Transcript Future of Privacy Technology

THE TRUST DIMENSION
Malcolm Crompton
International Privacy:
Managing Privacy in a
Global Organisation –
Identity, HR, Security & more
IAPP TRUSTe Symposium: Privacy Futures
Breakout 5.06
San Francisco
11 June 2004
THE TRUST DIMENSION
Take it as read:
Employer has difficult obligations
Fiduciary; brand risks
Discrimination
Complex
Drugs, genetics, email
surveillance
IP, ID theft
THE TRUST DIMENSION
New compliance risks: Asia Pacific region
Review of Australian Employee Record Exemption from
Privacy Act 1988
Inquiry by Victorian Law Reform Commission (Options
Paper due June)
New South Wales promises ban on ‘email spying’ by end
2004
Hong Kong HRM Code of Practice
Hong Kong Consultation Report on Monitoring & Personal
Data Privacy at Work (excellent review)
More Canada employees covered by PIPEDA
THE TRUST DIMENSION
An important recent Court decision in
Australia – Seven Network
(Operations) Limited v Media
Entertainment & Arts Alliance, 21/5/04
Found breaches of elements of Collection
Principle, NPP1, in Privacy Act
– NPP 1.1, Collection limitation – union
collected not necessary for one or
more of its functions
– NPP 1.3 & 1.5, Notice of collection –
not given when collecting information
directly or indirectly on individuals
THE TRUST DIMENSION
A new emerging issue:
Identity Management
A significant response to managing the
employer’s risk, but beware of the new
risks it creates
– Is the ID data itself properly
secured?
– Over reliance on ID itself introduces
new risk
– When does it lead to Big Brother?
THE TRUST DIMENSION
Conclusions
While technology support is essential …
Don’t forget the people dimension
Treat people like suspects & they
behave like suspects
– Trust is essential, so a balance is
needed
www.privacy.gov.au/news/speeches/sp1_04p.pdf
THE TRUST DIMENSION