Global standard needed for privacy protection

International experts meet with government
Page:

Privacy experts from afar afield as the United Kingdom met with the federal government this week to examine weaknesses in the Privacy Act which is currently under review.

Government representatives met with Hewlett Packard (HP) scientist and co-author of the TrustGuide, Stephen Crane, and Australia's former privacy commissioner, Malcolm Crompton.

The TrustGuide is a joint venture with British Telecom which was sponsored by the United Kingdom Department of Trade Industries' research facility Science Wise.

Research undertaken for the TrustGuide recommends privacy policy should be amended so that it is based on public demand for individual control of personal information.

A second study is now underway called TrustGuide 2 which examines risk associated with technology and law.

Crompton said functionality is a big problem when it is imposed on the user.

"Companies used to use CRMs to see how much data they can get behind [customer's] backs before they scream," Crompton said.

Labelling Australia's Privacy Act as weak, he said privacy infringements occur through 'functionality creep', where companies add information-distribution features to services without customer consent, such as the Facebook fiasco.

"The hypocrisy of one-way authentication is destroying user confidence in privacy because institutions are demanding more authentication yet are providing very little to satisfy the consumer," he said.

Crompton said while privacy legislation needs to be built to Australian requirements, the most effective policy will eventually become a global standard.

For example, the International Chamber of Commerce (ICC) is working to develoop standards for international data transfers.

At the Asia Pacific Economic Cooperation (APEC) conference in 2004, the ICC was inolved in the adoption of the APEC Privacy Framework.

The framework was developed for APEC member economies and aims to protect personal information and cross-border data transfers.

ICC, in cooperation with the APEC Business Advisory Council, has been promoting this framework throughout its development and implementation, including the upcoming rollout of a pilot project.

Stephen Crane said a working solution lies in user-controlled release of information.

"At the moment, under the current legislative environment, we release too much information and just hope for the best," Crane said.

"In TrustGuide 2, we gave respondents a virtual smart card which allowed them to allocate sharing and deletion of their information [and] we found most users were willing to have their information stored.

"Because current ID management has a habit of migrating risk rather than resolving it, the user will suffer if they fail to authenticate themselves for any reason."

Page:
More about: ACT, APEC, British Telecom, European Commission, Hewlett Packard, Hewlett-Packard, HP, ICC, International Chamber of Commerce
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/170/gadwin-geforms/

Gadwin GeForms

GeForms allows you to create your own forms or fill in existing forms electronically. Using GeForms you are provided with sophisticated form design tools which ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia