A matter of confidence : privacy compliance for connected-up enterprises

Governments around the world are increasingly investing in information and communications technology (ICT) as a means of improving service delivery to citizens. Government ICT adoption is also being driven by a desire to streamline information accessibility and information flows within government - both between different levels of government and between different departments at the same level. Increasing the availability of information internally and to citizens has clear and compelling benefits but it also carries risks that must be carefully managed. This talk will examine the implications of such E-government initiatives for a range of compliance obligations, with a focus on information privacy. It will review recent developments in the area of systems-based enforcement of privacy policies and the particular privacy challenges presented by the aggregation of geospatial information.

Money laundering and FATF compliance by the international community

This paper examines the anti-money laundering systems of Australia, the United Arab Emirates (UAE), the United Kingdom (UK) and the United States of America (USA), the extent to which they have implemented the Financial Action Task Force (FATF) recommendations, and how compliance with these recommendations is affected by local cultural and economic factors. The paper makes use of FATF evaluation reports to compare the countries’ compliance; it examines some of the underlying cultural considerations and culture-specific ethical issues that affect the extent of compliance, and how cultural and ethical considerations may affect good governance. The findings indicate that the UK and the USA are the most advanced with regards to their compliance with the FATF recommendations and Australia and the UAE less so. The UAE is in particular found to be least compliant. We relate this finding to previous work on how a country’s legal and financial systems develop in line with its religion, culture and socio-economic situation, and examine how such local factors have affected the UAE’s financial and anti-money laundering and combating the financing of terrorism (AML/CFT) systems. This research will be of interest to policy-makers and government agencies involved in addressing money laundering and its successful detection and prosecution.

Compliance, normality and the patient on peritoneal dialysis

Monitoring and enhancing patient compliance with peritoneal dialysis (PD) is a recurring and problematic theme in the renal literature. A growing body of literature also argues that a failure to understand the patient's perspective of compliance may be contributing to these problems. The aim of this study was to understand the concept of compliance with PD from the patient's perspective. Using the case study approach recommended by Stake (1995), five patients on PD consented to in-depth interviews that explored the meaning of compliance in the context of PD treatment and lifestyle regimens recommended by health professionals. Participants also discussed factors that influenced their choices to follow, disregard, or refine these regimens. Results indicate that health professionals acting in alignment with individual patient needs and wishes, and demonstrating an awareness of the constraints under which patients operate and the strengths they bring to their treatment, may be the most significant issues to consider with respect to definitions of PD compliance and the development of related compliance interventions. Aspects of compliance that promoted relative normality were also important to the participants in this study and tended to result in greater concordance with health professionals' advice.

Serious tax non compliance : motivation and guardianship

This article reviews what international evidence exists on the impact of civil and criminal sanctions upon serious tax noncompliance by individuals. This construct lacks sharp definitional boundaries but includes large tax fraud and large-scale evasion that are not dealt with as fraud. Although substantial research and theory have been developed on general tax evasion and compliance, their conclusions might not apply to large-scale intentional fraudsters. No scientifically defensible studies directly compared civil and criminal sanctions for tax fraud, although one U.S. study reported that significantly enhanced criminal sanctions have more effects than enhanced audit levels. Prosecution is public, whereas administrative penalties are confidential, and this fact encourages those caught to pay heavy penalties to avoid publicity, a criminal record, and imprisonment.

Compliance, peritoneal dialysis and chronic kidney disease : lessons from the literature

Poor patient compliance with peritoneal dialysis (PD) has significant adverse effects on morbidity and mortality rates in individuals with chronic kidney disease (CKD). It also adds to the resource burdens of healthcare services and providers. This paper explores the notion of PD compliance in patients with CKD with reference to the relevant published literature. The analysis of the literature reveals that ‘PD compliance’ is a complex and challenging construct for both patients and health professionals. There is no universal definition of compliance that is widely adopted in practice and research, and therefore a lack of consensus on how to determine ‘compliant’ patient outcomes. There are also multiple and interconnected determinants of PD compliance that are context-bound, which healthcare professionals must be aware of, and which makes producing consensus of measuring PD compliance difficult. The complexity of the interventions required to produce even a modest improvement in PD compliance, which are described in this paper, are significant. Compliance with PD and other treatments for CKD is a multidimensional, context-bound concept, that to date has tended to efface the role and needs of the renal patient. We conclude the paper with the implications for contemporary practice.

A test vehicle for compliance with resilience requirements in index-based e-health systems

Increasingly, national and international governments have a strong mandate to develop national e-health systems to enable delivery of much-needed healthcare services. Research is, therefore, needed into appropriate security and reliance structures for the development of health information systems which must be compliant with governmental and alike obligations. The protection of e-health information security is critical to the successful implementation of any e-health initiative. To address this, this paper proposes a security architecture for index-based e-health environments, according to the broad outline of Australia’s National E-health Strategy and National E-health Transition Authority (NEHTA)’s Connectivity Architecture. This proposal, however, could be equally applied to any distributed, index-based health information system involving referencing to disparate health information systems. The practicality of the proposed security architecture is supported through an experimental demonstration. This successful prototype completion demonstrates the comprehensibility of the proposed architecture, and the clarity and feasibility of system specifications, in enabling ready development of such a system. This test vehicle has also indicated a number of parameters that need to be considered in any national indexed-based e-health system design with reasonable levels of system security. This paper has identified the need for evaluation of the levels of education, training, and expertise required to create such a system.

