The mandatory notification of data breaches : issues arising for Australian and EU legal developments

Public and private sector organisations are now able to capture and utilise data on a vast scale, thus heightening the importance of adequate measures for protecting unauthorised disclosure of personal information. In this respect, data breach notification has emerged as an issue of increasing importance throughout the world. It has been the subject of law reform in the United States and in other jurisdictions. This article reviews US, Australian and EU legal developments regarding the mandatory notification of data breaches. The authors highlight areas of concern based on the extant US experience that require further consideration in Australia and in the EU.

Submission to Victorian Parliamentary Committee on Economic Development and Infrastructure

In the networked information driven world that we now inhabit the ability to access and reuse information, data and culture is a key ingredient to social, economic and cultural innovation. As government holds enormous amounts of publicly funded material that can be released to the public without breaching the law it should move to implement policies that will allow better access to and reuse of that information, knowledge and culture. The Queensland Government Information Licensing Framework (GILF) Project4 is one of the first projects in the world to systemically approach this issue and should be consulted as a best practice model.

Data breach notification law in the EU and Australia : where to now?

Mandatory data breach notification laws have been a significant legislative reform in response to unauthorized disclosures of personal information by public and private sector organizations. These laws originated in the state-based legislatures of the United States during the last decade and have subsequently garnered worldwide legislative interest. We contend that there are conceptual and practical concerns regarding mandatory data breach notification laws which limit the scope of their applicability, particularly in relation to existing information privacy law regimes. We outline these concerns here, in the light of recent European Union and Australian legal developments in this area.

Enabling access to and re-use of publicly funded research data as Open Educational Resources : a strategy for overcoming the legal barriers to data access and re-use

Open Educational Resources (OER) are teaching, learning and research materials that have been released under an open licence that permits online access and re-use by others. The 2012 Paris OER Declaration encourages the open licensing of educational materials produced with public funds. Digital data and data sets produced as a result of scientific and non-scientific research are an increasingly important category of educational materials. This paper discusses the legal challenges presented when publicly funded research data is made available as OER, arising from intellectual property rights, confidentiality and information privacy laws, and the lack of a legal duty to ensure data quality. If these legal challenges are not understood, addressed and effectively managed, they may impede and restrict access to and re-use of research data. This paper identifies some of the legal challenges that need to be addressed and describes 10 proposed best practices which are recommended for adoption to so that publicly funded research data can be made available for access and re-use as OER.

Legal issues related to Accountable-eHealth systems in Australia

Information privacy requirements of patients and information requirements of healthcare providers (HCP) are competing concerns. Reaching a balance between these requirements have proven difficult but is crucial for the success of eHealth systems. The traditional approaches to information management have been preventive measures which either allow or deny access to information. We believe that this approach is inappropriate for a domain such as healthcare. We contend that introducing information accountability (IA) to eHealth systems can reach the aforementioned balance without the need for rigid information control. IA is a fairly new concept to computer science, hence; there are no unambiguously accepted principles as yet. But the concept delivers promising advantages to information management in a robust manner. Accountable-eHealth (AeH) systems are eHealth systems which use IA principles as the measure for privacy and information management. AeH systems face three main impediments; technological, social and ethical and legal. In this paper, we present the AeH model and focus on the legal aspects of AeH systems in Australia. We investigate current legislation available in Australia regarding health information management and identify future legal requirements if AeH systems are to be implemented in Australia.

Reforming FOI : time for a new model?

The article discusses the recent developments on Freedom of Information or FOI in Queensland. It mentions the recent calls for a new FOI model, pointing to a radical departure from the old FOI template and the emergence of a significantly different FOI regime. Two of these reforms are the Right to Information Bill 2009 or RTI and the Information Privacy Bill 2009 or IP. It also mentions the new FOI Public Interest Test under the RTI Act.

The Growing Pains of Data Breach Notification Law

Mandatory data breach notification laws are a novel statutory solution in relation to organizational protections of personal information. They require organizations which have suffered a breach of security involving personal information to notif'y those persons whose information may have been affected. These laws originated in the state based legislatures of the United States during the last decade and have subsequently garnered worldwide legislative interest. Despite their perceived utility, mandatory data breach notification laws have several conceptual and practical concems that limit the scope of their applicability, particularly in relation to existing information privacy law regimes. We outline these concerns, and in doing so, we contend that while mandatory data breach notification laws have many useful facets, their utility as an 'add-on' to enhance the failings of current information privacy law frameworks should not necessarily be taken for granted.

