392 resultados para Privacy Act 1988 (Cth)
Resumo:
Mandatory data breach notification laws are a novel and potentially important legal instrument regarding organisational protection of personal information. These laws require organisations that have suffered a data breach involving personal information to notify those persons that may be affected, and potentially government authorities, about the breach. The Australian Law Reform Commission (ALRC) has proposed the creation of a mandatory data breach notification scheme, implemented via amendments to the Privacy Act 1988 (Cth). However, the conceptual differences between data breach notification law and information privacy law are such that it is questionable whether a data breach notification scheme can be solely implemented via an information privacy law. Accordingly, this thesis by publications investigated, through six journal articles, the extent to which data breach notification law was conceptually and operationally compatible with information privacy law. The assessment of compatibility began with the identification of key issues related to data breach notification law. The first article, Stakeholder Perspectives Regarding the Mandatory Notification of Australian Data Breaches started this stage of the research which concluded in the second article, The Mandatory Notification of Data Breaches: Issues Arising for Australian and EU Legal Developments (‘Mandatory Notification‘). A key issue that emerged was whether data breach notification was itself an information privacy issue. This notion guided the remaining research and focused attention towards the next stage of research, an examination of the conceptual and operational foundations of both laws. The second article, Mandatory Notification and the third article, Encryption Safe Harbours and Data Breach Notification Laws did so from the perspective of data breach notification law. The fourth article, The Conceptual Basis of Personal Information in Australian Privacy Law and the fifth article, Privacy Invasive Geo-Mashups: Privacy 2.0 and the Limits of First Generation Information Privacy Laws did so for information privacy law. The final article, Contextualizing the Tensions and Weaknesses of Information Privacy and Data Breach Notification Laws synthesised previous research findings within the framework of contextualisation, principally developed by Nissenbaum. The examination of conceptual and operational foundations revealed tensions between both laws and shared weaknesses within both laws. First, the distinction between sectoral and comprehensive information privacy legal regimes was important as it shaped the development of US data breach notification laws and their subsequent implementable scope in other jurisdictions. Second, the sectoral versus comprehensive distinction produced different emphases in relation to data breach notification thus leading to different forms of remedy. The prime example is the distinction between market-based initiatives found in US data breach notification laws compared to rights-based protections found in the EU and Australia. Third, both laws are predicated on the regulation of personal information exchange processes even though both laws regulate this process from different perspectives, namely, a context independent or context dependent approach. Fourth, both laws have limited notions of harm that is further constrained by restrictive accountability frameworks. The findings of the research suggest that data breach notification is more compatible with information privacy law in some respects than others. Apparent compatibilities clearly exist as both laws have an interest in the protection of personal information. However, this thesis revealed that ostensible similarities are founded on some significant differences. Data breach notification law is either a comprehensive facet to a sectoral approach or a sectoral adjunct to a comprehensive regime. However, whilst there are fundamental differences between both laws they are not so great to make them incompatible with each other. The similarities between both laws are sufficient to forge compatibilities but it is likely that the distinctions between them will produce anomalies particularly if both laws are applied from a perspective that negates contextualisation.
Resumo:
This thesis considers whether the Australian Privacy Commissioner's use of its powers supports compliance with the requirement to 'take reasonable steps' to protect personal information in National Privacy Principle 4 of the Privacy Act 1988 (Cth). Two unique lenses were used. First, the Commissioner's use of powers was assessed against the principles of transparency, balance and vigorousness and secondly against alignment with an industry practice approach to securing information. Following a comprehensive review of publicly available materials, interviews and investigation file records, this thesis found that the Commissioner's use of his powers has not been transparent, balanced or vigorous, nor has it been supportive of an industry practice approach to securing data. Accordingly, it concludes that the Privacy Commissioner's use of its regulatory powers is unlikely to result in any significant improvement to the security of personal information held by organisations in Australia.