The impact of the Malaysian code on corporate governance: compliance, institutional investors and stock performance

In 2001, the Malaysian Code on Corporate Governance (MCCG) became an integral part of the Bursa Malaysia Listing Rules, which requires all listed firms to disclose the extent of compliance with the MCCG. Our panel analysis of 440 firms from 1999 to 2002 finds that corporate governance reform in Malaysia has been successful, with a significant improvement in governance practices. The relationship between ownership by the Employees Provident Fund (EPF) and corporate governance has strengthened during the period subsequent to the reform, in line with the lead role taken by the EPF in establishing the Minority Shareholders Watchdog Group. The implementation of MCCG has had a substantial effect on shareholders' wealth, increasing stock prices by an average of about 4.8%. Although there is no evidence that politically connected firms perform better, political connections do have a significantly negative effect on corporate governance, which is mitigated by institutional ownership.

Personal Injuries Proceedings Act 2002, s 32 - Duty to Disclose - consequences of non-disclosure - discretion to excuse non-compliance

In Newson v Aust Scan Pty Ltd t/a Ikea Springwood [2010] QSC 223 the Supreme Court examined the discretion under s 32(2) of the Personal Injuries Proceedings Act 2002 (Qld), to permit a document which has not been disclosed as required by the pre-court procedures under the PIPA to be used in a subsequent court proceeding. This appears to be the first time that the nature and parameters of the discretion have been judicially considered.

Privacy compliance verification in cryptographic protocols

To provide privacy protection, cryptographic primitives are frequently applied to communication protocols in an open environment (e.g. the Internet). We call these protocols privacy enhancing protocols (PEPs) which constitute a class of cryptographic protocols. Proof of the security properties, in terms of the privacy compliance, of PEPs is desirable before they can be deployed. However, the traditional provable security approach, though well-established for proving the security of cryptographic primitives, is not applicable to PEPs. We apply the formal language of Coloured Petri Nets (CPNs) to construct an executable specification of a representative PEP, namely the Private Information Escrow Bound to Multiple Conditions Protocol (PIEMCP). Formal semantics of the CPN specification allow us to reason about various privacy properties of PIEMCP using state space analysis techniques. This investigation provides insights into the modelling and analysis of PEPs in general, and demonstrates the benefit of applying a CPN-based formal approach to the privacy compliance verification of PEPs.

The GST Compliance Costs Of Nonprofit Organisations

On 2 December 1998, the Federal Government tabled their policy paper entitled Regulation Impact Statement for the Introduction of a Goods and Services Tax (RIS) in the House of Representatives. The Federal Government predicted that total gross GST compliance costs to Australian businesses in the first year of implementation would be approximately $1,912 million (or $1,195 per firm). Furthermore, it is estimated that the recurrent net compliance costs will be much lower at $131 per firm. Whilst the government made brief references to charitable organisations in their analysis, it stated that the compliance costs faced by nonprofits would, in substance, be no different to the compliance costs faced by businesses or government departments. This paper examines the RIS process in relation to nonprofit organisations in the context of recent taxation legislation affecting nonprofit organisations. It argues that the assumption that nonprofit compliance costs are similar to government and business costs is flawed and makes a case for the RIS process to be reformed to include more appropriate assessments of the impact of legislation on nonprofit enterprises.

Advance pricing arrangements : an Australian Tax Office success or a legislative failure?

Australia’s domestic income tax legislation and double tax agreements contain transfer pricing rules which are designed to counter the underpayment of tax by businesses engaged in international dealings between related parties. The current legislation and agreements require that related party transactions take place at a value which reflects an arm’s length price, that is, a price which would be charged between unrelated parties. For a host of reasons, it is increasingly difficult for multinational entities to demonstrate that they are transferring goods and services at a price which is reflective of the behaviour of independent parties, thereby making it difficult to demonstrate compliance with the relevant legislation. Further, where an Australian business undertakes cross-border related party transactions there is the risk of an audit by the Australian Tax Office (ATO). If a business wishes to avoid the risk of an audit, and any ensuing penalties, there is one option: an advance pricing arrangement (APA). An APA is an agreement whereby the future transfer pricing methodology to be used to determine the arm’s length price is agreed to by the taxpayer and the relevant tax authority or authorities. The ATO views the APA process as an important part of its international tax strategy and believes that there are complementary benefits provided to both the taxpayer and the ATO. The ATO promotes the APA process on the basis of creating greater certainty for all parties while reducing compliance costs and the risk of audit and penalty. While the ATO regards the APA system as a success, it may be argued that the implementation of such a system is simply a practical solution to an ongoing problem of an inherent failure in both the legislation and ATO interpretation and application of this legislation to provide certainty to the taxpayer. This paper investigates the use of APAs as a solution to the problem of transfer pricing and considers whether they are the success the ATO claims. It is argued that there is no doubt that APAs provide a valuable practical tool for multinational entities facing the challenges of the taxation of global trading under the current transfer pricing regime. It does not, however, provide a long term solution. Rather, the long term solution may be in the form of legislative amendment.

Business Process Data Compliance

Most approaches to business process compliance are restricted to the analysis of the structure of processes. It has been argued that full regulatory compliance requires information on not only the structure of processes but also on what the tasks in a process do. To this end Governatori and Sadiq[2007] proposed to extend business processes with semantic annotations. We propose a methodology to automatically extract one kind of such annotations; in particular the annotations related to the data schema and templates linked to the various tasks in a business process.