Australian Privacy Commissioner

• Website exploiting images and personal information of female students
  16 August 2016
  Statement by the Australian Privacy Commissioner, Timothy Pilgrim
  An invasion of privacy such as this is any parents nightmare, and the young women involved deserve every support we can offer.
• My office has a practical guide for parents and teens, to help build strong privacy protections and avoid online privacy risks.
• I encourage parents concerned by this story to visit our website at www.oaic.gov.au for more information.
• Any person who believes their privacy may have been breached can contact my office for confidential assistance on 1300 363 992.

• = Privacy Commissioners reveal the hidden risks of the Internet of Things =
  A global sweep of Internet of Things products has revealed that 71 per cent of devices and services used by Australians did not provide a privacy policy and notices to adequately explain how personal information is collected, used and dis closed.
• The results have been released by the Australian Privacy Commissioner, and fellow international regulators, through the Global Privacy Enforcement Network (GPEN).
• Internet of Things technology is built into all kinds of services like movie streaming, fitness trackers, home appliances and childrens toys.
• But the seamless nature of how these devices collect, store and share user information means that customers are not always fully aware of the privacy risks.
• Accordingly, the 26 privacy enforcement authorities that make up GPEN examined the privacy policies of over 300 businesses around the world, including 45 used by Australian consumers every day.
• The Commissioners office is working with businesses and start-ups to help them better understand their privacy obligations, and creating a range of educational materials on developing and implementing best privacy practices.
• It also avoids the costly exercise of building these privacy frameworks later on, most often after something has already gone wrong.

The OAIC found that some organisations did not make it clear what information would be collected. It was unclear whether a user name, address, phone number, date of birth, phone or browsing history in over a third of the businesses whose privacy communications were looked into.
44 per cent of the devices that the OAIC looked into did not inform users about how their personal information was being safeguarded and what measures were taken to prevent unauthorised access.
The OAIC found that 38 per cent of organisations did not provide a clear means of contacting them to address privacy concerns.
Over 50 per cent of devices in the sweep collected a user’s date of birth, location, address, phone number or a unique device identifier. Over 80 per cent collected a user’s names or email.
49 per cent of devices were felt to not adequately inform users of data protection safeguards.
The global sweep indicated that 38 per cent of devices failed to provide easily identifiable contact details which customers could use if they had privacy concerns
The global sweep found that about 72 per cent of businesses did not clearly explain how a user could delete their personal data from the device or app.

• Panellists at the OAICs de-identification workshop announced
  De-identification is one of the most important, and fastest moving subjects in privacy management right now, and OAIC is soon hosting a workshop on de-identification as a means to protect privacy in data sharing and data analytics projects.
• Were delighted to announce a diverse expert panel who will provide insights into the legal, social, privacy and technical issues of this critical privacy challenge.
• This discussion will further inform our work on providing guidance on de-identification.
• How to register
  When: 9.00am to 12.30pm on Wednesday 16 November 2016
  Where: Crowne Plaza
  Crossings Room
  1 Binara St, Canberra ACT 2601
  Cost: $545 + GST
  Register: Register online using the code OAIC16 for a 20% discounted rate for the workshop.

• Commissioner concludes investigation into Amazing Rentals data breach
  The Australian Privacy Commissioner has finalised inquiries into the data breach involving a consumer rentals business, Amazing Rentals Pty Ltd that is no longer trading.
• Amazing Rentals had customers in the Northern Territory, Caboolture and Toowoomba.
• The Commissioner is confident on the facts available that personal information was mishandled by Amazing Rentals.
• The OAIC then took steps to prevent the information continuing to be publicly accessible and to notify Amazing Rentals former customers of the data breach.