About Us - Galexia News
- Register of Public Galexia PIAs - 3 September 2019
- Updates to Galexia Website - 4 September 2019
- PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia’s PIA on the proposed Data Sharing and Release legislative framework - 3 September 2019
- Galexia providing privacy advice and an independent public Privacy Impact Assessment (PIA) on 2021 Census for ABS - August 2019
- Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register - June 2019
- Galexia completes privacy advice and an independent PIA for Department of Prime Minister & Cabinet on the proposed Data Sharing & Release Bill and related regulatory framework - June 2019
- Galexia completes Privacy Impact Assessment (PIA) for Victorian Labour Hire Licensing Authority (LHLA) - June 2019
- Galexia completes independent review of Consumer Data Standards - Security Profile (CDS-SP) and process on Open Banking for Data61 - 21 December 2018
- Digital Transformation Agency (DTA) releases 2nd Galexia Privacy Impact Assessment (PIA) on Digital Identity - 13 November 2018
- Galexia completes Privacy Advice and 2-Stage Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on PageUp Services - November 2018
- Iterative privacy advice for Fair Work Commission (FWC) and independent PIA for eCASE - a new cloud-based case management platform - October 2018
- Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on MyTAC enhancement - October 2018
- Galexia completes 2nd PIA and Privacy Checklist for the Victorian Transport Accident Commission (TAC) on cloud-based Data Analytics and Reporting (Phase 2 - Expanded Data Set) - October 2018
- Two-stage independent PIA for myGovID finalised - September 2018
- ABS accepts all recommendations in Galexia independent Privacy Impact Assessment (PIA) on National Health Survey (NHS) Linkage - 28 August 2018
- Galexia completes Privacy Impact Assessment (PIA) for Victorian Agency for Health Information (VAHI) - 28 August 2018
- Galexia completes initial Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on proposed cloud-based Data Analytics and Reporting Pilot - July 2018
- Galexia engaged by Department of Prime Minister & Cabinet to conduct an independent PIA on the proposed Data Sharing & Release Bill - 9 July 2018
- BSA & Galexia Global Cloud Computing Scorecard 2018 (Galexia Analytics Release) - May 2018
- Galexia selected to provide independent and public Privacy Impact Assessment on National Health Survey (NHS) Linkage Project for ABS and Department of Health - April 2018
- ABS accepts recommendations in Galexia Privacy Impact Assessment (PIA) on the Multi-Agency Data Interchange Project (MADIP) - April 2018
- 2018 Global Cloud Computing Readiness Scorecard released - 6 March 2018
- Putting data governance and privacy top of Australian Government Agencies Agenda (KWM Insight) - 6 November 2017
- Galexia assisted The University of Sydney on an Identity and Access Management Strategy - October 2017
- Legal and Ethical Challenges for Driverless Cars and Smart Roads - 20 October 2017
- New De-Identification Decision-Making Framework released - October 2017
- Australian Open Banking Review to consider digital identity issues - October 2017
- King & Wood Mallesons (KWM) and Galexia collaborating on Data Governance Advisory Services - October 2017
- Galexia undertakes Review and Briefing on Identity Management and Customer Initiated Data Sharing for Regional Australia Bank - September 2017
- Galexia completes Privacy Impact Assessment (PIA) for the Australian Health Practitioner Regulation Authority (AHPRA) on Cloud Hosted Platforms - August 2017
- Galexia on panel at ForgeRock Identity Summit - The evolving role of privacy in digital transformation - 15 August 2017
- Galexia providing independent privacy advisory services to Australian Bureau of Statistics (ABS) - August 2017
- Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Point of Sale (PoS) Online Service - June 2017
- Galexia director speaks at Conference on Digital Economy, Trade and Development (Stockholm) - 21 June 2017
- Galexia Associate publishes new book on privacy law in Singapore - June 2017
- Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Phase 1 of Online Client Service - April 2017
- Digital Transformation Agency (DTA) releases 1st Galexia Privacy Impact Assessment (PIA) on Digital Identity - 17 March 2017
- Austroads publishes the first Privacy Impact Assessment (PIA) on data messages for connected cars in Australia - March 2017
- New Global Cloud Computing Readiness Scorecard being developed - February 2017
- Galexia presenting at CPDP2017 (The Age of Intelligent Machines) Computers, Privacy & Data Protection 10th International Conference, Brussels - 25 January 2017
- Galexia completes initial Privacy Impact Assessment (PIA) for the Australian Government Digital Transformation Agency (DTA) on the proposed Trusted Digital Identity Framework (TDIF) - December 2016
- Galexia presenting at the Annual European Data Protection and Privacy Conference, Brussels - 1 December 2016
- Galexia Micro-site on the 2016 Global Cloud Computing Scorecard with analytics and graphs on trends since 2012 - December 2016
- Article in Data Protection Leader - Regulators fight back against privacy fraud - November 2016
- Galexia completes Privacy Impact Assessment (PIA) for the Australian Government Attorney General’s Department (AGD) on Change of Name Data Sharing - October 2016
- Galexia Director Chris Connolly joins the Editorial Board of Data Protection Leader - October 2016
- Galexia presenting at the International Conference of Data Protection and Privacy Commissioners, Marrakech - October 2016
- Privacy Policy and Privacy Management Framework for Financial Literacy Platform - September 2016
- Galexia completes Privacy Impact Assessment (PIA) for Austroads on Co-operative Intelligent Transport Systems (C-ITS) data messaging - August 2016
- Galexia undertakes Privacy Review on a micro payment system for public transport - July 2016
- Galexia completes Privacy Impact Assessment (PIA) for the NSW Information and Privacy Commission on cloud based Government Access tool - July 2016
- Galexia chapter in 'Enforcing Privacy' book published (Springer) - April 2016
- 3rd Global Cloud Computing Readiness Scorecard released - 27 April 2016
- Galexia helps the United Nations publish major study on data protection and trade - 19 April 2016
- 3rd Global Cloud Computing Readiness Scorecard due for public release - April 2016
- United Nations hosting major E-Commerce event in Geneva - 18 April 2016
- Galexia article about Implementation of the new EU-US Privacy Shield - 21 March 2016
- Advice on market sizing for cross border transfers from Europe - February 2016
- The European Union Network and Information Security (NIS) Directive moves a step closer to implementation - 16 January 2016
- Galexia Director speaking at Privacy Law and Business Conference in Cambridge (UK) - 7 July 2015
- APAC CyberSecurity Dashboard and 10 Country Reports Launched - 1 July 2015
- Vale Claro ‘Lalen’ Parlade - June 2015
- Privacy Review for Diabetes Australia - June 2015
- European CyberSecurity Dashboard and 28 Country Reports Launched - 3 March 2015
- Galexia to present at Expert Meeting on Cyberlaws and Regulations for Enhancing E-Commerce, Geneva - March 2015
- 3rd Global Cloud Computing Readiness Scorecard being developed for mid 2015 launch - August 2014
- Galexia completes Privacy Impact Assessment (PIA) for Victorian Resource Rights Allocation and Management (RRAM) migration to cloud - August 2014
- Galexia developing Asia-Pacific Cybersecurity Comparative Study - July 2014
- Australian Department of Communications Technology Advice Panel - June 2014
- Galexia developing European Cybersecurity Comparative Study - June 2014
- Galexia presents on The Future of the EU-US Safe Harbor at Brussels conference - 1 June 2014
- Galexia completes Privacy Impact Assessment (PIA) for Business Victoria Online - May 2014
- AUSTRAC releases Galexia’s PIA on AML/CTF reforms - May 2014
- Galexia gives evidence about EU/US Safe Harbor privacy framework to the UK House of Lords - 12 March 2014
- Galexia presentation at the Commonwealth Cybersecurity Forum in London - 5 March 2014
- Galexia completes privacy and security advice on cloud applications for 3wks.com.au and Victorian Government - November 2013
- Galexia and Doll Martin Associates announce closer strategic relationship - October 2013
- Galexia invited to provide evidence to the European Parliament LIBE Inquiry on Electronic Mass Surveillance of EU Citizens - 7 October 2013
- UNCTAD Review of E-commerce Legislation Harmonization in ASEAN - 25 September 2013
- UNCTAD Information Economy Report 2013 - Expert Peer Review Meeting (Geneva) - July 2013
- Galexia provides Australian Energy Market Operator (AEMO) advice on cloud based identity - April 2013
- Independent Review of Queensland Personal Identification Information in Property Data (PIIPD) Code of Conduct - March 2013
- 2nd Global Cloud Computing Readiness Scorecard launched - 7 March 2013
- Asia Cloud Computing Association incorporates Galexia research into its 2nd Cloud Readiness Index - 13 November 2012
- Galexia develops Identity and Access Management Strategy and Roadmap for Australian Energy Market Operator (AEMO) - March 2012
- Global Cloud Computing Readiness Scorecard launched - 22 February 2012
- Galexia to present the new Global Cloud Readiness Scorecard at the Cloud Connect conference, Santa Clara USA - 14 February 2012
- New ePayments Code launched in Australia - September 2011
- Singapore to introduce privacy legislation and a Do Not Call Register - September 2011
- Asia Cloud Computing Association incorporates Galexia research into its Cloud Readiness Index - September 2011
- Galexia research on privacy and health data published in two prestigious medical journals - July 2011
- ACMA publishes Galexia’s research on international Cybersecurity awareness raising and educational initiatives - May 2011
- Galexia team presents Asia Pacific Digital Economy and Cloud Computing Scorecard at Hong Kong workshop - April 2011
- Galexia completes Asia Pacific Digital Economy and Cloud Computing Scorecard - March 2011
- Treaties Committee recommends Australia sign two important cyberlaw Conventions - March 2011
- Cloud computing advice to the Victorian Department of Innovation, Industry and Regional Development (DIIRD) - November 2010
- Galexia contributes to new research on privacy complaints in the communications sector - September 2010
- Galexia presented at the Privacy Laws & Business 23rd Annual International Conference - 14 April 2010
- Malaysia Parliament passes Personal Data Protection Act - 5 April 2010
- Galexia prepares submission on consumer fairness tests for ACCAN - 5 March 2010
- Galexia director Chris Connolly speaking at Asia-Pacific privacy seminar - 2 March 2010
- Galexia prepares draft interoperability principles for ACCAN - 2 March 2010
- Galexia interviewed by Privacy Laws and Business International Journal on the US Safe Harbor and recent actions by the FTC - 26 February 2010
- Galexia report on public information on credit reporting - 16 February 2010
- Galexia and Qubit Consulting conduct IDM upgrade for the University of Western Sydney - 25 January 2010
- Galexia and CHOICE prepare submission to superannuation review - 18 December 2009
- Galexia contributes to the Oxford Australian Law Dictionary - 17 December 2009
- Legal Information Access Centre publishes Galexia’s Hot Topic on Cyberlaws - 1 December 2009
- Galexia prepares privacy analysis of Salesforce CRM - 17 November 2009
- Galexia and Qubit Consulting conduct IDM upgrade for the University of Sydney - 5 November 2009
- Galexia prepares working draft of Benchmarks for Global Privacy Standards - 3 November 2009
- Galexia publishes submission to the DBCDE Do Not Call Register Statutory Review - 20 October 2009
- Galexia completes PIA for Victorian Department of Innovation, Industry and Regional Development - 1 October 2009
- Galexia develops Victorian Privacy Impact Assessment template - 21 September 2009
- First US Prosecution for false web claim of Safe Harbor status - 11 September 2009
- Galexia publishes international analysis of Do Not Call Registers - 8 September 2009
- ACCAN releases Galexia research on Customer Service Charters in the Australian Telecommunications Sector - 25 August 2009
- ACCAN releases Galexia research on Informed Consent in the Australian Telecommunications Sector - 21 August 2009
- eCrime symposium - 4 August 2009
- Galexia complete facial recognition PIA for NSW Roads and Traffic Authority - 1 August 2009
- CHOICE submission on consumer code development processes - 2 June 2009
- Galexia has published an article on Privacy White Lists - 2 June 2009
- Government to expand the Do Not Call Register - 29 May 2009
- ACCAN and customer service charters in the telecommunications sector - 27 May 2009
- ACCAN and informed consent in the telecommunications sector - 26 May 2009
- Government releases draft National Consumer Credit Reform Package - 28 April 2009
- Galexia news available via RSS - 24 April 2009
- Australia to adopt the UN Convention on the use of Electronic Communications in International Contracts - 23 April 2009
- Department of Broadband, Communications and the Digital Economy (DBCDE) releases issues paper on consumer codes in telecommunications - 31 March 2009
- Australasian Retail Credit Association Credit Reporting Code - March 2009
- ASEAN, Australia, New Zealand sign free trade agreement - February 2009
- First Technical Assistance Seminar on the Implementation of the APEC Data Privacy Pathfinder - February 2009
- Survey on consumer protection laws in Asia-Pacific - February 2009
- AUSTROADS privacy review - February 2009
- Privacy in interstate student transfers - January 2009
- Privacy code for access to Queensland property data - January 2009
- 2008 review of the EFT Code of Conduct - January 2009
- National e-Authentication Framework Website Authentication Guidelines - January 2009
- New Galexia Study: The US Safe Harbor - Fact or Fiction? - December 2008
- Privacy in consumer credit reporting - November 2008
- The ALRC recommendations for Cross Border Transfers - November 2008
- CHOICE publishes Galexia report on consumer protection in the telecommunications industry - October 2008
- Trustmark Schemes Struggle to Protect Privacy - September 2008
- Galexia advises on Identity and Access Management strategy in the financial sector - 15 October 2008
- Privacy issues in e-commerce - October 2008
- Asia-Pacific regional privacy options - August 2008
- Australian Law Reform Commission releases final report on Australian privacy laws - August 2008
- Galexia conducts Pacific spam enforcement workshop - July 2008
- Galexia publishes case study on Harmonisation of E-Commerce Legal Infrastructure in ASEAN project - May 2008
- Galexia assists CHOICE with submission on consumer protection in telecommunications - May 2008
- Recruitment - Legal/IT Research Consultant - April 2008
- Automated business in life insurance and electronic commerce - April 2008
- Tenth ASEAN E-Commerce workshop held in Jakarta, Indonesia - March 2008
- Indonesian Parliament passes e-commerce law - March 2008
- Consumer protection in electronic contracts - March 2008
- Galexia completes study of cyberlaw harmonization for UNCTAD Information Economy Report - February 2008
- Galexia assists Eric Bana in a domain name dispute - February 2008
- Galexia hosts Japanese privacy delegation - February 2008
- The privacy implications of China's outsourcing industry - January 2008
- Developments in digital rights management - January 2008
- Galexia provides technical assistance for Indonesian cyberlaw bill - January 2008
- Developments in Asia-Pacific privacy laws in 2007 - January 2008
- Credit reporting submission to the Australian Law Reform Commission's Privacy Review - December 2007
- Galexia Associate Claro Parlade wins Endeavour Fellowship to study privacy law - November 2007
- Jurisdictional and enforcement issues of internet gambling - October 2007
- Galexia assists the NSW RTA with their Document Verification System - October 2007
- Galexia to help develop spam laws in the Pacific - October 2007
- Five new signatories to the UN Convention on the Use of Electronic Communications in International Contracts - October 2007
- Consumer Action Law Centre publish Galexia's Trade Practices Act Public Benefit Report - September 2007
- Galexia meets with Secretary of State to the Ministry of Commerce in Cambodia - September 2007
- Galexia's commentary on the UN Convention on Electronic Contracting documents - September 2007
- Data retention by search engines and Australian privacy law - August 2007
- Land rights in virtual worlds - August 2007
- UN Electronic Communications in International Contracts Convention in Hanover, Germany - August 2007
- Ninth ASEAN E-Commerce workshop held in Siem Reap, Cambodia - August 2007
- Internet and E-commerce Law - August 2007
- OECD issues new Recommendation on Consumer Dispute Resolution and Redress - August 2007
- Galexia presents final digital signature strategy to Law Society of NSW - July 2007
- Galexia writes chapter in Information Economy Report 2007 for UNCTAD - July 2007
- Galexia completes initial PIA for the Department of Defence - June 2007
- OECD issues Recommendation and Guidance on Electronic Authentication - June 2007
- Galexia attends the second APEC Privacy Seminar in Cairns - June 2007
- Review of the EU Directive on Electronic Commerce - June 2007
- Sarah Andrews joins Galexia - June 2007
- Galexia publishes article on recent developments in internet jurisdiction - May 2007
- The Telecommunications (Interception) Amendment Act 2006 - May 2007
- Galexia assists CHOICE with a joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC - May 2007
- Galexia joins AGIMO Identity Management and Authentication Consultancy Services Panel - May 2007
