Choice Petition & Data Collection

After Australian Privacy Week, the consumer Action Group Choice published a petition to consider other ways retailers might track and profile consumers every time they shop.

CHOICE writes, "This technology could be used to set discriminatory prices for specific consumers, track your movements via your phone with Bluetooth beacons, scour your online browsing history, and even analyse your emotions through cameras embedded in electronic billboards."
 
  This petition follows the Office of the Australian Information Commissioner's (OAIC) investigation into using facial recognition technology.  
 
In a recent address, the OAIC Commissioner Angelene Falk said their 'should we' rather than 'can we' approach to collecting consumer data.  
 
One of the elements that Falk addresses is the fair, reasonable test around data collection.

"The first would be around the proposal that there should be a fair and reasonable test for all information handling, and so this, to me, is a fundamental cornerstone that I think has an opportunity to really uplift the protections of Australians but also to help business ensure that their practices do not harm Australians.

 

---

Joint Investigation for Latitude Breach 
The OAIC and New Zealand's Office of the Privacy Commissioner (OPC) have announced a joint investigation into the Latitude Financial breach.  
 
 In the official message from the regulator, they will be looking at whether the financial entity took reasonable steps to protect consumer data.  
 
The OAIC said in an official message, "If the investigation leads to a finding that Latitude has breached one or more of the Australian Privacy Principles, then the Australian Information Commissioner and Privacy Commissioner may make a determination that can include requiring Latitude to take steps to ensure the act or practice is not repeated or continued, and to redress any loss or damage. If the investigation finds serious and/or repeated interferences with privacy in contravention of Australian privacy law, then the Commissioner has the power to seek civil penalties through the Federal Court of up to $50 million for each contravention."
 
The OPC Deputy Privacy Commissioner Liz MacPherson said in an official statement, "There is a human cost to a breach. We have former customers of Latitude who took a loan to buy a fridge about 15 years ago, and now part of their identity is being held for ransom.”
 
The OPC Deputy commissioner's questions are the same addressed by the OAIC commissioner when discussing the Attorney General Privacy Review.  
 
"Could Latitude have done anything to prevent the hackers getting in and stealing information? What reasons does Latitude have for holding onto the personal information of past customers for such long periods?"
 
This breach, considered the most significant data breach in New Zealand, speaks to a systemic issue of data collection and retention practices in New Zealand and Australia.  
 
"A key finding from the NZ Institute of Directors' Director Sentiment Survey report, released late last year, was that a significant proportion of boards were not sufficiently prepared for a digital future and had an "it won't happen to us" approach. The message from the Office of the Privacy Commissioner is "wake up to yourselves". We talk to organisations that are counting the cost of a cyber data breach almost every week. Can you risk the impact to your customers and your reputation?"