Earlier this month was Privacy Awareness Week (PAW). We have been involved in PAW events for a number years now, but we have to say that PAW2015 feels quite different.
It has often been said that in our increasing online lives, privacy as we know it will cease to exist – but after attending the PAW2015 launch breakfast on Monday and hearing the panel speak on ‘Privacy – living in the future’, we think the opposite is true. It seems that people value their privacy now more than ever. They know their privacy rights, and they are not afraid to exercise them. In the last year, the number of privacy complaints received by the OAIC has almost doubled. We’re also talking about our privacy a lot more. Large scale data breaches now make news headlines around the world, and in our own backyard we have seen fierce public debate around the privacy implications of our new (and controversial) data retention laws. These conversations, and the fact that events like PAW exist, suggest to us that privacy is anything but dead.
PAW2015 started off with a bang. On Monday, the OAIC announced a landmark decision in which it found that Telstra breached the Privacy Act 1988, by refusing to provide Fairfax journalist Ben Grubb with access to metadata that Telstra stored about him. The decision is an interesting read, and you can find it here. Importantly, the Privacy Commissioner ruled that the metadata, including Internet Protocol (IP) addresses, Uniform Resource Locator (URL) information and cell tower location information, constitutes personal information, which must be treated in accordance with the Australian Privacy Principles.
The Privacy Commissioner addressed the question of whether the metadata sought was information ‘about’ an individual. Telstra argued that the person’s identity was not apparent on the face of the metadata, and as such was not personal information. However, the Privacy Commissioner took the view that through a process of cross-matching different datasets, the individual’s identity could be reasonably ascertained. This interpretation will no doubt have far-reaching consequences, in light of the Government’s mandatory data retention regime. Telstra has been fast to announce that they will appeal the decision.
The OAIC also launched its new Privacy Management Framework, a four step methodology designed to help organisations embed privacy into their business as usual practices, and create a culture of privacy awareness through governance, leadership and accountability. The Privacy Commissioner said he expects all organisations to commit to the Framework, and take a proactive approach to their ongoing privacy obligations.
The theme for PAW2015 is ‘privacy everyday.’ We will certainly be thinking about how we can make privacy an essential part of our everyday, and we encourage you to do the same. We are happy to discuss any privacy questions or concerns you may have.