- Eighth ASEAN E-Commerce workshop held in Vientiane, Laos - March 2007
- Galexia undertakes third extension to ASEAN E-Commerce Harmonisation work - April 2007
- Galexia at the Canberra APEC Data Privacy Seminar - January 2007
- Second edition of 'Cyberspace Law: Commentaries and Materials' - January 2007
- Gatekeeper reforms published - October 2006
- Galexia hosts 7th ASEAN Workshop on E-Commerce in Brunei - September 2006
- Online Dispute Resolution - August 2006
- Galexia to help develop the Singapore National Authentication Framework - August 2006
- Galexia provides privacy compliance advice to Fidelity International - August 2006
- Galexia examines best practice privacy management for public registers in Australia - July 2006
- Galexia reviews identity management paper for South Australian Chief Information Officer - July 2006
- Galexia to conduct analysis of e-commerce legal infrastructure in Malaysia - July 2006
- UN Convention on the Use of Electronic Communications in International Contracts comes into force - July 2006
- Sixth ASEAN E-Commerce workshop in Manila - May 2006
- Galexia to help develop the Australian Government e-Authentication Framework for Individuals (AGAFI) - April 2006
- Galexia to help complete the Gatekeeper Public Key Infrastructure Framework for AGIMO - April 2006
- The UN Convention on Electronic Contracting - March 2006
- Galexia conducting Preliminary Privacy Impact Assessments (PIAs) on Healthcare Provider Identifier (HPI) and Individual Healthcare Identifier (IHI) for National E-Health Transition Authority (NEHTA) - February 2006
- Galexia to assist in further harmonisation of ASEAN electronic commerce - February 2006
- Galexia publishes case note on WL v La Trobe University case - February 2006
- Galexia publishes plain language guide to cyberlaws - January 2006
- Galexia expands work with Law Society of NSW and Commonwealth Department of Industy, Tourism and Resources (DITR) - January 2006
- Galexia to develop Privacy Impact Assessment (PIA) for Government employees in Australia - January 2006
- AUSTROADS engages Galexia for a risk management framework on national vehicle database - January 2006
- Galexia complete Cyberlaws Survey in ASEAN - January 2006
- Fifth ASEAN E-Commerce harmonisation workshop in Singapore - December 2005
- AGIMO develops out e-Authentication Framework to individuals - December 2005
- Galexia presents at CSIRO Science Policy Workshop - November 2005
- Galexia publishes article on the Montreux Declaration - November 2005
- Galexia to publish article on the UNCITRAL Convention on Electronic Contracting - November 2005
- CSIRO P-Health Flagship engages Galexia in analysis of privacy and trust issues in the use of health data in research - August 2005
- Galexia commissioned to conduct a survey of ASEAN Cyberlaws - August 2005
- Malaysian Minister announce new E-Commerce Laws at Galexia Workshop - July 2005
- Fourth ASEAN E-Commerce harmonisation workshop in Malaysia - July 2005
- Digital credentials for the legal profession - July 2005
- Presentation at Asia PKI Forum in Singapore - July 2005
- Workshop on 'Privacy Management Strategies for Local Government' - July 2005
- Galexia publishes article on the US Real ID Act - June 2005
- Patient privacy and security - June 2005
- Galexia participates in 2005 Australian Mission to the Asian Development Bank - March 2005
- Biometrics and Privacy - March 2005
- Remaining legal barriers to the use of digital signatures in Australia - March 2005
- Galexia publishes article on PKI Interoperability - February 2005
- Third ASEAN E-Commerce harmonisation workshop in Cambodia - February 2005
- The UN Convention on Electronic Contracting - January 2005
- ASEAN Prioritises E-Commerce Integration - November 2004
- Overview of E-Commerce Legal Infrastructure - October 2004
- Second ASEAN E-Commerce harmonisation workshop in Bangkok - October 2004
- Galexia presented at APEC TEL 30 - September 2004
- Exemptions in the Australian Electronic Transactions Act - September 2004
- Galexia's Commonwealth Endorsed Supplier Arrangement extended to 2007 - August 2004
- Galexia develops and hosts course materials for Electronic Commerce Law - August 2004
- Galexia publishes article on Managing Consent in a Multidisciplinary Team Environment - June 2004
- Galexia at the inaugural Asian Law Institute (ASLI) conference - May 2004
- Galexia presents on Legal and Privacy Issues in e-Government - May 2004
- Galexia holds first workshop on ASEAN e-commerce harmonisation in Singapore - May 2004
- Federal Court injunction obtained under Privacy Act - May 2004
- Committee for Economic Development of Australia (CEDA) - E-Commerce - Pausing for Breath, Maximising Financial Returns & Managing Risks - April 2004
- Galexia to assist ASEAN harmonise electronic commerce - March 2004
- Enhanced data security and customer understanding through identity and access management - March 2004
- Galexia completes a strategic consultancy on a national health identifier for the Commonwealth Department of Health and Ageing - February 2004
- Galexia conference presentation on health identity management - March 2004
- Galexia's Representative Complaints paper to appear in Privacy Law & Policy Review - February 2004
- Baker and McKenzie Cyberspace Law and Policy Centre (CLE Series 2003) - Online contracts: Banking, finance and insurance - December 2003
- Baker and McKenzie Cyberspace Law and Policy Centre (CLE Series 2003) - Privacy Complaints: How to Get a Win for Your Client (Making Privacy Laws Work) - December 2003
- Australian Telecommunications Industry Ombudsman (TIO) Conference - Convergence: Redrawing the Boundaries - December 2003
- Galexia's Privacy Management Strategy (PMS) for New Queensland Smart Card Driver Licence released - September 2003
- Case studies on distributed identity - September 2003
- Privacy class actions - Galexia has published a survey of Australian and international privacy laws that allow class actions and representative complaints to be made - September 2003
- Galexia presents paper at national Electronic Authentication Stakeholder workshop for the Vocational Education and Training sector - August 2003
- Galexia delivers report on ABN-DSC interoperability - April 2003
- Ian Booth joins Galexia as an Associate - March 2003
- Galexia completes research paper on Electronic Authentication for Flexible Learning for Australian National Training Authority - February 2003
- Galexia updates Intelligence Report on privacy law in Asia - January 2003
- Galexia wins tender to deliver research paper on Electronic Authentication for Flexible Learning for Australian National Training Authority - September 2002
- Galexia Intelligence Report #6 - Privacy Codes of Conduct (Process and Content Issues) - August 2002
- Galexia focuses on E-Commerce law: The Law and Policy of Consumer Protection in Electronic Commerce in Australia (Updated) - October 2001
- Galexia commissioned to write a consultation paper on privacy issues in the use of PKI for individuals - June 2001
- Galexia completes a new Intelligence Report: An Introduction to e-Commerce Law - May 2001
- Galexia's first Intelligence Report: Privacy Impact Assessments (PIAs) - February 2001
- Paper on Electronic Lodgment in the Land and Environment Court - February 2001
Register of Public Galexia PIAs - 3 September 2019
|
|
Updates to Galexia Website - 4 September 2019
We are updating our website to include more than 2 years of projects, independent reviews and assessments, presentations, research papers and partnerships.
Check back here for the latest updates.
|
PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia’s PIA on the proposed Data Sharing and Release legislative framework - 3 September 2019
|
In July 2018 Galexia was engaged to provide privacy advice and an independent and public Privacy Impact Assessment (PIA) on the proposed policy settings and related legislative reforms surrounding the Data Sharing & Release (DS&R) Framework.
The PIA was prepared prior to the finalisation of the Data Sharing & Release Bill and Galexia’s engagement process facilitated the Australian Government Department of the Prime Minister & Cabinet (DPMC) <www.pmc.gov.au> and Office of the National Data Commissioner (ONDC) <www.datacommissioner.gov.au> to adopt an iterative approach to the development of the policy settings and to the Data Sharing & Release Framework.
The purpose of the PIA is to assist in identifying and managing privacy issues that are raised by the proposed framework for the sharing and release of data that will be facilitated by the Data Sharing & Release Bill. The key proposals are:
- To enable a range of data sharing and data release activities for permitted purposes; and
- To create an effective governance framework for the proposed data sharing and the release of public sector data.
In September 2019 this PIA was publicly released with an accompanying discussion paper - all Galexia’s recommendations have been accepted.
The Privacy Impact Assessment and Discussion Paper are available from the following links:
- Minister for Government Services Media Release » [External link - 3 September 2019]
- National Data Commissioner - Embedding a privacy-by-design approach in how we develop legislation » [External link - 3 September 2019]
- Discussion Paper and Privacy Impact Assessment on Data Sharing and Release legislative reforms is open for public consultation until 15 October 2019 » [External link - 3 September 2019]
- View PIA and DPMC/ONDC response to recommendations » [Galexia - PDF]
Read more about Galexia’s work with the Department of Prime Minister & Cabinet »
Galexia providing privacy advice and an independent public Privacy Impact Assessment (PIA) on 2021 Census for ABS - August 2019
|
Galexia has been engaged by the Australian Bureau of Statistics (ABS) to provide independent privacy advisory services, including an Independent and Public Privacy Impact Assessment (PIA) examining the privacy considerations around the conduct of the 2021 Australian Census of Population and Housing.
The Privacy Impact Assessment will be publicly available in mid 2020.
ABS Media Release (23 August 2019) » [External Link]Read more about Galexia’s work with ABS »
Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register - June 2019
|
During 2018/19, Galexia was engaged by to provide 2-stage privacy advice for the Naval Shipbuilding College (NSC) on the implementation of the Workforce Register - culminating in a Privacy Impact Assessment (PIA).
This project includes a cloud-based employment registry that is being developed and managed in collaboration with a series of third party providers. Galexia assessed compliance with national privacy laws in addition to compliance with a central contract and delivery through cloud platforms and application of best practice privacy governance.
The Workforce Register operates in the defence / national security sector, so the best practice management of privacy and security issues is considered to be a high priority. The NSC has commissioned this PIA as a proactive step in identifying privacy issues and strengthening privacy protections.
This PIA assessed the Workforce Register against the APPs in the Commonwealth Privacy Act (1988) and the Privacy (Australian Government Agencies — Governance) APP Code 2017.
The completion of this PIA included extensive engagement with the Workforce Register implementation team and their partners.
Go to the Naval Shipbuilding College website »
Galexia completes privacy advice and an independent PIA for Department of Prime Minister & Cabinet on the proposed Data Sharing & Release Bill and related regulatory framework - June 2019
|
In July 2018 Galexia was engaged to provide privacy advice and an independent and public Privacy Impact Assessment (PIA) on the proposed policy settings and related legislative reforms surrounding the Data Sharing & Release (DS&R) Framework.
The PIA was prepared prior to the finalisation of the Data Sharing & Release Bill and Galexia’s engagement process facilitated the Australian Government Department of the Prime Minister & Cabinet <www.pmc.gov.au> and Office of the National Data Commissioner (ONDC) <www.datacommissioner.gov.au> to adopt an iterative approach to the development of the policy settings and to the Data Sharing & Release Framework.
The purpose of the PIA is to assist in identifying and managing privacy issues that are raised by the proposed framework for the sharing and release of data that will be facilitated by the Data Sharing & Release Bill. The key proposals are:
- To enable a range of data sharing and data release activities for permitted purposes; and
- To create an effective governance framework for the proposed data sharing and the release of public sector data.
Galexia completed the PIA in mid 2019 and the Department of Prime Minister & Cabinet and Office of the National Data Commissioner will be making a public release soon after.
Read more about Galexia’s work with the Department of Prime Minister & Cabinet »
Galexia completes Privacy Impact Assessment (PIA) for Victorian Labour Hire Licensing Authority (LHLA) - June 2019
|
In August 2018, Galexia was engaged by Industrial Relations Victoria (IRV) - a division of Victorian Department of Premier & Cabinet (DPC).
Galexia conducted a 2-stage Privacy Impact Assessment (PIA) to assist in identifying and managing key privacy issues that are raised by the design and implementation of the Labour Hire Licensing ICT Solution and cloud-based online registry solution that is being operated by the Labour Hire Licensing Authority (LHLA).
The PIA was finalised in June 2019.
Read more about Galexia’s work with the Victorian Labour Hire Licensing Authority »
Galexia completes independent review of Consumer Data Standards - Security Profile (CDS-SP) and process on Open Banking for Data61 - 21 December 2018
|
Galexia completed an independent review of the Consumer Data Standards - Security Profile (CDS-SP) as at December 2018.
Galexia provided CSIRO / Data61 with independent advice and assistance as they worked towards industry consensus on the security profile for Open Banking. This is a key standard that will help to facilitate the implementation of the Consumer Data Right (CDR) in Australia.
Data61 has been appointed technical advisor to the Data Standards Body <https://consumerdatastandards.org.au> by the Australian Government, and is tasked with delivering open technical standards that empower consumers to share their data simply and safely with organisations of their choosing - starting in the banking sector.
Galexia’s provided independent advice identifying and articulating key information security implementation decisions within the design of technical standards.
Galexia also facilitated a working group to develop an information security profile that aligns with the Financial Grade API (FAPI) Working Group <https://openid.net/wg/fapi> Read/Write framework, using OAuth 2.0 and OpenID Connect protocols.
Read the report:
- Consumer Data Standards - Christmas 2018 Woking Draft » [External link]
- Independent review of Information Security Profile progress (Galexia) » [External link - PDF]
<https://consumerdatastandards.org.au>
Read more about Galexia’s work with DATA61 »
Digital Transformation Agency (DTA) releases 2nd Galexia Privacy Impact Assessment (PIA) on Digital Identity - 13 November 2018
|
On 13 November 2018, the Australian Government Digital Transformation Agency (DTA) released the second independent and public Privacy Impact Assessment (PIA) on the Trusted Digital Identity Framework (TDIF) and identity platform (GovPass).
Galexia completed the PIA as independent consultants to the agency. This second PIA was a subsequent stage of an independent and multi-phase PIA process.
This second assessment reviewed updated Framework documentation and the design of core system components. This second PIA made several new Recommendations and also provided an update on progress against the Recommendations contained in the first PIA.
The DTA published the PIA and their formal response in November 2018.
To accompany the PIA the DTA also issued an update on the overall progress of the project:
- Read the DTA blog post releasing the second PIA » [External Link - 13 November 2019]
- Download the PIA from the DTA website » [PDF - External Link]
- Download the PIA and DTA Response » [PDF - Galexia]
Read more about Galexia’s work with the Australian Government and DTA on identity »
Galexia completes Privacy Advice and 2-Stage Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on PageUp Services - November 2018
|
Galexia undertook a privacy review, developed initial issues guidance and then a subsequent independent Privacy Impact Assessment (PIA) considering the June 2018 PageUp data breach issue and provided broader advice on the potential use of additional PageUp services.
Whilst the PageUp data breach issue did not have a direct impact on TAC data, it was important to undertake an independent strategic review.
Read more about Galexia’s work with TAC »
Iterative privacy advice for Fair Work Commission (FWC) and independent PIA for eCASE - a new cloud-based case management platform - October 2018
|
Galexia has been selected by the Fair Work Commission (FWC) to provide iterative privacy advice to the implementation team and to conduct an independent Privacy Impact Assessment (PIA) examining the privacy considerations around the Commission’s introduction of a new cloud-based case management platform - eCASE.
Electronic case management is a fundamental business capability for the Fair Work Commission (FWC) - processing 35,000 cases per annum.
Read more about Galexia’s work with FWC »
Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on MyTAC enhancement - October 2018
|
Galexia provided an Independent Privacy Impact Assessment (PIA) for TAC on the design and proposed implementation of the Needs Identification Questionnaire via the MyTAC App and web portal.
