Credit: ID 80535117 © Hofred | Dreamstime.com
New guidelines for data sharing have provided clarity for businesses around their privacy and data breach obligations, but 2019 will see even greater improvements as emergent California privacy guidelines trigger privacy protections across the globe.
After a punishing year in information privacy saw many companies caught flat-footed around consumer privacy and data obligations, the Australian Computer Society’s newly-released data sharing guidelines offer much-needed clarity for businesses that are still struggling to address their regulatory exposure around the data they generate and collect.
Authored by NSW chief data scientist Dr Ian Oppermann, the new report – entitled Privacy in Data Sharing: A Guide for Business and Government – lays down a ‘Five Safes’ data analytics framework including controls that can be applied to open-data regimes such as the open banking paradigm to be first introduced in Australia’s banking industry in 2019.
The report examines notions such as data de-identification, strategies for scoping the uses of data, consent, and more – providing businesses with increasingly substantive guidelines to help them keep up with the growing global momentum towards transparency and user control over data.
Keeping up has proven increasingly tough this year as one Office of the Australian Information Commissioner (OAIC) after another revealed ongoing problems stemming the flow of data breaches. Many businesses are still struggling to understand or act upon their terms of engagement when it comes to cybersecurity, with a recent HP Australia study finding that many were conflicted between the need to meet security obligations and the desire to leverage customers’ data to improve customer service and profitability.
This conflict is playing out in the US, where the lack of consistent privacy laws has left consumers far more exposed than in Australia or Europe. Organisations such as US thinktank the Free State Foundation have embodied the conflict between consumer privacy protection and businesses’ right to data.
The new California Consumer Privacy Act (CCPA) will clarify the situation considerably, turning around a legacy of lax US privacy protections by enshrining the right for consumers to stop companies sharing or selling their personal information; providing control over the personal information that businesses collect; and holding businesses responsible for protecting customers’ personal information.
These changes will bring California’s privacy protections closer in scope and tenor to those espoused by the European Union’s general data protection regulation (GDPR) and Australia’s own Privacy Act and coming Consumer Data Right.
GDPR-led scrutiny of companies’ data handling practices has had a range of side effects. Security giant Kaspersky Lab, for one, recently fulfilled an earlier promise by opening a Transparency Centre in Zurich, Switzerland where it will process data for European customers – a move that founder and CEO Eugene Kaspersky said dovetails with greater efforts “to raise levels of trust, security and stability in the digital world.”
For its part, the UK will open a cybercrime-specific court and is considering the appointment of a minister specifically charged with preventing cyber attacks on critical infrastructure.