In this digital age, information is big business. Our personal details have been monetised and can be traded internationally, sometimes without us even knowing.
And organisations that ignore their privacy obligations do so at their peril, UNE Privacy Officer Caitlin Rowe says as Privacy Awareness Week NSW begins.
"Australia may have been sheltered from some of the bigger international privacy breaches in the past, but businesses have to be increasingly vigilant," she says. "There are potential legal consequences for non-compliance, but the real issue is the reputational damage and erosion of trust. That can be extremely damaging financially.
"It's a constantly evolving regulatory environment, and individuals are becoming more and more informed of their rights as well."
Every day, in every organisation, staff are entrusted with sensitive personal information. If it falls into the wrong hands, it can impact that person's relationships, business or employment prospects, even their financial position, and have long-lasting health implications.
UNE Privacy Officer, Caitlin Rowe.
"Contact tracing during the COVID-19 pandemic has highlighted some of the shortcomings of Australia's privacy laws," Caitlin says. "It has also highlighted, for many individuals, how valuable their data is to them. More and more are asking questions about how their personal information is being used and stored, and becoming more protective of that data. We all know how it feels to receive an unsolicited phone call from a marketing company or a spam email."
Trust is imperative in the commercial environment and, once lost, can be impossible to regain.
"If customers or clients discover a personal data breach, they will go elsewhere," Caitlin says. "The Consumer Data Right has been introduced to the banking sector, and I expect new regulations will emerge in the future that better address an individual’s right to data portability, reform consent burdens and corporate transparency, and increase controls around how personal data is used and how that is communicated with individuals.
"The Australian Federal Privacy Act is under review this year. There is some consideration of making geo-location data a sensitive data field among other reforms. I am hopeful that change is coming.
You sometimes hear the statement that 'privacy is dead', but that couldn't be further from the truth.
"Privacy breaches can cause humiliation, damage to a person's reputation and/or personal relationships, workplace or social bullying, marginalisation or intimidation. For an institution, there can also be considerable financial, legal and resource implications, reputational damage and loss of community trust.
"It's a balancing act for corporate identities, between maintaining the information they need to deliver what their communities expect and keeping the trust of the person who has handed over their information in good faith.
"We cannot live day-to-day without engaging online; our digital identity becomes an extension of ourselves. But protecting that identity is hugely important, which we can forget in this age of targeted marketing and profiling."
For Caitlin, privacy is a critical component of a modern democracy, and its importance to human rights is one reason why she is juggling a full-time role in privacy compliance with a PhD exploring the role of the library in supporting democracy within the evolving surveillance culture.
"In Australia, we have a tendency to downplay the importance of privacy to democratic society and human rights," she says. "But we only have to look at instances of when privacy has been compromised for minority and marginalised groups to see potential consequences of its erosion."