This PIA examined issues around the cloud hosting services (Microsoft Azure), system design and the user interface.
Galexia’s advice examined compliance with Victorian privacy legislation, health privacy legislation and the Victorian Protective Data Security Framework.
Read more about Galexia’s work with TAC »
Galexia completes 2nd PIA and Privacy Checklist for the Victorian Transport Accident Commission (TAC) on cloud-based Data Analytics and Reporting (Phase 2 - Expanded Data Set) - October 2018
|
Galexia was engaged by Victorian Transport Accident Commission (TAC) to develop an independent Privacy Impact Assessment (PIA) - examining the privacy consideration of the complete data analytics program, examining privacy issues on the use of cloud hosting services (Microsoft Azure), system design (including the ‘Data Vault Model’), and the risk profile of the underlying information assets - building on the Data, Analytics and Reporting (DAR) Working Model PIA (July 2018).
This PIA was the second for the program and is intended to provide recommendations and identify the risks for the DAR Program as it progresses into the design phase. Subsequent assessments will then provide assurance that the design and built solution have taken into consideration the independent PIA recommendations.
Using the prior developed DAR PIAs (Phase 1 Working Model and then Phase 2 Expanded Data Set) as a baseline, Galexia developed a Data Release Privacy Checklist for the TAC Data, Analytics and Reporting (DAR) Program.
Galexia’s advice examined compliance with Victorian privacy legislation, health privacy legislation and the Victorian Protective Data Security Framework.
Read more about Galexia’s work with TAC »
Two-stage independent PIA for myGovID finalised - September 2018
|
In June 2018, Galexia was engaged to provide a 2-stage independent Privacy Impact Assessment (PIA) for the Australian Taxation Office (ATO) on the proposed development of myGovID.
The 2 stages included:
- The replacement of the AusKey credential with myGovID and then
- Privacy compliance with the Australian Government Trusted Digital Identity Framework (TDIF).
The purpose of this PIA was to assist in identifying and managing privacy issues that are raised by the proposed development of the MyGovID identity proofing and credential solution.
TDIF Accreditation
One important part of the PIA on MyGovID is that the ATO are seeking to have their identity solution accredited under the Trusted Digital Identity Framework (TDIF) developed by the Digital Transformation Agency (DTA) <https://www.dta.gov.au/our-projects/digital-identity/trusted-digital-identity-framework>.
The TDIF
enables the reuse of credentials and verified identity attributes provided by an Identity Provider across Relying Parties. The verified identity attributes support the registration of an individual at a Relying Party and the credentials enable ongoing access to the digital services provided by the Relying Party.
In August 2018, ATO accepted all of Galexia’s recommendations.
The PIA made a range of recommendations for mediating privacy risks, including changes to the project design, practical privacy compliance steps, consideration of biometrics and the use of the Australian Government Face Verification Service (FVS) and privacy governance arrangements.
Read more about Galexia’s work with ATO »
ABS accepts all recommendations in Galexia independent Privacy Impact Assessment (PIA) on National Health Survey (NHS) Linkage - 28 August 2018
|
Galexia has been engaged by the Australian Bureau of Statistics (ABS) to provide independent privacy advisory services.
Read more about Galexia’s work with ABS »
In April 2018, Galexia was engaged to provide an Independent Privacy Impact Assessment (PIA) to the Australian Bureau of Statistics (ABS) and Department of Health, examining the privacy considerations around the National Health Survey (NHS) Linkage Project.
In August 2018 this PIA was publicly released, and ABS has accepted all the recommendations.
The purpose of the PIA was to assist in identifying and managing privacy issues that are raised by the proposed integration of data between the 2014-15 NHS and MADIP (Multi-Agency Data Integration Project). While the NHS survey data was at a point in time (in this case collection took place between July 2014 and June 2015), MADIP data is longitudinal.
The key proposal was to:
1. Link the 2014-15 NHS data with a range of other data held in MADIP to facilitate research and statistical analysis; and
2. Ensure an effective governance framework for the proposed data integration (noting that NHS Linkage Governance will fall under MADIP Governance arrangements).
Galexia's advice included:
- Advising on the privacy issues associated with linking the 2014/15 NHS to the MADIP, including support for a targeted consultation process and conduct of an independent PIA.
- Identifying sub-populations for particular attention, and assess personal information and sensitive/less- sensitive variables;
- Providing general advice to inform the communication strategy for the project.
- Assisting ABS to apply learning from this process to inform its approach for future health surveys
In August 2018 this PIA was publicly released, and ABS has accepted all the recommendations.
- View PIA and ABS response » [Galexia - PDF]
- View ABS PIAs and responses » [External Link]
Read more about Galexia’s work with the ABS »
Galexia completes Privacy Impact Assessment (PIA) for Victorian Agency for Health Information (VAHI) - 28 August 2018
|
The Victorian Agency for Health Information (VAHI) was created in 2017 as part of Victorian Government reforms to overhaul quality and safety across Victoria’s healthcare system. VAHI functions independently to the Victorian Department of Health & Human Services.
In June 2018, Galexia was engaged by Victorian Agency for Health Information (VAHI)) to conduct and independent Privacy Impact Assessment (PIA) on the Victorian Health Incident Management System (VHIMS) Central Solution.
This PIA examined privacy issues in the phased roll-out of a new Incident Management System and associated infrastructure. Galexia’s advice examined compliance with Victorian privacy and health privacy legislation.
The PIA was finalised in August 2018.
Read more about Galexia’s work with VAHI »
Galexia completes initial Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on proposed cloud-based Data Analytics and Reporting Pilot - July 2018
|
Galexia has completed a Privacy Impact Assessment (PIA) for the Transport Accident Commission (TAC) on Phase 1 of their proposed Data Analytics and Reporting (DAR) Program. Phase 1 includes the development of a limited working model, based upon a slice of data.
The PIA considers privacy issues surrounding the proposed implementation of a new Data Analytics and Reporting (DAR) system based on cloud infrastructure. Galexia’s advice examines compliance with Victorian privacy and health privacy legislation.
The purpose of the PIA is to assist identifying and managing privacy issues that are raised by the design and proposed implementation of the DAR Program.
This initial PIA was limited to consideration of the first phase of the DAR Project, consisting of:
- 1. Establishing a Working Model for the DAR Project utilising a limited data set;
- 2. Working with sub-contractors and cloud service providers to develop the underlying infrastructure required for the DAR Program; and
- 3. Evaluating the Working Model before proceeding with the further development and implementation of the DAR Project across a broader set of data
Galexia’s advice examined compliance with Victorian privacy legislation, health privacy legislation and the Victorian Protective Data Security Framework.
Read more about Galexia’s work with TAC »
Galexia engaged by Department of Prime Minister & Cabinet to conduct an independent PIA on the proposed Data Sharing & Release Bill - 9 July 2018
|
On 5 July 2019, and following a competitive tender process, Galexia has been engaged by the Australian Government Department of Prime Minister & Cabinet (DPMC) to provide privacy advice on the proposed Data Sharing & Release Bill.
Read Minister Keenan’s media release (5 July 2019) announcing the reforms » [External link]
Read more about Galexia’s work with the Department of Prime Minister & Cabinet »
BSA & Galexia Global Cloud Computing Scorecard 2018 (Galexia Analytics Release) - May 2018
Galexia has released the 2018 Global Cloud Computing Scorecard micro-site. This version, on our website, of the 2018 Cloud Scorecard reflects the final and official version as published on the BSA | Software Alliance Scorecard micro-site with additional embedded analytics and visualisations from Galexia.
The 2018 release of the 4th in this series of ground breaking reports is a great time to take stock and look significant trends and patterns of global improvements over the past 6 years. We have included graphs, analysis and data not previously published.
BSA & Galexia Global Cloud Computing Scorecard (2018) - Galexia Analytics Release
Galexia Authors:
Chris Connolly
Peter van Dijk
2018
The 2018 BSA Global Cloud Computing Scorecard ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas.
The 2018 BSA Global Cloud Computing Scorecard — the newest version of the only global report to rank countries’ preparedness for the adoption and growth of cloud computing services — features an updated methodology to better reflect cloud computing’s exponential growth over the past five years, putting additional emphasis on policy areas, including privacy laws, cybersecurity laws, and broadband infrastructure. Most countries continue to make improvements, the study finds, but some markets are falling further behind.
By examining the legal and regulatory framework of 24 countries, the Scorecard aims to provide a platform for discussion between policymakers and cloud service providers. This dialogue can help develop an internationally harmonized regime of laws and regulations that facilitate cloud computing.
Browse Galexia report with additional analytics on a single page »
Or browse by section...
- Title page - start at the beginning
- 1. Overview
- 2. The 2018 Scorecard - Scores and Rankings
- 3. Executive Summary and Overall Findings (from the BSA Report)
- 4. BSA Cloud Policy Blueprint
- 5. Key Findings Across Themes (from the BSA Report)
- 6. Country Checklist on a page
- 7. Country Summaries (including historic scores and ranks)
- 2018 Rank 1. Germany - Score: 83.95 | Change from 2016 - Rank: +2
- 2018 Rank 2. Japan - Score: 82.09 | Change from 2016 - Rank: -1
- 2018 Rank 3. United States - Score: 82.04 | Change from 2016 - Rank: -1
- 2018 Rank 4. United Kingdom - Score: 81.84 | Change from 2016 - Rank: +5
- 2018 Rank 5. Australia - Score: 80.61 | Change from 2016 - Rank: +1
- 2018 Rank 6. Singapore - Score: 80.21 | Change from 2016 - Rank: +1
- 2018 Rank 7. Canada - Score: 79.98 | Change from 2016 - Rank: -3
- 2018 Rank 8. France - Score: 79.57 | Change from 2016 - Rank: -3
- 2018 Rank 9. Italy - Score: 79.02 | Change from 2016 - Rank: -1
- 2018 Rank 10. Spain - Score: 78.37 | Change from 2016 - Rank: +1
- 2018 Rank 11. Poland - Score: 76.99 | Change from 2016 - Rank: -1
- 2018 Rank 12. Korea - Score: 72.2 | Change from 2016 - Rank: same
- 2018 Rank 13. Mexico - Score: 60.61 | Change from 2016 - Rank: +2
- 2018 Rank 14. Malaysia - Score: 59.26 | Change from 2016 - Rank: -1
- 2018 Rank 15. South Africa - Score: 57.33 | Change from 2016 - Rank: -1
- 2018 Rank 16. Turkey - Score: 54.3 | Change from 2016 - Rank: +3
- 2018 Rank 17. Argentina - Score: 51.75 | Change from 2016 - Rank: -1
- 2018 Rank 18. Brazil - Score: 50.27 | Change from 2016 - Rank: +4
- 2018 Rank 19. Thailand - Score: 48.4 | Change from 2016 - Rank: +2
- 2018 Rank 20. India - Score: 48.39 | Change from 2016 - Rank: -2
- 2018 Rank 21. Russia - Score: 44.99 | Change from 2016 - Rank: -4
- 2018 Rank 22. China - Score: 43.71 | Change from 2016 - Rank: +1
- 2018 Rank 23. Indonesia - Score: 40.67 | Change from 2016 - Rank: -3
- 2018 Rank 24. Vietnam - Score: 36.36 | Change from 2016 - Rank: same
- 8. Themes and Criteria (updated for the 2018 Scorecard)
- 9. Scoring Methodology (updated for the 2018 Scorecard)
- 10. External links (all BSA scorecards and dashboards developed by Galexia)
Galexia has been working with The Software Alliance (BSA) since 2009 and has assisted in the development of an extensive body of cloud research, thought leadership and first to market analysis on key cloud issues.
Galexia has worked extensively with the Singapore, Washington and Brussels BSA offices and has engaged with BSA stakeholders in more than 20 countries.
Read more about our work with BSA »
About BSA
BSA | The Software Alliance (http://www.bsa.org) is the leading advocate for the global software industry before governments and in the international marketplace. Its members are among the world’s most innovative companies, creating software solutions that spark the economy and improve modern life.
With headquarters in Washington, DC, and operations in more than 60 countries, BSA pioneers compliance programs that promote legal software use and advocates for public policies that foster technology innovation and drive growth in the digital economy.
About Galexia
Galexia (http://www.galexia.com) is at the forefront of international research and advice in the areas of privacy, identity, cybersecurity and cloud — with a particular focus on global and cross-border legal and regulatory issues. The firm advises national governments, regional and global organizations (ASEAN and the United Nations), and the private sector (particularly ICT, health and financial services). The firm has expertise in the policy complexities that arise for countries and business addressing cross-border issues. Galexia publishes world-leading research publications, including the regular Cloud Scorecards, Cybersecurity Dashboards and reports on identity management, authentication, privacy and cyberlaws. The firm has specialist expertise in data governance, particularly the development and implementation of identity and authentication management systems, Privacy Impact Assessments and Cybersecurity strategies.
Galexia works closely with a range of international business and government clients to produce clear and effective outcomes from evidence-based research. The firm uses collaborative cloud-based reporting tools to provide real-time access to our research and analysis.
|
Galexia selected to provide independent and public Privacy Impact Assessment on National Health Survey (NHS) Linkage Project for ABS and Department of Health - April 2018
|
Galexia has been engaged by the ABS to provide independent privacy advisory services.
Read more about Galexia’s work with ABS »
On 21 April 2018, following a competitive tender process, Galexia was engaged to conduct an independent Privacy Impact Assessment (PIA) for the Australian Bureau of Statistics (ABS) and Department of Health, examining the privacy considerations around the National Health Survey (NHS) Linkage Project.
The purpose of the PIA is to assist in identifying and managing privacy issues that are raised by the proposed integration of data between the 2014-15 NHS and MADIP (Multi-Agency Data Integration Project). While NHS survey data was at a point in time (in this case collection took place between July 2014 and June 2015), MADIP data is longitudinal.
The key proposal was to:
- Link the 2014-15 NHS data with a range of other data held in MADIP to facilitate research and statistical analysis; and
- Ensure an effective governance framework for the proposed data integration (noting that NHS Linkage Governance will fall under MADIP Governance arrangements).
ABS accepts recommendations in Galexia Privacy Impact Assessment (PIA) on the Multi-Agency Data Interchange Project (MADIP) - April 2018
|
Galexia has been engaged by the ABS to provide independent privacy advisory services.
Read more about Galexia’s work with ABS »
On 4 April 2018 the Australian Bureau of Statistics (ABS) published an independent Privacy Impact Assessment (PIA) on the Multi-Agency Data Interchange Project (MADIP) completed by Galexia.
The ABS (and the 6 partner agencies in MADIP) accepted all 14 recommendations in the PIA.
Galexia was engaged by the ABS to provide independent advice on the large-scale data interchange between the ABS and other Government agencies. This PIA reflects a growing interest in ensuring that privacy and security concerns are addressed in the integration of data for research purposes.
The Multi-Agency Data Integration Project (MADIP) proposes to bring important national datasets together to explore how the Australian Government can make better use of existing public data for policy analysis, research, and statistical purposes.
There are six Commonwealth agencies working together on the MADIP:
- Australian Bureau of Statistics,
- Australian Taxation Office,
- Department of Education and Training,
- Department of Health,
- Department of Human Services, and
- Department of Social Services.
As part of the PIA process Galexia also consulted with the Department of Prime Minister & Cabinet (DPMC) and the Officer of the Australian Information Commissioner (OAIC).
In accepting the PIA recommendations, the ABS has agreed to boost openness, transparency and security arrangements for the project.
The PIA and the Government's response to the 14 recommendations are available at: http://www.abs.gov.au/websitedbs/D3310114.nsf/home/ABS+Privacy+Impact+Assessments
Read more about MADIP » [external link]
2018 Global Cloud Computing Readiness Scorecard released - 6 March 2018
|
Our latest research report has been released - The 2018 BSA Global Cloud Computing Scorecard (a joint research effort between BSA | The Software Alliance and Galexia) ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas. This is the 4th in an updating series - previous reports were released in 2012, 2014 and 2016.
The 2018 BSA Global Cloud Computing Scorecard — the newest version of the only global report to rank countries’ preparedness for the adoption and growth of cloud computing services — features an updated methodology to better reflect cloud computing’s exponential growth over the past five years, putting additional emphasis on policy areas, including privacy laws, cybersecurity laws, and broadband infrastructure. Most countries continue to make improvements, the study finds, but some markets are falling further behind.
