Data protection and privacy: the Australian legislation and its implications for IT professionals

The notion of privacy takes on a completely different meaning when viewed from the perspective of an IT professional, an organisation using technology to support strategic directions or a member of the public. This paper looks past the technical issues involved in data protection and examines some of the business, social and regulatory aspects that have become important to those involved in the management, storage and dissemination of electronic information. The paper documents some of the legislative developments in privacy and data protection and examines what these developments mean for IT professionals for whom the link between data captured, stored and processed into information and the resulting effect on privacy is important. The Commonwealth Privacy Act 1988 based on work done by the Council of Europe, the OECD and the European Union provides some general guidelines but only for the public sector. However, new legislation imminent. Thus, IT professionals need to be aware of the changing situation and examine their organisation’s current practices to ensure compliance with future laws.

The right to privacy and corporations

Traditionally the right of privacy has not been recognised at common law. However, recently the High Court has indicated that it may be willing to develop a new tort of invasion of privacy. Several of the justices have stated that the new action would only relate to natural persons, not corporations. This is because the principles said to underpin the right to privacy, autonomy and dignity, are supposedly inapposite to corporations. This article argues that this reasoning is flawed. Neither the right to autonomy nor dignity is capable of underpinning the right to privacy. Hence, no sustainable basis has so far been advanced for restricting the availability of any future tort of invasion of privacy to individuals. This article also questions whether a separate tort is needed in view of the protection already provided to the privacy interests of individuals and corporations under the equitable doctrine of confidence.

Facilitating online privacy on eCommerce websites: an Australian experience

As traditional organizations using their websites for eCommerce transactions are increasing at an exponential rate, privacy concerns of users are also on the rise. To gain an insight into these concerns, existing policies and legislation, we conducted the research reported in this paper, in 2003. To augment the literature synthesis, a multiple case study analysis was conducted, based on six large organisations in Australia. Our research findings suggested that in the Australian context, an online privacy policy (OPP) on the website which complies with the Privacy Act, supported by few best practices are reasonably able to address online privacy concerns. However, these findings are restricted in time frame, indicative and relevant in the Australian context. Nevertheless, we hope to stimulate academic research enquiry and discussion forums through this research.

The right to privacy: appealing, but flawed

The right to privacy is not recognised at common law. However, like many  other rights, it has gained increasing prominence and legal recognition  since the explosion in rights-based normative discourse following the  Second World War. Rights-based moral theories are appealing because their language is individualising; promising to expand the sphere of liberty and protection offered to people. It is therefore not surprising that we as  individuals are attracted to such theories - they allow us a vehicle through  which we can project our wishes and demands onto the community. While in abstract the right to privacy sounds appealing, it has many potential  disadvantages. This article examines the justification for the right to privacy. It argues that either the right is illusory (devoid of an overarching doctrinal rationale) or at its highest the right to privacy is an insignificant right - one which should rarely trump other interests. It follows that there is a need to re-assess the desirability of introducing a separate cause of action protecting privacy interests.

Foucault's 'What is an author' : towards a critical discourse of practice as research

A vexed issue for many artistic researchers is related to the need for the artist/researcher to write about his or her own work in the research report or exegesis. In the creative arts, the outcomes that emerge from an alternative logic of practice are not easily quantifiable and it can be difficult to articulate conclusions objectively given the emotional and ideological investments and the intrinsically subjective dimension of the artistic process. How then, might the artist as researcher avoid on the one hand, what has been referred to as 'auto-connoisseurship', the undertaking of a thinly veiled labour of valorising what has been achieved in the creative work, or alternatively producing a research report that is mere description or history?

In this paper I suggest that a way of overcoming such a dilemma is for creative arts researchers to shift the critical focus away from the notion of the work as product, to an understanding of both studio enquiry and its outcomes as process. I’d like to draw on Michel Foucault’s essay ‘What is An Author ‘ to explore how we might move away from art criticism to the notion of a critical discourse of practice-led enquiry that involves viewing the artist as a researcher, and the artist/critic as a scholar who comments on the value of the artistic process as the production of knowledge.

Foucault’s essay provides artistic researchers with a template for more objective and distanced discourse on the practice-led research process and its writing. It allows researchers to locate themselves within contexts of theory and practice and provides an analytical framework though which researchers might locate themselves and their work within the broader social arena and field of research, As I will show with reference to the work of Donna Haraway and a number of commentaries on Pablo Picasso’s Demioselles d’Avignon, an application of Foucault’s ideas need not negate those subjective and situated aspects of practice as research.

Trends and guidelines in online privacy policy

Online privacy policies (OPP) are important mechanisms for informing online consumers about the level of information privacy protection afforded when visiting web sites. To date, societal mechanisms and technologies have been the focus of attempts to improve the quality and effectiveness of OPPs. We present findings from a longitudinal, empirical study of online privacy policies. Our research found that although online privacy policies have improved in quality and effectiveness since 2000, they still fall well short of the level of privacy assurance desired by consumers. This study analyses trends in OPPs over the two years of the study, identifying areas of deficiency and improvements, and offering a solution in the form of a detailed set of guidelines for organisational online privacy policy. Our study adds to existing theory in this area and, more immediately, will assist businesses concerned about the effect of privacy issues on consumer web usage.

Adding value to online privacy for consumers: remedying deficiences in online privacy policies with an holistic approach

We present findings from a longitudinal, empirical study of online privacy policies. Our research found that although online privacy policies have improved in quality and effectiveness since 2000, they still fall well short of the level of privacy assurance desired by consumers. This study has identified broad areas of deficiency in existing online privacy policies, and offers a solution in the form of an holistic framework for the development, factors and content of online privacy policies for organizations. Our study adds to existing theory in this area and, more immediately, will assist businesses concerned about the effect of privacy issues on consumer Web usage.

Monitoring employees emails without violating their privacy right

The capability of an employee to violate the policy of an organization is a concern for an employer. Monitoring is a measure taken by an employer to discourage an employee from acting inappropriately. However, current monitoring techniques tend to raise privacy issues because they violate the privacy rights of employees. Applying a monitoring technique without violating the privacy of employees is the aim of this paper. We propose a design and a protocol which give an employer the opportunity to monitor employee email in order to detect company policy violations. This can be achieved without violating the privacy of honest employees, while at the same time revealing evidence about the illegal actions of dishonest employees.