NIT2201

IT Profession and Ethics

Session 6
Privacy 2
 Content
• Data Retention
• Privacy Awareness Week
• How data is being collected
• Privacy breaches
• Being concerned about privacy
• Protecting your privacy
• Privacy seals
• Freedom of Information
NIT2201: Session 6 2
 Data Retention
• Australian Government introduced bill for compulsory
retention of data
• Telecommunications providers have to store customer data
for 2-year period
• Metadata is used for tracking terrorism/security and crime
issues
• Metadata is data about communication, not the
communication itself
– Who/where/when, and not what was communicated
– E.g., for phone communication: phone numbers and duration of call
– E.g., for Internet-based communication: email addresses, when
email was sent, etc. (not subject or body of email)
NIT2201: Session 6 3
 Data Retention
• Six kinds of information retained:
– “the identity of the subscriber to a communications service …
– the source of the communication
– the destination of the communication
– the date, time and duration of the communication
– the type of the communication
– and the location of the equipment used in the
communication” (p. 2 of "Data Retention Facts", Australian
Government Attorney-General's Department – no longer
available on Web. Similar resource:
accan.org.au/media-centre/hot-issues-blog/1035-data-retention-f
acts
)
NIT2201: Session 6 4
 Data Retention
• Protection provided by APPs continues although
data retained
• Upfront capital cost of scheme: $188.8 million to
$319.1 million
• Response from Australian Privacy Foundation
(APF): www.privacy.org.au/Media/MR-DataRet-150205.pdf
• Malcolm Turnbull (Communications Minister)
acknowledged possible to evade logging of IP
addresses (www.zdnet.com/google-amp/article/turnbull-
admits-limitations-of-data-retention-proposal)
NIT2201: Session 6 5
 Data Retention
• Concerns about metadata can be found in
APF’s “Submission To Review Of Access To
Retained Data In Civil Proceedings”:
www.privacy.org.au/Papers/DOCA-DataRet-170113.pdf
– Pages 4 to 6
• News article: “AFP officer accessed journalist’s
call records in metadata breach”
(www.abc.net.au/news/2017-04-28/afp-officer-accessed-
journalists-call-records-in-metadata-breach/8480804)

NIT2201: Session 6 6
 Privacy Awareness Week
• Video: www.youtube.com/watch?v=9lQmdZwUr2M
• Site of latest event:
education.oaic.gov.au/paw2022
• Some issues covered in latest and previous
Awareness Weeks:
– Urging organisations to protect their customer’s
personal information
– Privacy tips relevant to parents and carers of
children
– Privacy impact assessment
NIT2201: Session 6 7
 How data is being collected
Profiling users through social media
• Video: www.youtube.com/watch?v=X7gWEgHeXcA
Session recording/replay
• “Session replay is a major threat to privacy on the web”,
www.itnews.com.au/news/session-replay-is-a-major-
threat-to-privacy-on-the-web-477720
Facial recognition database
• “The questions Australia should really ask about face
recognition”, www.cnet.com/au/news/questions-about-facial-
recognition-biometric-database-australia/
– Sections “How does biometric face-matching work?” to “Why
all the fuss? It's just a picture of your face...”
NIT2201: Session 6 8
 Privacy breaches
Cambridge Analytica and Facebook scandal
• Previous U.S. president, Donald Trump, was
elected in 2016
• His campaign for election involved this scandal
that included Facebook and political
consulting firm, Cambridge Analytica
• Let’s look at diagrams at: www.vox.com/policy-
and-politics/2018/3/23/17151916/facebook-
cambridge-analytica-trump-diagram
NIT2201: Session 6 9
 Privacy breaches
Yahoo accounts
• Two breaches:
1. One in 2013
2. One in 2014
• “Yahoo's 2013 Email Hack Actually
Compromised Three Billion Accounts”,
www.wired.com/story/yahoo-breach-three-billion-
accounts (first 4 paragraphs)

NIT2201: Session 6 10
 Being concerned about privacy
• Office of Australian Information Commissioner ran
Australian Community Attitudes to Privacy Survey 2020
• Results of survey covered in video (also shows
transcript of video):
www.oaic.gov.au/updates/videos/australian-community-
attitudes-to-privacy-survey-2020/
• “Learn More About Your Consumers' Attitude and
Behaviors Towards Privacy”
(www.forbes.com/sites/forrester/2018/02/07/learn-more-
about-your-consumers-attitude-and-behaviors-towards-privacy )
covers results in Europe
NIT2201: Session 6 11
 Protecting your privacy
• Ten tips from Privacy Awareness Week 2016
(www.oaic.gov.au/paw2016):
1. Be familiar with your rights: based on APPs
2. Read data collection notices and privacy policies
3. Ask questions where data collected (e.g., Why do they need it?)
4. Verify credit details with credit reporting
5. Protect yourself regarding passwords
6. Secure your mobile devices
7. Update security software
8. Control what details shared via social media
9. Don’t expose personal information
10. Avoid scams
NIT2201: Session 6 12
 Protecting your privacy
• Do Not Call Register www.donotcall.gov.au/about/about-the-do-not-call-register

NIT2201: Session 6 13
Protecting your privacy

or

NIT2201: Session 6 14
 Privacy seals
• Use sites of businesses that have privacy seal at
their site
• Seal conveys to customer that business is serious
about ensuring privacy, e.g., scanning customer
data to detect if any threat to it
• Examples of organisations providing such seals:
TrustArc
(trustarc.com/truste-certifications/enterprise-
privacy-certification/) (formerly TRUSTe), BBBonline
(Better Business Bureau), Trust Guard (trust-
guard.com)
NIT2201: Session 6 15
 Freedom of Information
• Video: www.youtube.com/watch?v=_4x--09pP-A
• Law for supporting you in finding out what
information held about you: Freedom of
Information Act, 1982
• What this means is that organisations and
government don’t have right to absolute privacy
about your personal information
• Act supports you:
– accessing your data held by organisation or government
– correcting wrong/misleading information about you
NIT2201: Session 6 16