By examining the legal and regulatory framework of 24 countries, the Scorecard aims to provide a platform for discussion between policymakers and cloud service providers. This dialogue can help develop an internationally harmonized regime of laws and regulations that facilitate cloud computing.
(BSA | The Software Alliance Global Media Release - 6 March 2018 - Washington) Report: Cloud-Enabling Policies Drive Economies, While Data Localization Requirements Hinder Growth WASHINGTON — March 6, 2018 — Cloud computing is becoming more and more integral to every nation’s economic growth. The increasingly adopted technology powers global businesses and helps governments better connect with their citizens on a daily basis. It follows, then, that countries with policies that promote cloud computing services will increase their productivity and advance their economy. The 2018 BSA Global Cloud Computing Scorecard - the newest version of the only global report to rank countries’ preparedness for the adoption and growth of cloud computing services - features an updated methodology to better reflect cloud computing’s exponential growth over the past five years, putting additional emphasis on policy areas, including privacy laws, cybersecurity laws, and broadband infrastructure. Most countries continue to make improvements, the study finds, but some markets are falling further behind. Germany scored the highest on the Scorecard - due to its national cybersecurity policies and promotion of free trade - followed closely by Japan and the United States. Bringing up the rear are a small group of nations that have failed to embrace the international approach: Russia, China, Indonesia, and Vietnam. In terms of overall ranking, the biggest improvers were the United Kingdom (moving up five places) and Brazil (moving up 4 places). The Scorecard’s key findings include:
By examining the legal and regulatory framework of 24 countries, the Scorecard aims to provide a platform for discussion between policymakers and cloud service providers. This dialogue can help develop an internationally harmonized regime of laws and regulations that facilitate cloud computing. “The Scorecard is a tool that can help countries constructively self-evaluate their policies and determine next steps to increase adoption of cloud computing,” said Victoria Espinel, President and CEO of BSA | The Software Alliance. “Cloud computing allows anyone to access technology previously available only to large organizations, paving the way for increased connectivity and innovation. Countries that embrace the free flow of data, implement cutting-edge cybersecurity solutions, protect intellectual property, and establish IT infrastructure will continue to reap the benefits of cloud computing for businesses and citizens alike.” The full, 24-country rankings and detailed findings are available at www.bsa.org/cloudscorecard. |
The BSA Global Cloud Scorecard analyzes the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.
The study includes a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.
Each country's score is computed using a 72-item scoring grid and analyses. The scores are derived using a weighted system that allocates different weights to each section/question. A number of basic fact-finding questions are excluded from the scoring system. Each group of questions is weighted to reflect its importance to cloud computing and each individual question is also weighted to reflect its importance within the group. To help with the scoring and usability of the study, the assessments are based on a series of questions that are framed so that a "yes" response reflects a favorable policy setting for global cloud computing. The weights are shown in the table below and the results are available in the downloadable report.
Download the 2018 Scorecard and 24 Country Reports
- Galexia micro-site with additional analytics » (released May 2018)
- BSA Global Cloud Computing Score Card (2018) micro-site (external site)
Putting data governance and privacy top of Australian Government Agencies Agenda (KWM Insight) - 6 November 2017
|
The following King & Wood Mallesons (KWM) News Insight is reproduced with permission.
View article at KWM » [external site]
Overview
The Australian Government’s open data and digital agenda has sparked renewed debate around privacy, governance and security. As Australia moves towards an open data regime, the Office of the Australian Information Commissioner (OAIC) has flagged the importance of taking an approach that supports ‘privacy by design’.
In this context, on 27 October 2017, the OAIC registered a new APP Code - the Privacy (Australian Government Agencies - Governance) APP Code 2017 (Code) <https://www.oaic.gov.au/privacy-law/privacy-registers/privacy-codes/privacy-australian-government-agencies-governance-app-code-2017>. From 1 July 2018, all agencies will be required to comply with the Code. The Code imposes a host of new obligations on agencies with respect to privacy management and governance. Significantly, the Code mandates the conduct of a Privacy Impact Assessment for all ‘high privacy risk projects’.
It is therefore critical that you understand your new obligations under the Code and that you get your data house in order ahead of July next year. Read on to find out how the Code will affect you.
Background
The Australian Privacy Principles (APP 1.2) require agencies to take reasonable steps to implement practices, procedures and systems to ensure compliance with both the APPs and any binding registered APP code. Earlier this year, the OAIC released a draft version of the Code for consultation, noting that the application of a uniform privacy standard across the APS would be critical to ensuring community buy-in for government data sharing activities.
Relevantly, the Code applies to all Departments and incorporated or unincorporated bodies established for a public purpose by or under Commonwealth law (as well as other bodies listed in section 6 of the Privacy Act 1988 (Cth)). The Code is likely to have significant implications for agencies undertaking data sharing and release activities. This is the case even if agencies are already undertaking to comply with guidance such as the OAIC’s Privacy Management Framework and De-identification Decision-Making Framework. Read more »
Mandated Privacy Impact Assessments (PIAs)
As noted above, the Code mandates the conduct of a PIA for all ‘high privacy risk projects’. However, the concept of a ‘high privacy risk project’ is sufficiently broad as to capture most (if not all) data sharing and release activities.
A project will be a ‘high privacy risk project’ if an agency reasonably considers that the project involves new or changed ways of handling personal information - where that is likely to have a significant impact on the privacy of individuals. Given that most datasets comprise at least some personal information, there is a high likelihood that any data sharing, release or use initiatives will meet this threshold criteria, including where data has been inadequately de-identified. This applies even if you are de-identifying data for public or limited release - in those circumstances a PIA must be conducted to probe the integrity of the de-identification methodology applied to a particular dataset. Indeed, a release of personal data that has been de-identified will in almost every circumstance constitute a very high risk privacy project. As fast as de-identification techniques are created - techniques to re-identify that data are only a few steps behind.
The characteristics of a PIA should be scalable, to reflect the complexity and size of the project. A PIA will typically require expert examination of public policy and perception issues, relevant laws and legal ramifications, technical issues, and practical and pragmatic recommendations for action and management. Larger PIAs may also require stakeholder engagement and best practice advice around governance and monitoring.
What should you be doing? Agencies should review the types of data-related activities they currently undertake (and will undertake in future) and consider whether a PIA will be required for those activities. For example, moving to the cloud, data sharing and the creation of new platforms to manage applications or processes are all likely to be ‘high privacy risk projects’ for the purposes of the Code.
Privacy management and governance
A key feature of the Code is a requirement for agencies to have a privacy management plan and to designate Privacy Officers and a Privacy Champion as part of an agency’s privacy management and governance framework.
The OAIC has previously prepared guidance on how to prepare a privacy management plan. However, the OAIC is now in the process of developing a privacy management plan template and a privacy self-assessment tool to assist agencies to assess their current privacy practices.
Agencies must also ensure that they formally designate persons as the Privacy Officer and Privacy Champion by reference to a position or role within the relevant agency. The Privacy Officer is the first point of contact for privacy matters within an agency and is responsible for ensuring day-to-day operational privacy activities are undertaken. A Privacy Champion is to be a senior official within an agency who is responsible for leadership activities and engagement that require broader strategic oversight. It is important to note that the Code permits agencies to designate officers as Privacy Officers by reference to a position or role in another agency (and there may be more than one Privacy Officer).
Privacy Capability
Other requirements in the Code are designed to build internal privacy capability within agencies. Agencies must regularly review and update their privacy practices, procedures and systems to ensure they are appropriate and current. This is particularly important in the face of technological advances and shifting policy. In particular, de-identification methodologies require constant monitoring, to ensure that historical processes are updated if no longer technically adequate.
Agencies must also provide annual privacy education / training for all staff who access personal information in the course of their employment. Similar training must also be provided to all new starters within an agency.
Next steps
The requirements in the Code are geared towards ensuring agencies comply with their obligations under the Privacy Act, namely to take reasonable steps to implement practices, procedures and systems that ensure compliance with the Australian Privacy Principles when handling personal information. It is also a timely reminder for agencies to start preparing for Australia’s new open data regime. If you have any questions about the Code or what action you can be taking to get your data house in order, please get in touch.
View article at KWM » [external site]
King & Wood Mallesons (KWM) and Galexia bring together a multi-disciplinary data governance practice to give clients a joint service offering that covers the legal and privacy aspects of cloud platforms, data sharing and use, data linkage and digital identity.
This collaboration gives clients access to a leading provider of Privacy Impact Assessments (PIAs) and privacy management strategies, as well as market-leading strategic advice and legal expertise in respect of data and privacy.
Our services are designed to give clients confidence to engage with the new open data economy.
Read more about Galexia’s collaboration with KWM »
Galexia assisted The University of Sydney on an Identity and Access Management Strategy - October 2017
|
The Galexia team has a long track record in providing IdAM health checks, reviews, strategies and roadmaps to large scale clients.
Galexia was successful in a competitive tender and has assisted The University of Sydney with an Identity and Access Management (IdAM) Strategy and Roadmap based on Galexia's proven IdAM methodology.
The IdAM Strategy includes:
- Current State, Issues and Impacts
- Policy, Oversight, Delivery Model, Operations and Communication
- User Experience
- Identity Types and Lifecycles
- Access Management, Privileged Access Management, Entitlements Management, Credential Management, Federation
- Directory Services
- Identity Platform
- Key Trends
- Vision
- Enhanced Capabilities and Benefits
- Gap Analysis
- IdAM Program
- Reference Architecture
- Governance Structure
- Policy, Standards and Procedures
- Teams and Functions
- Roles and Responsibilities
- Communication
The IdAM Roadmap includes:
- Target State Capabilities and Maturity
- Streams and Activities
- Dependencies
- Timeline
- Governance Structure
- Best Practices
More information about Galexia’s Identity and Access Management (IdAM) Guiding Principles
Galexia’s methodology includes 6 IdAM best practice principles that should be applied to programs of work, activities and individual projects.
IdAM Guiding Principle |
Example application (and this will vary on a case-by-case basis) |
|
1. Common Governance |
Provide central control while also supporting the flexibility of autonomous execution across various business functions. Align IdAM projects with key initiatives to maximise business impact. |
|
2. Invest in Standard Solutions |
Invest in commercially available products when possible and deploy with minimal customisation. Reduce or eliminate the development of in-house solutions/tools which can be costly to maintain and difficult to integrate. |
|
3. Reuse, Replicate, Standardise |
Where possible, centralise IdAM process execution, reuse existing technologies, replicate proven processes, standardise technologies and architectural patterns. |
|
4. Automate |
Where possible, provide process automation and/or system driven execution. Streamline provisioning processes. Establish workflows and accountability matrices for sustainability. |
|
5. Enable |
Enable the business by investing in people, training and communication as an integral component of execution. IdAM processes and solutions are operationalised across the organisation for sustainability. |
|
6. Measure |
Measure and monitor the IdAM program at various levels, considering the customer, key performance indicators, key risk indicators, compliance, and adherence to service expectations. |
Legal and Ethical Challenges for Driverless Cars and Smart Roads - 20 October 2017
|
Galexia Director Chris Connolly gave a presentation on legal and ethical issues in driverless cars at the Bath Digital Festival (UK) on 20 October 2017.
The session - Self-Driving Cars, The Future is Now! - consisted of a series of TED Style talks at the University of Bath Innovation Centre.
Other panel members included:
- Councillor Mark Shelford, Bath & North East Somerset Council
- Andrew Hawthorn, Deputy Head of Engineering, Altran
- Dr Miriam Ricci, Senior Research Fellow, Centre for Transport and Society
Legal and Ethical Challenges for Driverless Cars and Smart Roads
Chris discussed the legal and ethical challenges in the development of driverless cars and smart roads and examined the role of artificial intelligence (AI) in the driverless car environment.
There is long history of the law failing to 'keep up' with developments in technology, and driverless cars are no exception.
Galexia’s top 6 legal and ethical challenges for driverless cars and smart roads:
- 1. Privacy
- 2. Safety and Selection
- 3. Liability
- 4. Cultural Differences
- 5. Traffic Priorities
- 6. Trust
View the presentation slides »
New De-Identification Decision-Making Framework released - October 2017
|
The Office of the Australian Information Commissioner (OAIC) and CSIRO’s Data61 have released a guide to assist organisations to de-identify their data effectively, titled the De-Identification Decision-Making Framework (DDF).
The Guide considers a range of factors, from ethical and legal obligations to technical data questions. The Guide integrates the different perspectives on the topic of de-identification into a single, comprehensible framework.
One of the lead authors of the guide is Dr Christine O’Keefe - Research Scientist at Data61. Galexia has collaborated with Dr O'Keefe for many years and CSIRO are a key Galexia client/partner. The new report references a joint publication by Dr Christine O'Keefe and Galexia Director Chris Connolly:
- O'KEEFE C.M. & CONNOLLY, C. (2010) Privacy and the use of health data for research; Med J Australia 193 (2010), pp 537-541, Read more »
Find out more and download the guide from Data 61/CSIRO » [external link]
Australian Open Banking Review to consider digital identity issues - October 2017
|
The Australian Open Banking Review commissioned by Treasury has been given broad terms of reference and has expressed an interest in the role of digital identity credentials in the implementation of open banking.
Galexia team members held a bilateral meeting with the head of the Review - Scott Farrell - and members of the Review Secretariat, to share insights into the implementation of open banking initiatives worldwide, and the overlaps between open banking and digital identity.
The Review’s mandate is to make recommendations to the Treasurer on:
- the most appropriate model for Open Banking in Australia
- a regulatory framework under which an Open Banking regime should operate, and
- a roadmap and timetable for its implementation.
The terms of reference, issues paper and submissions are available at https://treasury.gov.au/review/review-into-open-banking-in-australia/
King & Wood Mallesons (KWM) and Galexia collaborating on Data Governance Advisory Services - October 2017
|
KWM and Galexia bring together a multi-disciplinary data governance practice to give clients a joint service offering that covers the legal and privacy aspects of cloud platforms, data sharing and use, data linkage and digital identity.
This collaboration gives clients access to a leading provider of Privacy Impact Assessments (PIAs) and privacy management strategies, as well as market-leading strategic advice and legal expertise in respect of data and privacy.
Our services are designed to give clients confidence to engage with the new open data economy.
Read more about Galexia’s collaboration with KWM »
Galexia undertakes Review and Briefing on Identity Management and Customer Initiated Data Sharing for Regional Australia Bank - September 2017
|
The Regional Australia Bank approached Galexia (as independent IAM and privacy consultants) to consider options, issues and trends surrounding Regional Australia Bank (RAB) providing customers with an enhanced Identity and Access Management (IAM) platform that incorporates Customer Initiated Data Sharing with selected third parties.
This included a consideration of technical standards to API Authorisation (and Authentication) and financial sector APIs.
Galexia reviewed both local and international regulatory and policy landscape, including:
- Financial System Inquiry (The Murray Report), 2015
- New Payment Platform (NPP) 2017-2018
- The NPP includes an optional identity component (or overlay) known as PayID
- Australian Government Digital Transformation Agency (DTA)
- Trusted Digital Identity Framework (2016-2017)
- Australian Government Productivity Commission
- Inquiry on Data Availability and Use (8 May 2017)
- Australian Government Department of Prime Minister & Cabinet (DPMC
- Parliament of Australia, House of Representatives Standing Committee
- Review of the Four Major Banks (Second Report) (21 April 2017)
- Data 61
- Blockchain Reports (8 June 2017)
- Australian Government Treasury
- Review of Open Banking in Australia (August 2017)
- Australia Post
- Digital iD (2017)
- UK Competition and Market Authority (CMA)
- www.openbanking.org.uk
Read more about Galexia’s work with RAB »
Galexia completes Privacy Impact Assessment (PIA) for the Australian Health Practitioner Regulation Authority (AHPRA) on Cloud Hosted Platforms - August 2017
|
Galexia was engaged through a competitive tendering process by the Australian Health Practitioner Regulatory Agency to provide independent privacy advice on proposals to migrate significant data assets and processes to a variety of cloud computing platforms.
