Internet Commerce Australia

Privacy

A topic of increasing importance to corporate governance is privacy of sensitive data. Many companies and organisations continue to abuse the privacy of their employees and customers and flaunt privacy legislation.
ICA provides the following predictions:

	• Company directors will be required to vouch for their organisation's adherence to privacy regulation and be actively involved in the deployment of protective measures
	• Disclosure laws similar to those in the United States will gradually be adopted in Europe and Australasia
	• Restriction on the use of individual identifiers will increase with jurisdictions protecting their use of identity attributes font>
	• Data management practices within organisations will improeve with policy defined and procedures documented for the collection, use, refresh and destruction of sensitive data

Principles
There are ten generally accepted privacy principles:.

	• data can only be used for the purpose for which it is collected
	• sensitive data must not be disclosed to third parties
	• quality of data must be maintained with periodic refresh or destruction
	• the subject of a data record must be provided a mechanism to verify it
	• reuse of another jurisdiction's personal identifiers is prohibited
	• where possible data must be aggregated to obscure individual identity
	• sensitive data must be protected from unauthorised access
	• the opportunity for anonymous service should be provided where applicable
	• data cannot be shared without the express permission of the subject
	• collection of sensitive data requires the express permission of the subject

ICA's service offering
ICA provides a comprehensive service to analyse an organisation's exposure to privacy regulation abuse and recommend ways in which the organisation's policies and procedures can be modified to correct them.
ICA will recommend product and/or service solution for the development of a robust identity management environment.

PTA

· Challenges