Resumo:
US state-based data breach notification laws have unveiled serious corporate and government failures regarding the security of personal information. These laws require organisations to notify persons who may be affected by an unauthorized acquisition of their personal information. Safe harbours to notification exist if personal information is encrypted. Three types of safe harbour have been identified in the literature: exemptions, rebuttable presumptions and factors. The underlying assumption of exemptions is that encrypted personal information is secure and therefore unauthorized access does not pose a risk. However, the viability of this assumption is questionable when examined against data breaches involving encrypted information and the demanding practical requirements of effective encryption management. Recent recommendations by the Australian Law Reform Commission (ALRC) would amend the Privacy Act 1988 (Cth) to implement a data breach scheme that includes a different type of safe harbour, factor based analysis. The authors examine the potential capability of the ALRC’s proposed encryption safe harbour in relation to the US experience at the state legislature level.
Resumo:
The advent of data breach notification laws in the United States (US) has unearthed a significant problem involving the mismanagement of personal information by a range of public and private sector organisations. At present, there is currently no statutory obligation under Australian law requiring public or private sector organisations to report a data breach of personal information to law enforcement agencies or affected persons. However, following a comprehensive review of Australian privacy law, the Australian Law Reform Commission (ALRC) has recommended the introduction of a mandatory data breach notification scheme. The issue of data breach notification has ignited fierce debate amongst stakeholders, especially larger private sector entities. The purpose of this article is to document the perspectives of key industry and government representatives to identify their standpoints regarding an appropriate regulatory approach to data breach notification in Australia.
Resumo:
Consumer personal information is now a valuable commodity for most corporations. Concomitant with increased value is the expansion of new legal obligations to protect personal information. Mandatory data breach notification laws are an important new development in this regard. Such laws require a corporation that has suffered a data breach, which involves personal information, such as a computer hacking incident, to notify those persons who may have been affected by the breach. Regulators may also need to be notified. Australia currently does not have a mandatory data breach notification law but this may be about to change. The Australian Law Reform Commission has suggested that a data breach notification scheme be implemented through the Privacy Act 1988 (Cth). However, the notification of data breaches may already be required under the continuous disclosure regime stipulated by the Corporations Act 2001 (Cth) and the Australian Stock Exchange (ASX) Listing Rules. Accordingly, this article examines whether the notification of data breaches is a statutory requirement of the existing continuous disclosure regime and whether the ASX should therefore be notified of such incidents.
Resumo:
Mandatory data breach notification has become a matter of increasing concern for law reformers. In Australia, this issue was recently addressed as part of a comprehensive review of privacy law conducted by the Australian Law Reform Commission (ALRC) which recommended a uniform national regime for protecting personal information applicable to both the public and private sectors. As in all federal systems, the distribution of powers between central and state governments poses problems for national consistency. In the authors’ view, a uniform approach to mandatory data breach notification has greater merit than a ‘jurisdiction specific’ approach epitomized by US state-based laws. The US response has given rise to unnecessary overlaps and inefficiencies as demonstrated by a review of different notification triggers and encryption safe harbors. Reviewing the US response, the authors conclude that a uniform approach to data breach notification is inherently more efficient.
Resumo:
The fundamental personal property rule – no one can transfer a better title to property than they had – is subject to exceptions in the Sale of Goods legislation, which aim to protect innocent buyers who are deceived by a seller’s apparent physical possession of property. These exceptions cover a limited range of transactions and are restrictive in their operation. Australia now has national legislation - the Personal Property Securities Act 2009 (Cth) - which will apply to many transactions outside the scope of the Sale of Goods Act and which includes rules for sales by non-owners which will provide exceptions to the nemo dat quod non habet rule for many common commercial transactions. This article explores the effect of the Personal Property Securities Act 2009 (Cth) on the Sale of Goods exceptions, explains that the new provisions are so wide that there is little continuing relevance for the Sale of Goods Act exceptions, and indicates where they may still apply.