Galexia completed an initial Privacy Impact Assessment (PIA) on the proposed use of cloud-hosted platforms by the Australian Health Practitioner Regulation Agency (AHPRA).
The purpose of the PIA was to assist in identifying and managing privacy issues raised by the proposed migration of services to cloud computing. It provided a baseline privacy assessment for cloud platforms and API tools and also provided a modular PIA checklist tool for subsequent initiatives.
Read more about Galexia’s work with AHPRA »
Galexia on panel at ForgeRock Identity Summit - The evolving role of privacy in digital transformation - 15 August 2017
|
Galexia Managing Director, Peter van Dijk, participated in a panel at ForgeRock Identity Live in Sydney on 15 August 2017.
Panel Discussion: The Evolving Role of Privacy In Digital Transformation
In this panel industry experts will share insights to tackle the privacy concerns impacting organisations and governments en route to digital transformation. Each panellist brings a different perspective on:
- How regulations (such as GDPR and The Privacy Act) impact digital transformation adoption
- Empowering end-users with rich consent and privacy capabilities
- Ensuring privacy and security for IoT and connected devices
Host:
- Mike Ellis, Chief Executive Officer, ForgeRock
Panellists:
- Victoria Richardson, Chief Strategy Officer, Australian Payments Network
- Richard Addiscott, Director, IT Planning, Governance & Security, Curtin University
- Marta Ganko, Director, Privacy and Data Protection Lead, Cyber Risk Services, Deloitte
- Peter van Dijk, Managing Director, Galexia
Find out more about ForgeRock Identity Summits » [external link]
Galexia providing independent privacy advisory services to Australian Bureau of Statistics (ABS) - August 2017
|
Galexia has been engaged by the Australian Bureau of Statistics (ABS) to provide independent privacy advisory services
Read more about Galexia’s work with ABS »
Following a competitive tender, from August 2017, Galexia has been engaged by the Australian Bureau of Statistics (ABS) to conduct an independent Privacy Impact Assessment (PIA) on the Multi-Agency Data Interchange Project (MADIP).
Galexia has been engaged by the ABS to provide independent advice on the large-scale data interchange between the ABS and other Government agencies. This PIA reflects a growing interest in ensuring that privacy and security concerns are addressed in the integration of data for research purposes.
The Multi-Agency Data Integration Project (MADIP) proposes to bring important national datasets together to explore how the Australian Government can make better use of existing public data for policy analysis, research, and statistical purposes.
There are six Commonwealth agencies working together on the MADIP:
- Australian Bureau of Statistics,
- Australian Taxation Office,
- Department of Education and Training,
- Department of Health,
- Department of Human Services, and
- Department of Social Services.
Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Point of Sale (PoS) Online Service - June 2017
|
Galexia completed a Privacy Impact Assessment (PIA) for the Transport Accident Commission (TAC) on the proposal to develop and implement a Point of Sale (POS) application using Lantern Pay <http://www.lanternpay.com> (in association with Westpac). The application will be hosted, in part, on a cloud-computing platform.
The purpose of the PIA was to assist in identifying and managing privacy issues raised by the design and proposed implementation of the Point of Sale (POS) application - the Lantern Pay service.
The PIA considered compliance with privacy legislation, user acceptance and public perception issues. The PIA made a broad range of recommendations for mediating privacy risks, including changes to the design, practical privacy compliance steps, further research and privacy governance arrangements.
Read more about Galexia’s work with TAC »
Galexia director speaks at Conference on Digital Economy, Trade and Development (Stockholm) - 21 June 2017
|
Galexia director, Chris Connolly, presented at the Conference on Digital Economy, Trade and Development in Stockholm on 21 June 2017.
The seminar was co-hosted by The Swedish Ministry of Foreign Affairs, UNCTAD, and the National Board of Trade.
The event addressed a number of issues:
- What are the development implications of the digital economy?
- How can we bridge the e-commerce divide?
- How should cross-border data flows best be regulated?
The event examined the implications of digitalisation and e-commerce for trade and development. Its fast expansion has led to a division between and within countries where online access has become crucial for the visibility of businesses and economies.
Chris Connolly presented on data protection and sustainability, with a focus on the findings of the report for the United Nations Conference on Trade and Development (UNCTAD)
Session: Data flows, trade and regulations
- Magnus Rentzhog, Senior Adviser, National Board of Trade
- Hanne Melin, Director, eBay Public Policy Lab
- Harsha Liyanage, CEO and Co-Founder at Grasshoppers.lk, Sri Lanka
- Chris Connolly, Director, Galexia
- Christophe Kiener, Head of Unit, Trade in Services, DG Trade, EU Commission
- Moderator: Hosuk Lee Makiyama, Director, ECIPE
|
Galexia Associate publishes new book on privacy law in Singapore - June 2017
|
Galexia Associate Yee Fen (Hannah) Lim has published a new book on privacy law in Singapore - Data Protection in the Practical Context - Strategies and Techniques (June 2017).
The book provides a detailed study of the law, practice and policy of personal data protection law in Singapore. As the EU General Data Protection Regulation (GDPR) that was adopted in April 2016 included provisions implementing a formidable extended jurisdictional reach, this book also provides practical coverage of the GDPR and gives clarity to the key provisions. The book includes an extensive exposition on Big Data and the Internet of Things and their inter-relationship with cybersecurity.
Contents:
- Chapter 1 The Context of Protecting Personal Data
- Chapter 2 The Practical and Conceptual Framework
- Chapter 3 The Concept of Personal Data
- Chapter 4 Notification Obligation
- Chapter 5 Consent Obligation
- Chapter 6 Purpose Limitation Obligation
- Chapter 7 Data Protection by Design and Default
- Chapter 8 Access and Correction Obligations
- Chapter 9 Care of Personal Data
- Chapter 10 Transfer Limitation Obligation
- Chapter 11 Other Notable Provisions in the European Union
- Chapter 12 Looking Ahead
The book is available from: https://www.sal-e.org.sg/data-protection-in-the-practical-context-strategies-and-techniques
Read more about Professor Lim >
Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Phase 1 of Online Client Service - April 2017
|
Galexia was successful in a competitive tender to undertake a PIA examining privacy issues arising from the design and implementation of a new Online Client Service (including an online portal for self-managing clients and a mobile app).
Galexia’s advice covered compliance with Victorian privacy and health privacy legislation, and advice on best practice in moving existing processes to a cloud based service. The PIA was completed in April 2017 and included
- Galexia PIA Matrix (Victoria)
- ‘Urgent Issues’ guidance in the first 2 weeks of the engagement - ensuring a no surprises approach and working closely with multi-disciplinary and agile teams.
- 3 staged briefing notes and vendor and internal team updates incorporated into an agile delivery process.
- Draft and Final PIAs
- Follow briefing to executive and privacy teams
Read more about Galexia’s work with TAC »
Digital Transformation Agency (DTA) releases 1st Galexia Privacy Impact Assessment (PIA) on Digital Identity - 17 March 2017
|
On 17 March 2017 the Australian government Digital Transformation Agency (DTA) released the initial Privacy Impact Assessment (PIA) on the proposed Trusted Digital Identity Framework (TDIF) and identity platform. Galexia completed the PIA as independent consultants to the agency.
The TDIF and platform are designed to support a federated digital identity system.
The initial PIA examined impacts based on the draft framework and platform architecture as at the completion of the Alpha phase of the Digital Identity Initiative, as defined by the Digital Service Standard.
This PIA included extensive analysis of the role of the States and Territories and the application of local privacy legislation, including key differences between Commonwealth privacy legislation and local privacy legislation.
This initial PIA is the first stage of an independent and multi-phase PIA process.
To accompany the PIA the DTA also issued an update on the overall progress of the project.
• Read the blog post about GovPASS on the DTA website » [External link - 17 March 2017]
Download the PIA from the DTA website » [External link - PDF]
Download the PIA » [PDF - Galexia]
Read more about Galexia’s work with the Australian Government and DTA on identity »
Austroads publishes the first Privacy Impact Assessment (PIA) on data messages for connected cars in Australia - March 2017
|
Austroads has released a Privacy Impact Assessment (PIA) developed by Galexia on the hot topic of smart roads and driverless cars.
Galexia provided independent privacy advice on the data messages that be wirelessly broadcast and received by vehicles and roadside units in the deployment of Cooperative Intelligent Transport Systems (C-ITS) in Australia. This is a vital part of the infrastructure required to enable automated or 'driverless' car technology to be deployed safely. Read more »
The PIA considered compliance with privacy and security legislation, standards and international developments in this fast moving sector.
More Information:
- Title: Privacy Impact Assessment (PIA) for Cooperative Intelligent Transport System (C-ITS) data messages
- Abstract: This document provides a high level Privacy Impact Assessment for the Cooperative Intelligent Transport System (C-ITS) data messaging system.
- Keywords: Cooperative Intelligent Transport System, C-ITS, privacy, personal information, cooperative awareness message, de-centralised event notification message, legislation
- Austroads Project No. NT1785?
- Austroads Publication No. AP-C100-17?
- Publication date: March 2017 (Prepared August 2016) Pages 46
- Copyright: Austroads and Galexia 2017
- Download: <https://austroads.com.au/publications/traffic-management/ap-c100-17>
Galexia has a long history of providing advice on privacy issues related to driver and vehicle licensing and transport platforms. Galexia continues to provide independent privacy advice on a range of new and innovative technologies.
Austroads is the peak organisation of Australasian road transport and traffic agencies. Read more about Galexia’s work with Austroads »
New Global Cloud Computing Readiness Scorecard being developed - February 2017
|
Galexia is working with BSA | The Software Alliance on a significant ‘reboot’ of the Global Cloud Readiness Scorecard for 2017, implementing additional and revised criteria and scoring methodology.
The 2017 report will deliver fresh data and results. The new Scorecard benefits from lessons learned and insights developed in the 2012, 2013 and 2016 scorecards and country reports. The scorecard will also benefit from the lessons and successes of the APAC and EU CyberSecurity Dashboards.
The new scorecard will be released in mid-2017.
The Galexia / BSA Global Cloud Scorecard will analyse the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.
The study will include a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.
Galexia presenting at CPDP2017 (The Age of Intelligent Machines) Computers, Privacy & Data Protection 10th International Conference, Brussels - 25 January 2017
|
Galexia Director Chris Connolly will be presenting at CDPD2017 - The Age of the Intelligent Machine at the 10th International Computers, Privacy & Data Protection (CPDP) International Conference in Brussels on 25 January 2017.
CPDP (now in its 10th year) is one of the largest gatherings of privacy experts in the world. More information about the conference is available at: <http://www.cpdpconferences.org>
|
Chris will be speaking on the topic of international data transfers as part of an expert panel considering Legal challenges to the international transfer of data: Privacy Shield and standard contractual clauses (SCCs):
- Chair: Bruno Gencarelli, DG JUST (EU)
- Moderator: Guido Lobrano, Business Europe (EU)
- Panel:
- Thomas Boué, BSA (US)
- Chris Connolly, Galexia (International)
- Fanny Hidvegi, AccessNow (International)
- Christopher Kuner, Brussels Privacy Hub (BE)
- Theme: The panel will focus on the recent legal challenges to data transfers from Europe to the rest of the world: from the Schrems II case on the use of Standard Contractual Clauses to the recent formal complaints against Privacy Shield seeking to annul the European Commission implementing decision, and what these could entail for global data transfer mechanisms. After a brief explanation of the various challenges and the transfer tools put into question, we will focus on the implications that these challenges may have if they were to succeed. This panel will allow for a timely and very topical discussion on a series of ongoing legal developments that may have a profound impact on the future of the Europe and its economy.
The Panel will ask:
- What is at stake with regard to the legal challenges to data transfers from Europe today??
- Why is Privacy Shield qualitatively different from Safe Harbor??
- Are Standard Contractual Clauses (SCCs) and Privacy Shield comparable??
- If both the use of SCCs and Privacy Shield are annulled, what then??
More information about this stream: <http://www.cpdpconferences.org/25012017/cave.html>
The Panel is organised by BSA | The Software Alliance. Read more about Galexia’s work with BSA »
More information about the conference is available at: <http://www.cpdpconferences.org>
[Download presentation slides (PDF) »]
Galexia completes initial Privacy Impact Assessment (PIA) for the Australian Government Digital Transformation Agency (DTA) on the proposed Trusted Digital Identity Framework (TDIF) - December 2016
|
In December 2016 Galexia completed an initial Privacy Impact Assessment (PIA) on the proposed Trusted Digital Identity Framework (TDIF) and identity platform being developed by the Australian Government Digital Transformation Agency (DTA).
The TDIF and platform will support a federated digital identity system.
The initial PIA will determine impacts based on the draft framework and platform architecture as at the completion of the Alpha phase of the Digital Identity Initiative, as defined by the Digital Service Standard.
This PIA is the first stage of an independent and multi-phase PIA process.
On 17 March 2017, the DTA has published this PIA. Read more »
Read more about Galexia’s work with the Australian Government and DTA on identity »
Galexia presenting at the Annual European Data Protection and Privacy Conference, Brussels - 1 December 2016
|
Galexia Director Chris Connolly will be presenting at the 7th Annual European Data Protection and Privacy Conference in Brussels on 1 December 2016. This event has become the principal annual data protection and privacy conference held in Brussels, gathering over 350 cross-sector delegates.
The 2016 conference will particularly focus on the implementation of the GDPR rules, on the implications of the Privacy Shield agreement and will discuss the e-Privacy directive review. It will provide an opportunity for both the policymakers and stakeholders involved in this area to engage in an interactive debate discussing issues related to the future of Data Protection and Privacy in Europe, and what the new framework will mean for the creation of a successful Digital Single Market.
Chris will be chairing a panel of global experts on:
|
More information about the conference is available at: <http://www.eu-ems.com/summary.asp?event_id=3307&page_id=7895>
Galexia Micro-site on the 2016 Global Cloud Computing Scorecard with analytics and graphs on trends since 2012 - December 2016
|
Galexia Global Cloud Computing Readiness Scorecard (2016) Micro-site » - Access the 2016 Scorecard, Dashboard and 24 country report, as well as analytics and graphs showing transition and trends in overall scores across themes and 24 countries (from 2012 to 2016)
In April 2016 the a major update to our cloud readiness research series was released - The 2016 BSA Global Cloud Computing Readiness Scorecard (a joint research effort between BSA | The Software Alliance and Galexia) ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas. Previous reports were released in 2012 and 2013 and this is a major update.
Our micro-site of the 2016 Cloud Scorecard reflects the final and official version as published on the BSA | Software Alliance Scorecard micro-site - with additional embedded analytics and visualisations from Galexia. The release of the 3rd in this series of ground breaking reports is a great time to take stock and look at what we think are the fascinating and significant trends and patterns of global improvements (and backward steps) over the past 4 years (from 2012 to 2016). We have included graphs, analysis and data not previously published.
How does the scorecard and report series work?
There are number of components that go into building up the Cloud Readiness Scorecard & 24 Country Reports
- Consistent themes, criteria and scoring methodology across all reports from 2012
- 24 country reports
- Country checklist on a page - it is worth obtaining the BSA hard copy version of the report which has an double A4 foldout presenting a useful checklists across 24 countries
- Country summaries
- Theme summaries
- Consistent scoring across 46 criteria
- Overall Score and Rankings
- Detailed change tracking, identifying trends and rates of improvement
How much change has there been from 2012 to 2016?
Changes in the 2016 report - from 2013 |
Changes in the 2013 report - from 2012 |
Updates across 24 countries and 66 criteria, including:
Tracks change in score and rank from 2013 Full scorecard report translated into 3 languages (Korean, Spanish & Thai) Country reports translated into 7 languages (Argentina, China, Germany, Korea, Japan, Mexico & Thailand) Includes 2 new case studies |
Updates across 24 countries and 66 criteria, including:
Tracks change in score and rank from 2012 Includes 3 new case studies |
Summary of Scores and Ranks for 2016
The 2016 BSA Global Cloud Computing Scorecard ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas.
This year’s results reveal that almost all countries have made healthy improvements in their policy environments since the release of BSA’s previous Scorecard in 2013. But the stratification between high-, middle- and lower-achieving country groups has widened, with the middle-ranking countries stagnating even as the high achievers continue to refine their policy environments.
