Australian Privacy Commissioner Concerned Over Third-Party Breaches
The Australian privacy commissioner warned the Australian public that third-party suppliers serve as “a real weak spot” to safeguard customer privacy. The warning follows a massive data of over 1 million Australians stemming from a data breach involving a third-party club management software contractor.
The leak impacted New South Wales and Australian Capital Territory club-goers while including sensitive personal details such as names, addresses and driver’s license.
The privacy commissioner has also expressed frustrations with the push towards urgent roll out of artificial intelligence without appropriate regulations to protect citizens.
Commissioner Makes Statement as Part of Privacy Awareness Week
Australia’s new Privacy Commissioner, Carly Kind, emphasized that this issue was growing and that larger organizations such as clubs needed to ensure that third-party suppliers and contractors maintained adequate data privacy standards to fulfill their obligations to consumers.
Kind highlighted that while the shift towards a digital economy presented significant opportunities for individuals, businesses, and the public, it also came at the expense of personal privacy. She pointed out that invasive data-gathering practices, weak security protocols, and unfair terms and conditions undermined individual agency while exposing organizations to additional liabilities in the form of data breaches and privacy complaints.
The commissioner felt that these new technologies have led to an expansion in the collection and usage of personal information without considering the potential intrusions into individual and collective privacy.
The commissioner advised the Australian public to be actively involved and engaged in protecting their personal information. She emphasized that businesses and other organizations collecting data must make informed decisions to safeguard and protect it, while avoiding unnecessary retention of data.
Australian Information Commissioner Angelene Falk noted that the Office of the Australian Information Commissioner (OAIC) continues to receive numerous reports of multi-party breaches, primarily stemming from breaches in cloud or software providers.
Australian Privacy Commissioner Expresses Additional AI Concerns
As part of the privacy week statement, Kind also expressed frustration about the sense of urgency for AI deployment, which seemed to override a more cautionary approach.
The commissioner noticed a worrying business perception that AI isn’t being used enough, leading to a sense of urgency and missed opportunity that ignores adequate considerations for its positive implementation and the integration of existing laws and regulations to protect customer data and privacy.
Kind has professional expertise in AI, having worked previously as the inaugural director of the London-based AI and data research organization, the Ada Lovelace Institute.
Australian Privacy Commissioner Supports Law That Bolsters Privacy
While the Australian privacy commissioner has limited power to address serious privacy breaches, the requirement threshold to meet the requirement is excessively rigid to the point only two civil penalty proceedings were passed in the past nine years.
However, reforms to the Privacy Act introduced by Attorney-General Mark Dreyfus in August 2023, seek to empower the commissioner’s ability to crack down on breaches with the inclusion of new low-tier and mid-tier civil penalty provisions that would effectively allow the commissioner to deal with non-serious and one-off breaches.
The new bill aims to strengthen privacy protections by allowing Australians to sue for deemed privacy invasions and targeted use of personal information like doxing. This reform is deemed vital as personal privacy faces increasing threats. Carly Kind, the new privacy commissioner, has noted industry support for these reforms and highlighted concerns about excessive data collection and outdated privacy laws.
Kind’s appointment as the standalone privacy commissioner reflects a renewed focus on privacy issues and follows the Australian government’s efforts to strengthen the Office of the Australian Information Commission.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.