Assessing the suitability of existing spatial data for disaster planning and mitigation in Queensland

The Council of Australian Governments (COAG) in 2003 gave in-principle approval to a best-practice report recommending a holistic approach to managing natural disasters in Australia incorporating a move from a traditional response-centric approach to a greater focus on mitigation, recovery and resilience with community well-being at the core. Since that time, there have been a range of complementary developments that have supported the COAG recommended approach. Developments have been administrative, legislative and technological, both, in reaction to the COAG initiative and resulting from regular natural disasters. This paper reviews the characteristics of the spatial data that is becoming increasingly available at Federal, state and regional jurisdictions with respect to their being fit for the purpose for disaster planning and mitigation and strengthening community resilience. In particular, Queensland foundation spatial data, which is increasingly accessible by the public under the provisions of the Right to Information Act 2009, Information Privacy Act 2009, and recent open data reform initiatives are evaluated. The Fitzroy River catchment and floodplain is used as a case study for the review undertaken. The catchment covers an area of 142,545 km2, the largest river catchment flowing to the eastern coast of Australia. The Fitzroy River basin experienced extensive flooding during the 2010–2011 Queensland floods. The basin is an area of important economic, environmental and heritage values and contains significant infrastructure critical for the mining and agricultural sectors, the two most important economic sectors for Queensland State. Consequently, the spatial datasets for this area play a critical role in disaster management and for protecting critical infrastructure essential for economic and community well-being. The foundation spatial datasets are assessed for disaster planning and mitigation purposes using data quality indicators such as resolution, accuracy, integrity, validity and audit trail.

Demonstrating accountable-eHealth systems

The security and privacy of patient information is one of the biggest hindrances to the wide adoption of eHealth systems. For eHealth systems to be successful they must provide protection for patients’ privacy while ensuring healthcare professionals are able to access the information necessary to provide appropriate care. Accountable-eHealth systems are a proposed solution to these potentially competing concerns by enforcing appropriate use and after-the-fact accountability measures. We have developed a Web-based prototype to demonstrate scenarios of how both appropriate and inappropriate use of patient information would be handled in an Accountable-eHealth system.

Consumer acceptance of Accountable-eHealth systems

In this paper, we present the results of a survey conducted to measure the attitudes of the consumers of eHealth towards Accountable-eHealth systems which are designed for information privacy management. A research model is developed that can identify the factors contributing to system acceptance and is validated using quantitative data from 187 completed survey responses from university students studying non-health related courses at a university in Queensland, Australia. The research model is validated using structural equation modelling and can be used to identify how specific characteristics of Accountable-eHealth systems would affect their overall acceptance by future eHealth consumers.

Implementing a new genre of eHealth system in a reticent environment

This tutorial primarily focuses on the social aspects of implementing a novel eHealth systems called Accountable-eHealth (AeH) systems. The main focus of AeH systems is mitigating information privacy concerns whilst facilitating appropriate access to information for users, and is based on the principles of information accountability (IA).

Adoption of accountable-eHealth systems by future healthcare professionals: An empirical research model based on the Australian context

This paper provides a first look at the acceptance of Accountable-eHealth systems, a new genre of eHealth systems, designed to manage information privacy concerns that hinder the proliferation of eHealth. The underlying concept of AeH systems is appropriate use of information through after-the-fact accountability for intentional misuse of information by healthcare professionals. An online questionnaire survey was utilised for data collection from three educational institutions in Queensland, Australia. A total of 23 hypothesis relating to 9 constructs were tested using a structural equation modelling technique. A total of 334 valid responses were received. The cohort consisted of medical, nursing and other health related students studying at various levels in both undergraduate and postgraduate courses. The hypothesis testing disproved 7 hypotheses. The empirical research model developed was capable of predicting 47.3% of healthcare professionals’ perceived intention to use AeH systems. A validation of the model with a wider survey cohort would be useful to confirm the current findings.

An insight into the adoption of accountable-eHealth systems: n empirical research model based on the Australian context

This paper provides a first look at the acceptance of Accountable-eHealth (AeH) systems–a new genre of eHealth systems designed to manage information privacy concerns that hinder the proliferation of eHealth. The underlying concept of AeH systems is appropriate use of information through after-the-fact accountability for intentional misuse of information by healthcare professionals. An online questionnaire survey was utilised for data collection from three educational institutions in Queensland, Australia. A total of 23 hypotheses relating to 9 constructs were tested using a structural equation modelling technique. The moderation effects on the hypotheses were also tested based on six moderation factors to understand their role on the designed research model. A total of 334 valid responses were received. The cohort consisted of medical, nursing and other health related students studying at various levels in both undergraduate and postgraduate courses. Hypothesis testing provided sufficient data to accept 7 hypotheses. The empirical research model developed was capable of predicting 47.3% of healthcare professionals’ perceived intention to use AeH systems. All six moderation factors showed significant influence on the research model. A validation of this model with a wider survey cohort is recommended as a future study.