Scores and Rank and how this has changed from 2012 to 2016
The following visualisations show the transition and trends in the overall scores, theme scoring components and rank changes (from 2012 to 2016):
Galexia Global Cloud Computing Readiness Scorecard (2016) Micro-site » - Access the 2016 Scorecard, Dashboard and 24 country report, as well as analytics and graphs showing transition and trends in overall scores across themes and 24 countries (from 2012 to 2016)
Article in Data Protection Leader - Regulators fight back against privacy fraud - November 2016
|
Data Protection Leader, Volume 13, Issue 11 (November 2016) - Regulators fight back against privacy fraud
Chris Connolly, Director at Galexia, summarises the key lessons to be learnt from recent enforcement action involving ‘privacy fraud.’
Privacy fraud has traditionally been viewed as a niche issue, but in recent years it has emerged as a mainstream privacy compliance matter, and now attracts significant attention from data protection regulators. It typically occurs where a company claims it belongs to a specific privacy compliance?scheme or that it has been certified?in a privacy trustmark scheme. The?claim is designed to assure consumers that it meets a high level for privacy assurance, or that its practices have been assessed and certified by a?trusted third party. In a growing number of instances, these claims are false.?Data protection experts have been aware of this problem for many years. Consumer protection regulators, trust- mark operators and consumer advocates spend a significant amount of time and resources contacting companies and asking them to remove false claims. Consumer protection regulators (including some data protection regulators) can threaten to use their legal powers in relation to ‘misleading and deceptive’ conduct. Trustmark operators can threaten to use their trademark protection powers to seek the removal of false claims. Consumer advocates?can threaten to refer the company to?the relevant regulator or to the media.
The vast majority of this work takes place ‘behind the scenes’ and it is?only in recent years that formal, public enforcement action has been taken on privacy fraud. Since 2009, there have been 39 public enforcement actions related to privacy fraud, with the bulk of them occurring in the last three years.
...
Read the complete article » - including
- The Ashley Madison case - Privacy fraud may be so significant that it invalidates consent?
- False Safe Harbor claims - Privacy fraud may occur where a?false claim is the result of ‘lapsed’ membership of a privacy scheme (various Safe Harbor cases 2009-2015);
- Trustmark scheme false claims - Privacy fraud may extend to the privacy trustmarks schemes themselves (TRUSTe 2015);
- APEC CBPRs false claims - Privacy fraud may occur where?a company falsely claims it is a member of a scheme it has never applied to join (some Safe Harbor cases in 2009 and 2015, and the APEC CBPRs cases 2016);
Read Volume 13, Issue 11 (November 2016) »
Galexia completes Privacy Impact Assessment (PIA) for the Australian Government Attorney General’s Department (AGD) on Change of Name Data Sharing - October 2016
|
Galexia was engaged by the National Security Policy Branch of the Australian Government Attorney General’s Department to conduct an independent Privacy Impact Assessment (PIA) on proposals to allow change of name data to be shared across multiple Commonwealth, State and Territory agencies.
This PIA includes consideration of legislative requirements, identity verification protocols, national security considerations and community privacy perceptions.
Stakeholders included the National Security Policy Branch (Attorney General’s Department), Department of Immigration and Border Protection and all of the state Births Deaths and Marriages Registries.
The broad purpose of this PIA was to assist in the development of ongoing data sharing arrangements regarding formal change of name information between State and Territory Registries of Births Deaths and Marriages (BDMs), and the Australian Government Department of Immigration and Border protection (DIBP).
The Martin Place Siege: Joint Commonwealth - New South Wales Review <https://www.dpmc.gov.au/resource-centre/national-security/martin-place-siege-joint-commonwealth-new-south-wales-review> (the Review) identified gaps in the sharing of information on changes of name between government agencies. In particular, the Review highlighted the need to improve the robustness of checks on identity by Commonwealth and state and territory government agencies, including the need for improved arrangements for sharing formal name change information between Commonwealth and state bodies. A national Change of Name Working Group has been established to manage the implementation of a solution.
Read more about Galexia’s work with the Australian Government AGD »
Galexia Director Chris Connolly joins the Editorial Board of Data Protection Leader - October 2016
|
Galexia Director, Chris Connolly, has joined the Editorial Board of Data Protection Leader (formerly known as the Data Protection Law and Policy Journal). This global journal is one of the leading monthly publications on privacy, data protection and cyber-security.
The monthly law publication covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data.
Subscribers to the publication receive printed copies each month and also gain full online access, including to the fully searchable archives, which feature over 500 articles.
The main themes covered in the Data Protection Leader are:
- Global Privacy Norms & Reforms
- Data Breach & Data Security
- Data Transfers & Outsourcing
- Cloud computing and digital data
- Sectoral privacy issues (e.g. health and financial services)
More information: <http://www.e-comlaw.com/data-protection-leader/>
Galexia presenting at the International Conference of Data Protection and Privacy Commissioners, Marrakech - October 2016
|
Galexia Director, Chris Connolly, will deliver a presentation on privacy law and trade at the 38th International Conference of Data Protection and Privacy Commissioners (Marrakech, 17-20 October 2016). The presentation is part of a high profile Panel on Data Protection and Privacy Law as a Driver in Sustainable Development.
The presentation will include highlights from Chris's research paper for the United Nations: Data protection regulations and international data flows: Implications for trade and development (UNCTAD 2016), and also lessons from the Global Cloud Computing Scorecard (Galexia / BSA 2016).
More information about the conference is available at:
https://www.privacyconference2016.org/
[Download presentation slides (PDF) »]
Privacy Policy and Privacy Management Framework for Financial Literacy Platform - September 2016
|
Galexia assisted in the strategic realignment of CreditED business around privacy and service strengths. This included the development and implementation of a best practice privacy management framework appropriate to the size and risk profile of the business.
Read more about Galexia’s work with CreditED »
Galexia completes Privacy Impact Assessment (PIA) for Austroads on Co-operative Intelligent Transport Systems (C-ITS) data messaging - August 2016
|
Galexia conducted a high-level Privacy Impact Assessment (PIA) for Austroads considering the privacy issues raised by standard data messages that will be wirelessly broadcast and received by vehicles and roadside units in a Cooperative Intelligent Transport Systems (C-ITS) deployment.
In March 2017, Austroads has published this PIA. Read more »
Cooperative ITS (C-ITS) is a vital part of the infrastructure being developed under the broader banner of Intelligent Transport Systems.
A connected vehicle ecosystem is emerging in which vehicles will share data wirelessly with other vehicles, with infrastructure, with transport management systems, and with mobile devices. Commonly referred to as Cooperative Intelligent Transport Systems (C-ITS), this ecosystem will enable a wide range of vehicle and transport applications to be deployed that cooperatively work together to deliver safety, mobility and environmental outcomes that are in addition to what many standalone systems can achieve.[1]
Potential communications scenarios include:
- Vehicle to vehicle (V2V);
- Vehicle to infrastructure (V2I, and also I2V); and
- Communications with other devices (V2X), such as personal devices.
The infrastructure is a vital part of the deployment of ‘smart roads’ and ‘smart cars’ (driverless or automated vehicles).
|
Galexia has a long history of providing advice on privacy issues related to driver and vehicle licensing and transport platforms.
Austroads is the peak organisation of Australasian road transport and traffic agencies.
Read more about Galexia’s work with Austroads »
Galexia undertakes Privacy Review on a micro payment system for public transport - July 2016
|
Galexia has completed a high-level privacy review for a payments consortium consisting of LittlePay (Australia) and Perimeter Payments (UK) regarding their roll-out of a micro-payments system for public transport.
The review considered privacy compliance issues in situations where data flowed across a variety of jurisdictions. This included an examination of Australian, British and European requirements for protecting privacy during the cross-border transfer of personal data.
Galexia has a long history of providing advice on privacy issues related to both electronic payment systems and to transport related platforms.
littlepay is an Australian fintech start-up focused on developing micro payment processing services.
Read more about Galexia’s work with LittlePay »
Galexia completes Privacy Impact Assessment (PIA) for the NSW Information and Privacy Commission on cloud based Government Access tool - July 2016
|
Galexia, in conjunction with Doll Martin Associates, completed a high level Privacy Impact Assessment (PIA) for the Information and Privacy Commission NSW on the IPC GIPA Tool. (GIPA is the Government Information (Public Access) Act 2009).
The Government Information Privacy Act 2009 (GIPA) requires the Information and Privacy Commission (IPC) to provide a resource to assist agencies in processing GIPA applications and to report annually on the operation of GIPA. In order to facilitate these requirements the IPC has developed and implemented a case management and reporting system called the ‘GIPA Tool’.
The PIA considered compliance with the NSW Privacy and Personal Information Protection Act 1998 (PPIP Act) and privacy issues associated with storing data in the cloud.
Galexia chapter in 'Enforcing Privacy' book published (Springer) - April 2016
|
Galexia directors Chris Connolly and Peter van Dijk are the authors of a chapter in the new book Enforcing Privacy - Regulatory, Legal and Technical Approaches (published by Springer, April 2016). This is the first major book to focus on the enforcement of privacy, and contains chapters from many leading privacy experts, including key regulators, academics, consultants and politicians.
Chris Connolly and Peter van Dijk contributed the chapter on Enforcement and Reform of the EU-US Safe Harbor Agreement. The chapter includes a detailed analysis of every Safe Harbor enforcement action. It also includes a detailed history of attempts to reform the Safe Harbor agreement, culminating in the proposed EU-US Privacy Shield in 2016.
Galexia advises on options for the cross border transfer of personal data in compliance with global, regional and national data protection requirements. The enforcement of these arrangements is a key issue in data protection, and this book provides a unique insight into the diversity of legal and technical enforcement options that are in use today.
More Information:
Enforcing Privacy - Regulatory, Legal and Technical Approaches
Wright, David, De Hert, Paul (Editors.)
Springer (publisher), April 2016
<http://www.springer.com/gb/book/9783319250458>
Table of contents (21 chapters):
- Introduction
- 1. Introduction to Enforcing Privacy - Wright, David (et al.) - Pages 1-12
- 2. Enforcing Privacy - Wright, David - Pages 13-49
- Part I - Countries
- 3. Failures of Privacy Self-Regulation in the United States - Gellman, Robert (et al.) - Pages 53-77
- 4. From a Model Pupil to a Problematic Grown-Up: Enforcing Privacy and Data Protection in Hungary - Szekely, Ivan - Pages 79-104
- 5. A Tale of Two Privacies: Enforcing Privacy with Hard Power and Soft Power in Japan - Miyashita, Hiroshi - Pages 105-122
- 6. The Spanish Experience of Enforcing Privacy Norms: Two Decades of Evolution from Sticks to Carrots - Lombarte, Artemio Rallo - Pages 123-144
- 7. Data Protection and Enforcement in Latin America and in Uruguay - Brian Nougrères, Ana - Pages 145-180
- Part II - International Mechanisms
- 8. The International Working Group on Data Protection in Telecommunications: Contributions to Transnational Privacy Enforcement - Dix, Alexander - Pages 183-193
- 9. Enforcing Privacy Across Different Jurisdictions - Svantesson, Dan - Pages 195-222
- 10. Cross-Border Breach Notification - Stewart, Blair - Pages 223-231
- 11. Responsive Regulation of Data Privacy: Theory and Asian Examples - Greenleaf, Graham - Pages 233-259
- 12. Enforcement and Reform of the EU-US Safe Harbor Agreement - Connolly, Chris & van Dijk, Peter - Pages 261-283
- Part III - Instruments
- 13. How Effective Are Fines in Enforcing Privacy - Grant, Hazel (et al.) - Pages 287-305
- 14. Enforcing Privacy Rights: Class Action Litigation and the Challenge of - Rotenberg, Marc (et al.) - Pages 307-333
- 15. Data Protection Certification: Decorative or Effective Instrument - Audit and Seals as a Way to Enforce Privacy - Bock, Kirsten - Pages 335-356
- 16. The Co-existence of Administrative and Criminal Law Approaches to Data Protection Wrongs - Hert, Paul (et al.) - Pages 357-394
- 17. Whom to Trust - Using Technology to Enforce Privacy - Métayer, Daniel - Pages 395-437
- Part IV - Challenges for the Future
- 18. The Irish DPA and Its Approach to Data Protection - Hawkes, Billy - Pages 441-454
- 19. Getting Our Act Together: European Data Protection Authorities Face Up to Silicon Valley - Kohnstamm, Jacob - Pages 455-472
- 20. Regaining Control and Sovereignty in the Digital Age - Albrecht, Jan Philipp - Pages 473-488
- 21. Privacy Enforcement in Search of Its Base - Rule, James B. - Pages 489-497
3rd Global Cloud Computing Readiness Scorecard released - 27 April 2016
|
Our latest research report has been released - The 2016 BSA Global Cloud Computing Scorecard (a joint research effort between BSA | The Software Alliance and Galexia) ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas.. Previous reports were released in 2012 and 2013 and this is a major update.
This year’s results reveal that almost all countries have made healthy improvements in their policy environments since the release of BSA’s previous Scorecard in 2013. But the stratification between high-, middle- and lower-achieving country groups has widened, with the middle-ranking countries stagnating even as the high achievers continue to refine their policy environments..
(BSA Global Media Release - 26 April 2016 - Washington) Despite Gains, Countries’ Cloud Computing Policies Leave Much Room for Improvement, BSA Study Shows South Africa, Canada Make Major Strides; Russia, China Push Policies Hindering Technology WASHINGTON — April 26, 2016 — National governments continue to make significant strides in improving the legal and regulatory environment for cloud computing around the globe, but important exceptions exist in several countries that threaten to impede economic growth in those markets, according to a far-reaching study by BSA | The Software Alliance. The 2016 BSA Global Cloud Computing Scorecard ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas. Cloud computing allows anyone — a start-up, an individual consumer, a government or a small business — to quickly and efficiently access technology in a cost-effective way. These services in return open the door to unprecedented connectivity, productivity and competitiveness. This year’s results reveal that almost all countries have made healthy improvements in their policy environments since the release of BSA’s previous Scorecard in 2013. But the stratification between high-, middle- and lower-achieving country groups has widened, with the middle-ranking countries stagnating even as the high achievers continue to refine their policy environments. “The Scorecard shows that countries are eager to welcome cloud computing and its myriad economic benefits, and many of them are creating a favorable regulatory and legal environment,” President and CEO of BSA | The Software Alliance Victoria Spinel said. “Unfortunately, the Scorecard also shows some countries are heading down a path of treating cloud computing as the next frontier of protectionism. The report is a wakeup call for all governments to work together to ensure the benefits of the cloud around the globe.” In terms of overall ranking, the biggest improvers were South Africa (moving up six places) and Canada (moving up five places). Notably, three of the countries that have trailed in the rankings — Thailand, Brazil and Vietnam — continue to make significant and consistent gains and are closing their gap with mid-tier countries. The world’s major IT markets remained stable with modest gains. Negative trends emerged as well. For example, few countries are promoting policies of free trade or harmonization of cloud computing policies. Russia and China, in particular, have imposed new policies that will hinder cloud computing by limiting the ability of cloud computing service providers to adequately move data across borders. The full, 24-country rankings and detailed findings are available at www.bsa.org/cloudscorecard. |
The BSA Global Cloud Scorecard analyzes the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.
The study includes a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.
Each country's score is computed using a 72-item scoring grid and analyses. The scores are derived using a weighted system that allocates different weights to each section/question. A number of basic fact-finding questions are excluded from the scoring system. Each group of questions is weighted to reflect its importance to cloud computing and each individual question is also weighted to reflect its importance within the group. To help with the scoring and usability of the study, the assessments are based on a series of questions that are framed so that a "yes" response reflects a favorable policy setting for global cloud computing. The weights are shown in the table below and the results are available in the downloadable report.
Download the scorecard and 24 country reports:
- BSA’s Global Cloud Computing Score Card (2016) micro-site
- Galexia Micro-site - analytics and graphs showing transition and trends in overall scores across themes and 24 countries (from 2012 to 2016)
Galexia helps the United Nations publish major study on data protection and trade - 19 April 2016
|
On April 19, 2016 the United Nations Conference on Trade and Development (UNCTAD) published a major new study: Data protection regulations and international data flows: Implications for trade and development.
