2020, the year that was…

As 2020 draws to a close, we are taking this moment to step back and reflect on the year. IIS has made a few logistical changes in 2020. This year we moved our Sydney office from Chippendale to The Vines co-working space in Waterloo. We expanded and diversified our team across Brisbane, Hong Kong, Malaysia, Melbourne and Perth. We also fully embraced working from home (WFH) and flexibly, which have always been a part of our culture.

In April this year when lockdowns began, we published a guide on how we do WFH including a page on privacy and security. As WFH is becoming a standard in how we work, we recommend a review of the aforementioned guide.

Our shared achievements

Despite the challenges of COVID-19, 2020 has been a busy time for our clients.

Notably, we completed a Privacy Impact Assessment for the Australian Bureau of Statistics (ABS) about the use of integrated administrative data in the next Census, which the ABS has published. We were asked to identify privacy issues and risks associated with the Census admin data project – including matters of compliance with law and policy, as well as broader considerations such as stakeholder expectations and social licence.

The Office of the National Data Commissioner (ONDC) and Department of the Prime Minister & Cabinet (PM&C) engaged us to conduct a PIA on a draft of the landmark Data Availability and Transparency Bill (DATB), formerly known as the ‘Data Sharing and Release Bill’. The 13 recommendations and PM&C’s responses are published in our PIA here.

IIS proudly supported Commonwealth, NSW, and Victorian Privacy Awareness Weeks in 2020. The OAIC’s theme was Reboot Your Privacy, focusing on the current challenges that Australian entities are facing to adapt to the new demands of remote working and online interactions. Among IIS activities, Lead Privacy Advisor, Malcolm Crompton spoke at the Australian Computer Society’s NSW Privacy Summit seminar, available here. The seminar asked: Why is there so much debate about the trustworthiness of government uses of data? This session explored the ways in which existing law and its implementation are not meeting the needs of citizens or the needs of government seeking to retain citizen trust.

IIS also authored National Security or Privacy? in CyberAustralia magazine, as part of the Risk & Cyber Week virtual conference by the Risk Management Institute of Australasia (RMIA) and the Australia Information Security Association (AISA). The article puts forth the “4A framework,” as a way to examine how we can have stronger protections for stronger national security powers.

Looking ahead

The past 12 months have been met with brand new challenges and the importance of data protection has never been greater in this time of change and uncertainty.

In particular, we have provided increased support in terms of agile Privacy by Design work, privacy compliance and performance audits, and data breach response. We envisage this will continue as organisations expand their digital efforts in a landscape of hybrid work environments, higher customer expectations and changing legal regimes (Privacy Act review, new data sharing regime, Consumer Data Right, to name a few!).

The growing shift in attitude towards privacy and security was highlighted in a recent OAIC survey which showed that privacy is a major concern for 70% of Australians, and almost 9 in 10 want more choice and control over their personal information.

Thank you to all our clients for the trust that you have placed in IIS this year and your enthusiastic efforts to promote better privacy and security. We look forward to the challenges and projects that 2021 may bring and working with you again.

Have a safe and happy Christmas and New Years!