisations to commit to the Framework, and take a proactive approach to their ongoing privacy obligations.

The theme for PAW2015 is ‘privacy everyday.’ We will certainly be thinking about how we can make privacy an essential part of our everyday, and we encourage you to do the same. We are happy to discuss any privacy questions or concerns you may have.

Website protection

Your website is a vital asset and tool for the ongoing success of your business. There is nothing worse than Googling your business and finding out that somebody on the internet has copied it. Don’t worry you can protect your website by following these steps:

  1. Check with your IT service provider and/or web developer to see whether there is any way to prevent the copying of your website.
  2. Keep an accurate record of your website’s creation and development, both in hard copy and electronic form, which documents:
    1. the creation of the ideas behind the website;
    2. the creation of the look and feel;
    3. the drafting and preparation of the content of the website;
    4. the creation of your brand.
  3. Check out your website’s history and copy it from the internet archive wayback machine (http://archive.org/)
  4. Regularly search the internet using Google or another internet web-search engine to ensure that no one is copying the content from your website.
  5. If you find that your website has been copied, then you need to:
    1. Make a complete copy, both electronically and in hard copy, of your website on the day that you find the mirror site;
    2. Make a complete copy of the mirror site, both electronically and in hard copy and itemise each breach.
    3. Check out the mirror site on the internet archive wayback machine.
    4. Do a ‘who is’ search to identify who is the licence holder of that website;
    5. Find out who the web hosting company is, and whether there is a take-down notice style mechanism available through the web-hosting company or elsewhere under the local law which governs the operation of the mirror site.
    6. Find out if the owner of the mirror site has any presence or assets where you are located (i.e. in Australia), and also where it is located if overseas.
    7. Gather all your information and forward it to me to review so I can start the process to takedown the mirror site.

Recently a client was thinking of expanding his business overseas into the Asian market. He found that a competitor based in Singapore had set up a website which was a mirror image of his business’s website, save for the business name. Naturally, our client was incensed by his competitor’s actions, copied both his site and the mirror site and sent it to us for immediate action. In this instance, following the tips above and a little legal mumbo-jumbo, we were able to have that website taken down and replaced within 7 days with the website for the competitor which was no longer a mirror image of our client’s website.