Galexia Director Chris Connolly was the lead author / consultant for the study.
This major report (170 pages) examines the relationship between data protection and trade, with a strong focus on the issues faced by developing nations. The study also includes detailed contributions from national governments, regulators and businesses.
The study identified numerous challenges in the development and implementation of data protection laws, including:
- 1. Addressing gaps in coverage
- 2. Addressing new technologies
- 3. Managing cross-border data transfers
- 4. Balancing surveillance and data protection
- 5. Strengthening enforcement
- 6. Determining jurisdiction
- 7. Managing the compliance burden
The study includes numerous practical policy options and suggestions for global, regional and national stakeholders.
The United Nations is emerging as an important voice in the data protection debate, with the ability to engage with developing nations and emerging markets. Galexia continues to provide assistance to the UN on data protection and e-commerce legal and regulatory issues.
The full report is available at: http://unctad.org/en/pages/PublicationWebflyer.aspx?publicationid=1468
3rd Global Cloud Computing Readiness Scorecard due for public release - April 2016
|
The 3rd Global Cloud Computing Readiness Scorecard is due for public release in April 2016 and will be available from <http://bsa.org/cloudscorecard>.
The Galexia / BSA Global Cloud Scorecard analyses the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.
The study includes detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.
United Nations hosting major E-Commerce event in Geneva - 18 April 2016
|
Galexia director Chris Connolly will be assisting in the presentation of a two day expert meeting on Data Protection and Privacy: Implications for Trade and Development on 19-20 April in Geneva. The meeting is part of the United Nations E-Commerce Week (Geneva, April 18-22).
The E-Commerce Week is hosted by UNCTAD - the UN Conference on Trade and Development. The week includes sessions on cybercrime readiness, consumer protection online, ICT policy reviews and the proposed Action Plan for Aid for eTrade. The week concludes with the launch of the UNCTAD B2C E-Commerce Index 2016 (Measuring Cross-Border E-Commerce).
A highlight of the E-Commerce Week is the Ad Hoc Expert Meeting on Data Protection and Privacy: Implications for Trade and Development (19-20 April). Galexia Director Chris Connolly has been assisting UNCTAD as a consultant in preparing a new report on privacy and trade, and he will be moderating the meeting.
The UNCTAD meeting invitation states:
"The increasing global relevance of activities and transactions online and the changing nature of the information economy, enhances the importance of coherence between data protection and privacy frameworks that can help foster innovation and trade while at the same time protect against unnecessary intrusions. Recent and expected regulatory changes in the field of data protection and privacy as well as diverging approaches in different parts of the world, call for renewed discussion on possible ways forward.
This ad hoc expert meeting will contribute to ensure global communication on the subject to understand emerging topics in data protection and privacy, new challenges and opportunities, as it relates to unlocking the potential for cross-border trade. Industry players and consumers, as well as governments and international organizations will present their perspectives and outline the latest developments, current practices and relevant frameworks.
The Ad Hoc expert meeting will commence with the presentation of the UNCTAD Study on Data Protection and International Data Flows. Representatives from public and private stakeholders will then take the floor to discuss thematic topics and present their experiences. Invited delegates include representatives from the African Union Commission, Asia-Pacific Economic Cooperation, the Commonwealth, the Council of Europe, the East African Secretariat, the ECOWAS Commission, European Union, the Organisation for Economic Co-operation and Development, the United States Federal Trade Commission, UNOHCHR, International Chamber of Commerce, the Computer and Communications Industry Association, Consumer International, Google, Microsoft, and eBay and other e-commerce platforms from developing countries."
More details are available at: <http://unctad.org/en/pages/newsdetails.aspx?OriginalVersionID=1194>
Galexia article about Implementation of the new EU-US Privacy Shield - 21 March 2016
|
Galexia has published an article on the proposed EU-US Privacy Shield, which is set to replace the former Safe Harbor as the key mechanism for the transfer of personal data from the European Union to the United States.
The draft Privacy Shield adequacy decision by the European Commission is yet to be formalised - the commission must first seek the opinion of the influential Article 29 Working party. However, it is almost certain that the Privacy Shield will be implemented in some form in the near future.
The former Safe Harbor framework was the subject of extensive research and analysis by Galexia, including a major report in 2008 followed by ongoing monitoring and the submission of evidence and reports to the EU and US authorities.
How does the proposed Privacy Shield compare to the Safe Harbor?
Advice on market sizing for cross border transfers from Europe - February 2016
|
Galexia advised DIGITALEUROPE on market issues and policy options related to the cross-border transfer of personal data. The study included an analysis of the type and size of organisations making data transfers, the type of data transferred and the regulatory options adopted by hundreds of organisations. The analysis included a breakdown of market segments by sector and business size.
Galexia has particular expertise in the privacy issues associated with the transfer of data to and from Europe.
DIGITALEUROPE <www.digitaleurope.com> is a European trade organisation representing the digital technology industry. Their members include around 60 major technology companies and 35 national trade associations.
The European Union Network and Information Security (NIS) Directive moves a step closer to implementation - 16 January 2016
|
The European Union Network and Information Security Directive (the NIS Directive) has moved a step closer to implementation after the EU's Internal Market Committee voted to support the Directive on 16 January 2016. This was the final major hurdle in the passage of the Directive, and the Directive is expected to be endorsed by parliament in the near future.
The NIS Directive requires relevant businesses to put in place security measures to protect their networks and data against cyber security attacks and to report serious cyber incidents and threats to regulators.
Galexia has been at the forefront of studying the potential impact of the NIS Directive, both in Europe and beyond. One of our key reports on CyberSecurity is the 2015 EU CyberSecurity Maturity Dashboard (including 28 Country reports and case studies). That report was prepared for BSA | The Software Alliance and released in April 2015. The report includes a comparative analysis of country readiness for the NIS Directive.
The subsequent Asia Pacific CyberSecurity Maturity Dashboard (including 10 country reports and case studies considers the maturity of APAC countries through the lens of the NIS directive.
Follow the progress of the NIS Directive at the Digital Agenda for Europe site: <https://ec.europa.eu/digital-agenda/en/cybersecurity>
Galexia Director speaking at Privacy Law and Business Conference in Cambridge (UK) - 7 July 2015
|
Galexia Director Chris Connolly will deliver a special presentation at the Privacy Laws and Business Conference at Cambridge University on July 7.
The presentation will mark the fifteenth anniversary of the launch of the EU-US Safe Harbor, and is titled: 'The Safe Harbor at Fifteen' - A brief history of enforcement and reform.
- A brief history of the establishment of the Safe Harbor, its role, purpose and structure.
- An overview of the five public reviews of the Safe Harbor that have been conducted
- An issue by issue analysis of Safe Harbor enforcement, including:
- The notice and consent cases ?
- False claims of current Safe Harbor membership
- Safe Harbor fraud
- Expensive dispute resolution providers and threats against complainants
- Fine print exclusions
- Conflicts of interest
- A brief discussion of structural and cultural differences (and similarities) between the EU and US approach to privacy
- The role of the Safe Harbor in the national security surveillance debate
- The future of the Safe Harbor, and lessons learned.
The presentation will be followed by a panel discussion including Commissioner Julie Brill (US Federal Trade Commission) and Bruno Gencarelli (Head of Data Protection at the European Commission Directorate General for Justice).
More details are available at: <http://www.privacylaws.com/annual_conference>
APAC CyberSecurity Dashboard and 10 Country Reports Launched - 1 July 2015
|
On 30 June 2015 BSA | The Software Alliance released the APAC CyberSecurity Maturity Dashboard (including 10 Country reports and case studies).
The 2015 APAC Cybersecurity Dashboard evaluates cybersecurity laws, rules, policies and institutions in 10 key jurisdictions:
- Australia
- China
- India
- Indonesia
- Japan
- Malaysia
- South Korea
- Singapore
- Taiwan
- Vietnam
The report assesses each country against criteria deemed essential for effective cybersecurity protection.
The full country reports are available for download and give an overview of the cybersecurity landscape, highlighting key cybersecurity legislation and policy, as well as the main entities currently operating within each jurisdiction. Maturity is assessed against criteria grouped across the following key themes:
- Legal foundations for cybersecurity;
- Operational capabilities;
- Public-private partnerships;
- Sector-specific cybersecurity plans; and
- Education.
This work complements Galexia’s other research reports for BSA,
- European Cybersecurity Maturity Dashboard published in March 2015
- Global Cloud Readiness Scorecard - published in 2012, 2013 and in August 2015.
Download the APAC CyberSecurity Report and 10 Country Studies
- BSA APAC CyberSecurity Maturity Dashboard (2015) micro-site (external site)
Vale Claro ‘Lalen’ Parlade - June 2015
It is with great sadness that we report the loss of Galexia Associate and close friend Claro Parlade, who has died in the Philippines after a period of illness.
Claro was a well known IT lawyer in the Philippines who played a key role in the development of cyberlaws in the Asia Pacific region. Claro collaborated with Galexia on several regional projects, and was based in the Galexia offices in Sydney for a short period while he worked on the development of the Philippines privacy legislation, (the Data Privacy Act 2012).
Claro also held senior roles at Google and BSA | The Software Alliance. He was a global expert, having lived, worked and studied in the Philippines, Australia, Canada, the US and Singapore.
The Galexia team express our deepest sympathy to Claro's wife, three daughters and family. Claro’s gentle combination of wit, insight, friendship, intellect and cyber-law expertise will be missed by all of us.
Privacy Review for Diabetes Australia - June 2015
|
In June 2015 Galexia completed a Privacy Review of the National Diabetes Services Scheme (NDSS) for Diabetes Australia.
Read more about our projects with Diabetes Australia »
European CyberSecurity Dashboard and 28 Country Reports Launched - 3 March 2015
|
On 3 March 2015 BSA | The Software Alliance released the EU CyberSecurity Maturity Dashboard (including 28 Country reports and case studies).
The 2015 EU Cybersecurity Dashboard — the first-of-its-kind examination of the relevant policy approaches in the Member States — highlights some fundamental challenges as well as significant opportunities for improving cybersecurity across the EU.
The Report evaluates national laws, rules and policies in all 28 EU Member States against 25 criteria deemed essential for effective cybersecurity protections. It is intended to provide EU Member States with an opportunity to evaluate their countries’ policies against key metrics and maps a way forward by outlining the key building blocks for a strong cybersecurity legal framework.
The full Member State reports give an overview of the cybersecurity landscape, based on the set of criteria outlined below, highlighting key cybersecurity legislation and policy, as well as the main entities currently operating within each jurisdiction.
- Legal foundations for cybersecurity;
- Operational capabilities;
- Public-private partnerships;
- Sector-specific cybersecurity plans; and
- Education.
This work complements Galexia’s other research reports for BSA, including the soon to be Global Cloud Readiness Scorecard published in 2012, 2013 and in April 2015.
Download the EU CyberSecurity Report and 28 Country Studies
- BSA European CyberSecurity Maturity Dashboard (2015) micro-site (external site)
Galexia to present at Expert Meeting on Cyberlaws and Regulations for Enhancing E-Commerce, Geneva - March 2015
|
Galexia Director Chris Connolly will present a paper on Global Issues in Cybersecurity and Privacy in Geneva on 25 March 2015.
More information about the conference is available at:
<http://unctad.org/en/pages/MeetingDetails.aspx?meetingid=644>
The Expert Meeting on Cyberlaws and Regulations for Enhancing E-Commerce has been organised by the United Nations Conference on Trade and Development (UNCTAD). Chris will be speaking in the session on data protection and cybercrime.
The session will explore recent developments related to e-commerce in respect of data breaches and fraud. It will discuss ways to ensure confidence and trust in the use of the Internet through the enactment of legal and regulatory frameworks for protecting personal data, privacy and combatting cybercrime. It will explore the complexity of cross-border enforcement and ways in which governments and businesses can work together in these areas. It will also discuss measures by companies, in particular small and medium-sized enterprises, to keep consumer information secure.
Galexia has a long history of working with UNCTAD (and ASEAN and other regional groupings) on international cyberlaw issues.
3rd Global Cloud Computing Readiness Scorecard being developed for mid 2015 launch - August 2014
|
In August 2014 Galexia began work on an important research project for BSA - The Software Alliance. Galexia has been commissioned to prepare the 3rd Global Cloud Computing Readiness Scorecard, following the success of the 2012 and 2013 scorecards.
The new scorecard will be released in mid-2015.
The Galexia / BSA Global Cloud Scorecard will analyse the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.
The study will include a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.
Galexia completes Privacy Impact Assessment (PIA) for Victorian Resource Rights Allocation and Management (RRAM) migration to cloud - August 2014
|
Galexia conducted a Privacy Impact Assessment (PIA) for the Victorian Department of State Development, Business & Innovation (DSDBI) on the proposed migration of the Resource Rights Allocation and Management (RRAM) Project to a commercial cloud provider.
Galexia has particular experience in advising Government agencies in their successful migration to cloud and externally hosted services. We have assisted in the development of a staged privacy and security assessments and compliance framework for prior migrations.
Galexia developing Asia-Pacific Cybersecurity Comparative Study - July 2014
|
In July 2014 Galexia began work on an important research project for BSA - The Software Alliance. Galexia has been commissioned to prepare a report on Cybersecurity in 10 Asia Pacific nations.
The countries included in the study are Australia, China, India, Indonesia, Japan, Korea, Malaysia, Singapore, Thailand and Vietnam.
The report will be published in early 2015.
This work complements our earlier research reports for BSA, including the Global Cloud Readiness Scorecard published in 2012 and 2013.
The new report will include a detailed country-by-country analysis of legislation, regulations, government policy, standards and infrastructure related to Cybersecurity.
Australian Department of Communications Technology Advice Panel - June 2014
|
Galexia has been appointed to the Department of Communications Technology Advice Panel to provide specialised services to the Department.
The specialised services include:
1. Information & Communications Technology (ICT) Industry Research and Analysis
a) Research and analysis of the ICT industry, including
- Horizon scanning and forecasting
- Technology developments (incl. hardware, software and processes) and their performance and impacts
- Telecom and communications deployments, including migrations
- Demand and supply side trends and drivers
- Industry structure, alliances, partnerships, mergers and acquisitions key players and market segments
- Regulatory and public policy issues
- Modelling, costing's and deployment plans
- Sectoral and trans-sectoral ICT developments and deployments
- Technical standardisation and assorted trends, nationally, regionally and internationally. Provisions for telecommunications and communications in the built environment (e.g. pathway systems)
- International comparisons and case studies in relation to any or all of the above
b) Customised primary and secondary research and analysis as required.
Galexia developing European Cybersecurity Comparative Study - June 2014
|
In June 2014 Galexia began work on an important research project for BSA - The Software Alliance. Galexia has been commissioned to prepare a report on Cybersecurity in 28 European Union nations.
The report will be published in 2015.
This work complements our earlier research reports for BSA, including the Global Cloud Readiness Scorecard published in 2012 and 2013.
The new report will include a detailed country-by-country analysis of legislation, regulations, government policy, standards and infrastructure related to Cybersecurity.
Galexia presents on The Future of the EU-US Safe Harbor at Brussels conference - 1 June 2014
|
Galexia Director Chris Connolly presented a paper on The Future of the EU-US Safe Harbor at a major privacy research conference in Brussels on 1 June 2014.
The event was the final conference of the SAPIENT project: (Supporting fundamentAl rights, PrIvacy and Ethics in surveillaNce Technologies) <http://www.sapientproject.eu/>
The presentation focused on enforcement issues, and follows previous Galexia research on compliance issues in the EU-US Safe Harbor. The Safe Harbor Framework is a mechanism for allowing some EU data to be transferred to US businesses while protecting the privacy of individuals. The Framework is the subject of a significant review and overhaul by the US and EU.
Galexia completes Privacy Impact Assessment (PIA) for Business Victoria Online - May 2014
|
Galexia completed a Privacy Impact Assessment (PIA) for the Victorian Department of State Development, Business & Innovation (DSDBI) on the migration of Business Victoria Online (BVO) services to a commercial cloud services provider.