Resumo:
Australia has new national legislation - the Personal Property Securities Act 2009 (Cth) and the Personal Property Securities Regulations 2010 – which is expected to commence operating in February 2012. Previous personal property securities legislation was very complex, with more than seventy pieces of legislation in the states and territories, and more than forty registers. This reform package is the culmination of a process that began many years ago and various drafts have been the subject of much investigation and consultation. This legislation rationalises previous laws and bring about substantial changes to this area of law. This paper seeks to explain the principal changes and their implications.
Resumo:
Australia has new national legislation - the Personal Property Securities Act 2009 (Cth) and the Personal Property Securities Regulations 2010 – which commenced operation on 30 January 2012. Previous personal property securities legislation was very complex, with more than seventy pieces of legislation in the states and territories, and more than forty registers. This reform package is the culmination of a process that began many years ago and various drafts have been the subject of much investigation and consultation. This legislation rationalises previous laws and bring about substantial changes to this area of law. This paper seeks to explain the principal changes and their implications.
Resumo:
Australia has new national legislation - the Personal Property Securities Act 2009 (Cth) and the Personal Property Securities Regulations 2010 – which commenced operation on 30 January 2012. The policy objectives of the new legislation are to increase certainty and consistency and to reduce complexity and cost. To achieve this, the legislation treats like transactions alike, by focusing on substance over form, and so removes distinctions between security interests which have been based on their structure. Differences based on the location or nature of the secured property and the debtor’s legal form, as an individual or company, have also disappeared. We now have one single national scheme and one national electronic registration system for all security interests throughout Australia. The Act applies to security interests in tangible and intangible personal property, including those based on some form of title retention which are not security interests under the general law. This legislation rationalises previous laws and bring about substantial changes to this area of law. This paper seeks to explain the principal changes and their implications.
Resumo:
In Hill v Robertson Suspension Systems Pty Ltd [2009] QDC 165 McGill DCJ considered the procedural requirements for the service of originating process on a company, and for proving that service for the purpose of obtaining default judgment.The judge’s views adopt a strict and technical construction of the requirements for an affidavit of service under r 120(1)(b). Though clearly obiter, they may well affect the approach taken on applications to enter or set aside default judgments in the lower courts. Pending further judicial consideration of the issue, it is suggested the prudent course is to ensure that the deponent of an affidavit for service effected under s 109X(1)(a) of the Act deposes not only to the location of the registered office of the company but also, at a minimum, provides the source of that information.
Resumo:
This thesis examines the role of government as proprietor, preserver and user of copyright material under the Copyright Act 1968 (Cth) and the policy considerations which Australian law should take into account in that role. There are two recurring themes arising in this examination which are significant to the recommendations and conclusions. The first is whether the needs and status of government should be different from private sector institutions, which also obtain copyright protection under the law. This theme stems from the 2005 Report on Crown Copyright by the Copyright Law Review Committee and the earlier Ergas Committee Report which are discussed in Chapters 2 and 8 of this thesis. The second is to identify the relationship between government copyright law and policy, national cultural policy and fundamental governance values. This theme goes to the essence of the thesis. For example, does the law and practice of government copyright properly reflect technological change in the way we now access and use information and does it facilitate the modern information management principles of government? Is the law and practice of government copyright consistent with the greater openness and accountability of government? The thesis concludes that government copyright law and practice in each of the three governmental roles recognised under the Copyright Act 1968 has not responded adequately to the information age and to the desire and the ability of individuals to access information quickly and effectively. The solution offered in this thesis is reform of the law and of public policy that is in step with access to information policy, the promotion of better communication and interaction with the community, and the enhanced preservation of government and private copyright materials for reasons of government accountability, effective administration and national culture and heritage.
Resumo:
This thesis examines the effectiveness of offences in the Copyright Act 1968 (Cth) in the online environment. The application of social norm theories suggests that the offences will be ineffective in creating an effective deterrent to non-commercial copyright infringement.