Australia and New Zealand are both paving the way for some pretty big changes in the way they manage and secure data. Both are looking at updates to their privacy laws; in New Zealand, a Privacy Amendment Bill was put forward in 2018 and had its second reading last month. In Australia, the the Australian Competition and Consumer Commission (ACCC) published its final report following a ‘Digital platforms inquiry’ and recommended a number of updates to the Australian Privacy Act.
Some of the suggestions include:
- Strengthening consent requirements in the Australian Privacy Principles to require express, opt-in consent that is informed, voluntarily-given, current and specific.
- Enabling the erasure of personal information where consumers withdraw their consent and the personal information is no longer required to provide the consumer with a service.
- Increasing penalties for breach of the Privacy Act to at least mirror the penalties for breach of the Australian Consumer Law.
And contained in the New Zealand Privacy Amendment Bill:
- No information may be collected on an individual that isn’t relevant to the purpose of its collection
- Agencies have a responsibility to ensure that identifying information is not used publicly without an individual’s consent
- Mandatory reporting of data breaches and increased penalties for data mismanagement.
No new laws have been announced, but the Australian Government has been consulting on the proposals, with a consultation seeking stakeholder comments (hosted on Citizen Space, I might add) that closed last week, and New Zealand is likely to implement the amendments.
Privacy by design
If you’re reading this in Europe, chances are you’ve come across regulations that are similar to the above since the introduction of GDPR (General Data Protection Regulation) in 2018. These suggestions by the ACCC do seem to indicate a shift towards a more European model of data use and ethics.
Part of Delib’s operation is based in Europe, so we’re well-versed in the intricacies of data management. All our tools are fully data-protection-compliant, but it’s more than that: we believe GDPR mirrors what was already best practice in data and research ethics anyway. Citizen Space, Delib’s flagship platform, was built with ‘privacy by design’ principles, which are recommended by the UK Information Commissioner’s Office. This means that rather than being GDPR-compliant just because it’s the law, we think that protecting user data and privacy, and respecting people’s right to know what information is held on them personally, is the Right Thing To Do.
Data sovereignty & information security
This principle of privacy by design is why we take steps to maintain best practice wherever we can, to apply globally rather than just within the European Union. Because we operate internationally, a frequent concern that we come across is data hosting. Data processing regulations vary across the world, which is why our customers’ data is hosted in the same country from which they operate. It means the data they collect never has to leave their shores (and therefore become subject to another country’s data policies) which saves a lot of potential complication. The way we operate means that no matter which policies your organisation falls under – whether it’s Australian data sovereignty, or Indigenous Data Rights, our tools are trusted and secure.
We also run a tight ship in terms of data security. We operate an Information Security Management System (ISMS) that’s certified to ISO 27001:2013, so all data that we do store is kept extremely safe. Strictly no ‘Password123’ allowed in this establishment!
We know how important it is to maintain good data management as an organisation. That’s why we do, and will continue to do, everything within our capability to equip our customers with the tools to help them do so. Our customers trust us. We’d like to keep it that way.
If you’d like to learn more about what Citizen Space can do for your organisation, book a free demo and we’ll walk you through it.