26 May 2017

How regulation and technology are shaping the future of privacy and security

The privacy and security of customers’ personal data continues to be a growing source of debate. Balancing privacy and security with transparency is a core challenge for consumers, companies and regulators.

Australia Post recently hosted a panel discussion on privacy and security with the following industry leaders in the public and private sectors:

David Watts, former Commissioner for Privacy and Data Protection in Victoria
Jason Holandsjo, Telstra Chief Privacy and Compliance Officer
Saara Mistry, NAB Acting Chief Privacy Officer
Regis Bauchiere, Australia Post General Manager of Identity Services
Linden Dawson, Australia Post Head of Identity, Trust and Safety

These are some of the highlights captured from their discussion:

Mandatory Data Breach Reporting will create a floor of obligations for all enterprises and we must put ourselves in our customers’ shoes when assessing the potential implications of a data breach
Biometry has the potential to protect our privacy but like any technology, we need to regulate the way it’s used to avoid an inappropriate over-collection of information
Transparency around how customers’ information may be divulged is critical to establishing and maintaining their trust

Mandatory Data Breach Reporting is set to take effect from late February 2018. What do you believe customer expectations will be around the reporting of a data loss incident?

Jason Holandsjo: "The Mandatory Data Breach Reporting framework will create a floor of obligations for all enterprises. If you’re a truly customer-centric organisation and want to maintain that social contract to have access to their personal information, then you would already have a process in place if something does go wrong."

David Watts: "From a regulator’s point of view, the test in relation to serious data breach is a qualitative one and not just a quantitative one. Some judgments need to be made regarding what amounts to a serious data breach."

Saara Mistry: "At NAB, we firmly put ourselves in our customers’ shoes and ask what the consequences would be for them in a particular incident. One of the key elements is the kind of information involved. Would it allow a third party to transact on a customer’s account? Could it facilitate identity theft or fraud? And what can we do to prevent that from happening?"

We’re seeing a range of new technologies potentially impacting privacy, such as drone, blockchain and biometric verification. This leads to the ever present question - Is privacy dead? Or do individuals have more control of their privacy than before?

Watts: "People are concerned about their privacy. They make decisions about what they’re willing to trade off, but they don’t always know what they’re trading off when they’re dealing with companies like Facebook or Google. Many organisations use information to target people with political messages. Some people may be comfortable with that and some people might not. This is about individual control."

Holandsjo: "People have never been better informed about their privacy and their rights or had better access to information. They’re making conscious decisions around the products they want to use and can work out if the benefits of joining something outweigh the risks."

Regis Bauchiere: "Biometrics is still theoretically the ideal technology in order to authenticate someone but there are challenges around authentication referencing, spoofing and accuracy. In the future, I see biometry has having the capability to protect our privacy, but like any technology we need to regulate the way it is used."

Linden Dawson: "Right now Australia Post is leaning into digital identity and is really trying to drive compliance with the privacy policies. And it’s about to get more interesting as we face into the biometrics build for digital identity.

A key learning from an industry thought leaders’ workshop that we recently hosted was to ensure our solutions don’t lead to over-sharing of information and that we, as a business, don’t over-collect information that’s not appropriate."

In recent years, law enforcement has attempted to force Apple and Whatsapp to unlock accounts belonging to alleged terrorists. In both cases, information was not handed over. Do you think customers expect entities to maintain their privacy in such instances?

Mistry: "There is a general expectation that if a company holds information that can validly be used to prevent or detect an alleged terrorist activity or crime, the company should be able to divulge that to the appropriate law enforcement authorities.

What it comes down to is the transparency that companies have with their customers. It’s very important that when you collect information, you make it very clear to your customers the circumstances in which you will divulge their information.

A relevant consideration is the proportionality of the law enforcement authorities and the nature of the request for the information. It needs to be proportionate and how they use that information needs to be appropriate to the circumstances."

Watts: "There are controversial issues around this. If we have incredibly strong encryption, are we willing to trade off the protection that law enforcement and national security can give us?

There are a lot of people who would argue, quite validly, that encryption is something we can use and that there shouldn’t be backdoors that are open to malware attacks. I think we need to start talking about the issues as adults rather than from ideological positions, and work our way through them."

As technology evolves so will the conversations around the issues of privacy and security. But one conversation that will carry into the future will be around how organisations are using, sharing and protecting customers’ personal data.

As a result, transparency will be viewed a key differentiator alongside technological sophistication in terms of how consumers decide which companies to trust with their personal identity and information.

The content of this article is provided for general information purposes only and is not legal advice. Specialist legal advice should be sought about your specific circumstances.

Inclusive service delivery

Supply chain capability

Disaster support and recovery

Election and referendum communications

Employee screening

Identity services

In-person identity checks

Photo & signature capture

Financial transactions and payments

Mail products and services

Information management

Decipha

Document imaging & management

Secure document collection & delivery

Data insights

Digitising services

The value of mail digitisation in a pandemic and beyond

A better read on the future of libraries

Finding the right channel mix for inclusive government service delivery

The future of identity services lies in choice, control and security

How blockchain will change your business

Australia Post’s agile approach to digital transformation

The Consumer Conundrum

Unlocking up to $11 billion of opportunity

Digital ID in new economy

World without borders

Relationship between trust and identity

Fuelling Uber’s expansion into regional Australia

Connecting our communities to services

eVoting: The Global Digital Democracy

Is Australia ready for eVoting?

How new technology can help solve the eVoting challenge

How regulation and technology are shaping the future of privacy and security

The 5 privacy trends impacting organisations today

How digital identity could resolve the privacy paradox

Protecting consumers in a digital age

Transforming our payments services to support Australian businesses

What Apple’s Face ID means for Australia Post’s Digital iD™

How an emerging cashless society is changing payments in Australia

Alipay unlocking eCommerce growth in Australia

Biometrics is changing identity and financial services in Australia

Opening up the barcode

Global insights into digital licensing

Rethinking the real purpose of digital licensing

The innovators of the digital economy

Australia’s cardless future

Next wave of tech in Australia’s digital economy

Why speed is the least interesting feature of the NPP

How organisations big and small can step up cyber security

Digital iD partnerships encourage online choice and confidence

ID verification made even easier

The top business strategy driving supply chain leaders

Understanding customers

How to be truly customer centric

Solve customer problems by asking them

Disrupt, develop, deliver: Big lessons from small business

Why Digital Inclusion can take Australia forward

Better together: 5 surprising insights into marketing channel relationships

The merit of methodology in digital co-creation

Using machine learning to shape the customer experience

Balancing the convenience and privacy trade-off

Five practical ways governments can drive digital inclusion in Australia

What’s holding customers back from using your online services?

The three drivers of online behaviour among Australians

Challenging the myths of online behaviour in Australia

The myths and misconceptions of Australians’ online behaviour

Digital identity and eKYC

Designing a digital experience for Generation Z

Southeast Asia shaping global eCommerce and payment trends

Customer experience in the digital economy

The digital economy is changing fast

Australian businesses pursuing cross-border eCommerce in China

Direct mail in a digital world

Why mail remains at the heart of Australia's election campaigns

The rise of fraud in times of disruption

In difficult times, human connection matters

Serving with empathy, reliability and responsiveness

Remaining ahead of changing customer expectations

Preparing for peaks and surges in online shopping Large Online Retailer

Supporting the Australian community this holiday season