How We Think

Data breaches – in this day and age, who hasn’t been on the wrong side of one? Their sheer frequency, from large-scale attacks like Optus and Medibank, to the now-regular drip of phone notifications for compromised passwords, has created a sense of grim normality. Arguably, data breaches are ‘the norm’ – if you consider that 9.7 million people (more than one in three Australians) had their personal data exposed in the Medibank breach. But those facts should not breed complacency, especially for organisations that handle personal information as part of their day-to-day operations. It is crucial for these organisations to understand and actively implement all ‘reasonable steps,’ including cybersecurity measures, to protect Australians’ personal data.

For those of us with an interest in spy and thriller movies where they track down people in near real time using facial recognition technology (FRT), Australia’s Privacy Commissioner brought that issue ‘home’ in a landmark determination against much-loved Aussie home and hardware store, Bunnings Group. According to the Office of the Australian Information Commissioner (OAIC), Bunnings had not received meaningful consent to use FRT so as to compare hundreds of thousands of customers’ images of individuals who’d been observed stealing or had been violent or threatening towards staff.

Federal agencies must carefully choose ERP systems, ensuring competition, strategic evaluation, and long-term efficiency.

Australian government agencies are moving to the cloud at full speed, driven by the need for better service delivery, scalability and digital transformation.  With initiatives like the Secure Cloud Strategy, the Cloud Computing Policy and the new APS ERP approach, cloud-based services are being embraced with gusto across the public service.

Government has, understandably, sought to ensure service providers act ethically and do not engage in practices that can be considered unethical. That raises the ethical question – can and should consultants working within an agency use information gleaned from that agency? Stated another way, are we letting the foxes have the run of the chicken coop? The simple answer to that question is – there is no simple answer to that question.

For those following Australia’s long-and-winding road to privacy reform, it’s truly been a marathon rather than a sprint. The starter’s gun (officially) fired in October 2020 with an Issues Paper that reviewed the Commonwealth Privacy Act, 1988 followed by a Discussion Paper in late 2021, and then picked up pace with the Privacy Act Review Report in February 2023, with more than 100 reform recommendations. In November 2023, the Commonwealth Government’s Response to the Privacy Act Review Report agreed or agreed-in-principle to almost all of those recommendations. And on Parliament’s last sitting day for 2024, the reforms finally crossed the finished line, with the Senate’s passage of the Privacy and Other Legislation Amendment Bill 2024 (2024 Privacy Bill). Spoiler alert, the 2024 Privacy Bill was only the first leg on the journey – and it contained less than a quarter of all the proposed privacy reforms. Despite that fact, the first tranche of privacy reforms do pack a punch – and in ways that may not be readily apparent.