EDUCATION HIGHLIGHTS FROM THE RECENT iappANZ SUMMIT
An iappANZ Summit was hosted earlier this month in Melbourne, and I suggested to one of our privacy consultants who attended that we share key learnings. Here is a quick summary of the highlighted themes relevant to the Australian education sector: staff education, finding technical-based solutions, investing in in-house privacy resources and, obviously, the importance of consent. I hope you find these highlights interesting:
During her keynote address at the iappANZ Summit in Melbourne earlier this month called ‘Privacy: Handling the Seismic Shift’, Australia’s Privacy Commissioner, Angelene Falk, spoke about the year’s key privacy observations and expectations for the year to come.
She, of course, spoke about her Office’s statistics in relation to data breach notification, which included notification of 16 data breaches in the Education sector during the period 1 July 2018 – 30 September 2018 (8 of which were a result of human error, 7 due to malicious or criminal behaviour and 1 due to system fault). When speaking about the high number of privacy breaches across sectors that involved human error, Ms Falk said that
“[o]rganisations need to promote staff awareness about secure information handling – and look for technological solutions that will assist staff.”
She also referenced the Australian Government Agencies Privacy Code, which imposes particular responsibilities on ‘agencies’ as defined in the Privacy Act 1988. In this context, having an in-house “go to” person for privacy and conducting privacy impact assessments for projects or initiatives involving personal information were particularly relevant… as both suggest a paradigmatic shift in privacy from a standard “tick and flick” compliance-based exercise to one that incorporates a measured and ethical thought process where personal information is concerned.
Ms Falk noted that, although the Code currently only applies to government agencies,
“[t]he requirements of the Code are a good indicator of my expectations… especially in regard to privacy by design.”
Ms Falk also said that she would be focusing this year on meaningful consent and the concept of fairness in the collection, use and disclosure of personal information. She flagged the treatment of children’s information as within the scope of this.
“The practical application of concepts of fairness and the role of consent will be central to the future of privacy in Australia.”
An edited transcript of Ms Falk’s address can be accessed here.