Inconsistencies a stumbling block to Aussies' data privacy: cyber security experts
Research news
The fragmentation of data privacy, data security and data sharing regimes across Australia is one of the biggest risks to Australians' data privacy, claims a leading Australian cyber security expert, Damien Manuel, Director of Deakin University's The Centre for Cyber Resilience and Trust (CREST)
"We have identified a growing need to adapt and adjust Australia’s privacy regime to cope with new and emerging technologies," Mr Manuel said.
In Privacy Awareness Week (3-7 May), Mr Manuel has said Australia's fragmented approach reflects the speed of data adoption and dependency across the country and the globe, which is only likely to accelerate.
"Now that digital technology plays such a significant role in our everyday lives and we are ever-more dependent on data and information, we need stronger measures to safeguard us," he said. “But the inconsistencies can be corrected."
The CREST's submission to the Attorney General’s Department’s Privacy Act Review in November, which was headed by Associate Professor Shiri Krebs, emphasised that the Act needs to protect Australian residents' data and data privacy, while also enabling Australian businesses to improve their levels of compliance with privacy principles and regulations.
Amongst a range of recommendations, the submission argues that Australia needs to "harmonise" its various data privacy regimes to reduce the growing complexity of multiple legal regimes, which presents "difficult and laborious tasks to those entrusted with data privacy responsibilities".
"As just one example of how Australians' privacy is threatened by this fragmentation, the definition of 'personal information' differs across Australian states and territories," Mr Manuel said.
Associate Professor Krebs, who runs the CREST’s Law, Regulation and Strategic Policy research division, suggested that in Australia, harmonisation could be achieved through the additional development of a Unified Data Protection Code and a central Digital Data Authority; and through harmonising data protection legislation in Australia to apply to both public and private sector entities at the federal, state and territory levels.
"Harmonised central coordination and oversight of digital data privacy, as well as consistent definitions across all digital data protection regimes, would greatly benefit Australian entities," Associate Professor Krebs said.
"The privacy rules change depending on the size of the entity you are dealing with, whether it is state or Federal government and the possible application of a diverse set of exceptions. The area is about to get more complex as the Consumer Data Rights regime applies privacy style protections to businesses' information associated with corporate customers," added Patrick Fair, an Industry Professor with Deakin.
The laws regulating camera surveillance, listening, tracking devices and computer monitoring also need to be brought into line.
"The UK has taken a similar approach, with the House of Lords Select Committee on communications recently recommending establishing a nationwide digital authority to oversee all digital activities and regulations coherently, and the EU’s General Data Protection Regulation (GDPR) serves as a good example for a privacy and data protection harmonization process within the European Union."
Industry Professor EJ Wise from WiseLaw Cyber Consulting and CREST said privacy should be of great concern to the public.
"When it comes to privacy, imagine using public restrooms with transparent walls. Feel uncomfortable?" she said.
"That’s how you should feel every time you give your information to another person or entity whose policies you do not know. You may be indifferent to the profits made by faceless corporate giants from your data, but do you feel the same way about them exploiting your children’s or parents’ information?"
In this context, Mr Manuel added "consumers of free services like social media platforms like Facebook often fail to realise that those services are free as the user of the service is the actual product, being commercialised and exploited to a degree as their information is sold to other organisations, including marketing firms".
The Centre for Cyber Resilience and Trust (CREST)
Based within Deakin's Faculty of Science, Engineering and Built Environment, the CREST takes a holistic approach to cyber security – addressing technological and human aspects of cyber security, as well as law, regulations and policy. It offers a unique cyber ecosystem that provides the full spectrum of education, research and translation across all relevant disciplines.
The cyber eco-system includes CREST, CyRise – the Southern Hemisphere’s only dedicated cyber security accelerator, the Institute for Intelligent Systems Research and Innovation (IISRI), Deakin Energy, the Applied Artificial Intelligence Institute (A2I2) and the Centre for Supply Chain and Logistics.
Deakin's business partners in cyber security include companies like DXC Technology, NTT, Cyber CX, PWC and Deloitte, through to global automotive companies, defence and government agencies.
Learn more:
Share this story
Key Fact
Damien Manuel, Director of Deakin University's The Centre for Cyber Resilience and Trust (CREST)