The Oxford Dictionary defines privacy as: "A state in which
one is not observed or disturbed by other people." The
internet, satellite technologies, mobile devices,
hyper-connectivity and big data have already dented the
Can privacy survive the internet?
Edward Snowden's revelations about the lengths to which the
US National Security Agency has gone to access personal data have
already dealt a further blow to the notion of personal privacy.
We are now moving to a new era described by technophiles as the
"internet of things" where not only are people connected
to the internet, so are devices and sensors. It is conceivable that
in the future an in-car sensor will report to an insurance company
when you are driving above the speed limit and modify your premium
in real time.
Nation states, however, cling to the concept of personal privacy
and have implemented a raft of legislation and regulations to
protect consumers and citizens. In March Australia introduced its
updated privacy regime intended to restore some power to the
Previously the OAIC has had only limited powers, but, as any
organisation governed by the APPs needs to understand, that has now
The amended Privacy Act has boosted the powers of the
OAIC, which can assess organisations' privacy compliance,
accept enforceable undertakings and seek civil penalties of up to
$1.7 million if organisations fail to comply.
Sparke Helmore Consultant Janice Nand says proactive enforcement
is likely to be a hallmark of the new privacy regime, providing the
OAIC with "real teeth." While there has always been the
option of negotiating or settling privacy complaints, there is now
the additional incentive to resolve complaints to avoid the risk of
significant penalties for serious or repeated breaches.
Proactive enforcement requires companies to take a more
proactive measures with regard to both information privacy and
computer security. Computer security should be viewed as
privacy's evil twin in the internet era given the heightened
risk of companies and their data being hacked and attacked.
The most recent example of how computer security can compromise
privacy came courtesy of Heartbleed.
Heartbleed was the name given to a security problem that arose
because of a hole in software that can be used to create a secure
layer on the internet. It's this layer that is used for online
purchasing or internet banking. Once that hole was spotted it could
be used to access the encryption keys used to keep everything on
the secure layer private and safe.
Not every organisation used the affected software to build their
secure layer – but those companies that did needed to fix the
hole, then change their encryption keys and tell their users to
change their passwords. Not everyone was quite so proactive.
Consider the approach taken by Dropbox – the information
sharing application used by 275 million people all over the world
and 95 per cent of the ASX 100.
When it found that its systems were affected by Heartbleed,
Dropbox patched the software, changed its encryption keys and then
posted on a company blog a recommendation that Dropbox users change
their passwords. It didn't however send an email to all its
users making that recommendation – if users didn't read
the blog then they didn't know they and their data might be at
Dropbox had ticked the box on compliance – but it
hadn't taken the extra (simple) step that would have boosted
its trust factor.
Businesses that aim to build businesses and trust over the
internet need to develop effective privacy and security cultures.
This is not about posting on a website a huge, impenetrable privacy
policy written in legalese and then ticking a compliance box. To
properly protect privacy organisations need a clear and coherent
that policy is adhered to, and a culture that accepts that it's
not OK to have a quick look at your cousin's
fiancée's records "just in case".
Then, just maybe, privacy can survive the internet.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The legal rights and wrongs of taking photos can be confusing, so what does the law say about photos in a public place?
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).