Galexia provided a range of cloud and privacy advice and developed a re-usable template and checklist driven approach for future PIAs.
AUSTRAC releases Galexia’s PIA on AML/CTF reforms - May 2014
|
In early 2014 Galexia completed a Privacy Impact Assessment (PIA) for proposed changes to the customer due diligence requirements of Australia’s Anti-Money Laundering and Counter-Terrorism Financing Framework (the CDD project).
The PIA was one of the first PIAs conducted in accordance with the new Australian Privacy Principles (APPs) that came into force in March 2014.
The PIA was published by AUSTRAC in May 2014.
Galexia was able to advise AUSTRAC on how to incorporate important changes to customer due diligence requirements that form part of international commitments to tackle money laundering, while complying with Australia's revised privacy legislation.
A number of recommendations in the PIA resulted in changes to the final form of the AML/CTF Rules.
Download PIA » [Galexia - PDF]
Galexia gives evidence about EU/US Safe Harbor privacy framework to the UK House of Lords - 12 March 2014
|
Galexia Director Chris Connolly appeared at the House of Lords EU Sub-Committee on Home Affairs, Health and Education in London on 12 March 2014.
The Committee was investigating the potential reform of the EU US Safe Harbor Framework which allows some EU personal data to be transferred to the United States. Mr Connolly was asked to provide evidence on the level of privacy protection provided under the Framework.
On 7 May 2014 the Committee issued a final report, calling for improvements to the Safe Harbor. The final report is available at:
<http://www.parliament.uk/documents/lords-committees/eu-sub-com-f/safeharbour/boswell.pdf>
Galexia presentation at the Commonwealth Cybersecurity Forum in London - 5 March 2014
|
Galexia Director Chris Connolly appeared at the Commonwealth Cybersecurity Forum in London on 5 March 2014. He discussed the balance between privacy and security in the emerging cloud computing environment. Mr Connolly provided an overview of national approaches to cloud computing policy and regulation, with a special emphasis on the issues facing developing countries.
Galexia has played a key role in assessing national, regional and global approaches to cloud computing privacy and security policies. In 2012 and 2013 Galexia developed the BSA Global Cloud Computing Scorecard. We have also contributed to the work of the United Nations Conference on Trade and Development (UNCTAD) in this area.
More information: (External links)
- Commonwealth Cybersecurity Forum 2014, London - <http://www.cto.int/events/previous-events/2014-2/cybersecurity-2014/>
- The UNCTAD Information Economy Report 2013 - The Cloud Economy and Developing Countries - <http://unctad.org/en/PublicationsLibrary/ier2013_en.pdf>
Galexia completes privacy and security advice on cloud applications for 3wks.com.au and Victorian Government - November 2013
|
Galexia worked with 3wks.com.au and a Victorian government agency to consider the legal and regulatory issues regarding the development of cloud based application for government.
This work required a review and analysis of:
- Google Apps terms and privacy policy
- Google Cloud Services Partner Agreement
- Comparison of cloud provider privacy policies (including Google Compute, Google Apps, Salesforce, AWS, etc)
- Agency privacy policies
- General research and literature review on offshore privacy issues
- Review of relevant guidance from the Office of the Victorian Privacy Commissioner;
- Review of relevant Victorian Government guidance on security and cloud computing and DSD Cloud Computing Security Considerations (2011); and
- Review of Victorian Government Security Policy Documents - <http://digital.vic.gov.au/policies-standards-guidelines/information-security/>
Galexia and Doll Martin Associates announce closer strategic relationship - October 2013
In October 2013 Galexia and Doll Martin Associates strengthened their existing partnership and announced a closer strategic alliance. Galexia and Doll Martin Associates have worked on projects together since 2005 and both organisations have decided to leverage their particular strengths and synergies by working together.
All Galexia services in Australia and New Zealand will be provided through the alliance. Galexia brings to the alliance its Australian and international cloud, privacy and identity advisory practice and Doll Martin Associates provides Galexia with greater local capacity and access to an expanded range of business strategy, architecture and information management consulting services.
Galexia invited to provide evidence to the European Parliament LIBE Inquiry on Electronic Mass Surveillance of EU Citizens - 7 October 2013
|
Galexia Director, Chris Connolly, has been asked to appear before a European Parliament inquiry to discuss the impact of the NSA / PRISM revelations on the privacy of European citizens when their data is transferred to the United States.
The Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee) is holding an inquiry on electronic mass surveillance of EU citizens, and Chris will appear before the Committee in Strasbourg on Monday October 7. Chris's task will be to comment on the effectiveness of the US Safe Harbor Privacy Framework, a topic that Galexia has covered in several previous research papers, articles and speeches.
Other speakers at the Hearing include:
- Viviane Reding, the Vice President of the European Commission,
- Peter Hustinx, the European Data Protection Supervisor, and
- Isabelle Falque-Pierrotin, the President of the French Data Protection Agency (CNIL).
Related (external) links
- The inquiry hearings will be broadcast live from http://www.europarl.europa.eu/committees/en/libe/home.html
- Download the program (PDF)
- Download the poster (JPG)
UNCTAD Review of E-commerce Legislation Harmonization in ASEAN - 25 September 2013
|
Galexia and the United Nations Conference on Trade and Development (UNCTAD) have released a major report, entitled Review of E-commerce Legislation Harmonization in the Association of Southeast Asian Nations (2013).
Galexia Director Chris Connolly was a major contributor to the report. The report is a follow-up to Galexia's previous AusAID funded project to harmonise e-commerce legal infrastructure in ASEAN (2004-2009) and Galexia’s earlier study for the UNCTAD Information Economy Report on ASEAN cyberlaw harmonisation in 2008.
This 2013 review documents the significant advances made by ASEAN countries in the area of e-commerce laws. It also makes proposals for accelerating the process of regional integration and harmonization as outlined in the ASEAN ICT Masterplan 2015.
Galexia’s extensive and detailed work with ASEAN has assisted ASEAN be the first region in the developing world to adopt a harmonized legal framework for e-commerce and it is the most advanced developing region in terms of implementing harmonized e-commerce laws.
The review includes detailed regional and national analysis of e-commerce laws, privacy, cybercrime and cloud computing.
Galexia Microsite
UNITED NATIONS PUBLICATION |
UNCTAD Information Economy Report 2013 - Expert Peer Review Meeting (Geneva) - July 2013
|
Galexia Director, Chris Connolly, presented at the Expert Peer Review Meeting on the Information Economy Report 2013 on 9-10 July in Geneva. The Information Economy Report is an annual publication issued by the United Nations Conference on Trade and Development (a regular Galexia client), and this year's theme is Cloud Computing. The meeting was a gathering of experts on cloud computing technology, law and policy from more than a dozen countries.
Chris was the lead discussant for the report chapter on The governance, law and regulation of cloud computing in developing countries.
The final report will be published in late 2013.
Galexia provides Australian Energy Market Operator (AEMO) advice on cloud based identity - April 2013
|
Galexia provided the Australian Energy Market Operator (AEMO) with options for implementing Single Sign-On (SSO) to external Software-as-a-Service (SaaS) applications. Our consultants performed an analysis of AEMO's authentication requirements, internal and external applications, and existing processes. We used our expert knowledge of cloud-based SSO technology vendors and solutions to select and cost the best approach, based on proven cloud identity design principles and best practices.
Read more about Galexia’s work with AEMO »
Independent Review of Queensland Personal Identification Information in Property Data (PIIPD) Code of Conduct - March 2013
|
Galexia was engaged to undertake an independent review on the operations and effectiveness of the Queensland Personal Identification Information in Property Data (PIIPD) Code. The review considered the operation of the Code and encompass accountability, effectiveness, efficiency, accessibility, independence and fairness.
Galexia has played an ongoing role in the development, implementation and review of a code-of-conduct for QVAS (Queensland Valuation and Sales System).
More information is available at the Personal Identification Information in Property Data Code of Conduct website (external link)
This code-of-conduct is an excellent example of successful privacy self-regulation in the information broking sector.... Even if we do say so ourselves!
2nd Global Cloud Computing Readiness Scorecard launched - 7 March 2013
|
The 2013 Global Cloud Computing Scorecard — the first-ever report to track year-over-year change in the international policy landscape for cloud computing — shows that cloud readiness is improving, if unevenly.
These findings come against the backdrop of the massive and well-documented movement to cloud services by consumers, businesses, and governments. What hasn’t been documented until now is the less steady improvement in the policy environment to support global cloud computing, with some countries making big strides to improve their cloud readiness while others, including some of the world’s largest technology markets, have stalled or even backtracked.
(BSA Global Media Release - 7 March 2013 - Washington) Progress on Cloud Computing Policy Is Hit and Miss Around the World - Singapore leaps forward in global policy rankings; Japan, Australia, and US lead global market; Europe stalls Countries around the world are improving the legal environment for cloud computing — though at an uneven pace that risks undermining the full economic potential of cloud technologies. The 2013 BSA Global Cloud Computing Scorecard — the first report ever to track changes in the global policy landscape for cloud computing — finds that while many of the world’s biggest IT markets have stalled or slid backwards, others are embracing laws and regulations conducive to cloud innovation. The Scorecard also finds that policy fragmentation persists, as some countries, aiming to promote local cloud markets, adopt laws and regulations that inhibit cross-border data flows or skew international competition. The new 2013 BSA Cloud Scorecard builds on an inaugural edition of the report released last year. The biggest mover in the rankings is Singapore, which vaulted to fifth from 10th place a year ago by adopting a new privacy law that builds user trust while also promoting business innovation. The 2013 study finds that Japan continues to lead the global rankings with a comprehensive suite of laws supporting digital commerce. Australia remains in second place, and the US has edged into third, pushing Germany down to fourth. The study finds that policy improvements in many of the world’s biggest IT markets have stalled. Notably, all six European Union countries covered in the study have lost ground in the rankings. Others are effectively unplugging themselves from the global market — with especially counterproductive policies in Korea, Indonesia and Vietnam. The study evaluates countries in seven policy areas critical to the market for cloud computing services — data privacy, cybersecurity, cybercrime, intellectual property, technology interoperability and legal harmonization, free trade, and ICT infrastructure. Among the study’s findings:
|
The BSA Global Cloud Scorecard analyzes the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.
The study includes a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.
Each country's score is computed using a 66-item scoring grid and analyses. The scores are derived using a weighted system that allocates different weights to each section/question. A number of basic fact-finding questions are excluded from the scoring system. Each group of questions is weighted to reflect its importance to cloud computing and each individual question is also weighted to reflect its importance within the group. To help with the scoring and usability of the study, the assessments are based on a series of questions that are framed so that a "yes" response reflects a favorable policy setting for global cloud computing. The weights are shown in the table below and the results are available in the downloadable report.
The 2013 Scorecard follows on from the groundbreaking 2012 Scorecard and contains:
- Updates across 24 countries and 66 criteria, including:
- 27 significant (positive) changes
- 34 moderate (positive) changes
- 6 moderate (negative) changes
- 108 minor (no effect) changes
- 432 infrastructure changes
- Tracks changes in score and rank from 2012
- 3 new case studies
Galexia Microsite:
- Global Cloud Computing Score Card (2013) summary micro-site - Browse themes and country summary reports
Download the scorecard and 24 country reports:
Asia Cloud Computing Association incorporates Galexia research into its 2nd Cloud Readiness Index - 13 November 2012
|
The 2nd Cloud Readiness Index (CRI) developed by the Asia Cloud Computing Association evaluates key attributes in order to identify the state of readiness for cloud computing in 14 markets across the Asia region. It also provides insight into how regulation and policy work address cloud computing issues.
The Index is designed to look at the state of readiness for cloud computing in markets across the Asia Pacific region - especially how we see regulation and policy work by governments - to help advance cloud computing in Asia. It measures key attributes and conditions that will help companies and individuals determine which markets are currently best placed for wide adoption of cloud computing services.
The Index incorporates information from several sources, including the Global Cloud Computing Scorecard (2012) completed by Galexia for the Business Software Alliance (BSA) in February 2012.
External links:
- Asia Cloud Computing Association Cloud Readiness Index:
http://www.asiacloud.org/images/stories/contents/files/CRI_2012.pdf - Asia Cloud Computing Association website
Galexia develops Identity and Access Management Strategy and Roadmap for Australian Energy Market Operator (AEMO) - March 2012
|
Galexia delivered an Identity and Access Management (IAM) Strategy for the Australian Energy Market Operator (AEMO).
Our consultants performed an analysis of AEMO's current state IAM business processes and technology, and determined the future state based on requirements and best practice. Galexia performed an IAM market review and technology evaluation that identified and costed the products most appropriate to AEMO. Leveraging the analysis and review, Galexia consultants provided an IAM Strategy and Roadmap for a 2-3 year period.
Read more about Galexia’s work with AEMO »
Global Cloud Computing Readiness Scorecard launched - 22 February 2012
|
On 22 February 2012, the Business Software Alliance (BSA) launched the BSA Global Cloud Computing Readiness Scorecard (2012) developed by Galexia.
The first-of-its-kind Scorecard analyses and ranks the legal and regulatory framework and broadband infrastructure of 24 countries based on seven policy categories that measure the countries’ preparedness to support the growth of cloud computing. Together, these countries account for 80% of the global ICT market.
The Scorecard also includes a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable.
Each country's score is computed using a 66-item scoring grid and analyses. The scores are derived using a weighted system that allocates different weights to each section/question. A number of basic fact-finding questions are excluded from the scoring system. Each group of questions is weighted to reflect its importance to cloud computing and each individual question is also weighted to reflect its importance within the group. To help with the scoring and usability of the study, the assessments are based on a series of questions that are framed so that a "yes" response reflects a favourable policy setting for global cloud computing.
External links:
Galexia to present the new Global Cloud Readiness Scorecard at the Cloud Connect conference, Santa Clara USA - 14 February 2012
|
On 14 February 2012 Galexia presented the new Global Cloud Readiness Scorecard at the Cloud Connect conference in Santa Clara USA. The new scorecard examines the legal, regulatory and infrastructure environments in 24 countries, including a detailed assessment of their readiness for cloud computing.
Galexia Directors Chris Connolly and Peter van Dijk presented on a panel on a panel called: Breaking Down Barriers: Creating a Global Policy Environment to Promote Cloud Adoption.
External link:
- The Cloud Connect conference website:
http://www.cloudconnectevent.com/santaclara/
New ePayments Code launched in Australia - September 2011
|
In September 2011 the Australian Securities and Investments Commission (ASIC) issued a completely revised and updated Code of Conduct for Electronic Transactions. The new ePayments Code replaces the long standing EFT Code of Conduct, and applies to a broader range of online payment systems.
Galexia Director Chris Connolly was a member of the expert working group revising the Code - a process that took two years to complete and involved three rounds of public consultation.
Related links:
- Galexia assisted CHOICE, the Consumers’ Federation of Australia, and the Consumer Action Law Centre in preparing a joint consumer response to the Australian Securities and Investments Commission’s proposals for changes to the Electronic Funds Transfer (EFT) Code of Conduct. Key issues addressed in the response include liability of consumers and small businesses, and monitoring Code compliance.
View the 2008 joint consumer response » - Galexia assisted CHOICE with its submission regarding the 2007 review of the Electronic Funds Transfer (EFT) Code of Conduct, as conducted by the Australian Securities and Investment Commission (ASIC).
View the 2007 joint consumer submission »
External link:
- A copy of the ePayments Code is available at the ASIC website at:
http://www.asic.gov.au/asic/asic.nsf/byheadline/ePayments-Code
Singapore to introduce privacy legislation and a Do Not Call Register - September 2011
|
Singapore has flagged that it plans to introduce privacy legislation in early 2012. A public consultation paper issued by the Ministry of Information, Communications and the Arts was released on 13 September 2011, titled: Proposed Consumer Data Protection Regime For Singapore.
The paper recommends the introduction of private sector privacy legislation based on a mix of EU and APEC best practice. Interestingly, the paper also proposes the establishment of a national Do Not Call Register to fight against the intrusion of telemarketing.
Singapore joins a growing list of countries with proposed and draft privacy legislation in the region.
External link:
- Singapore public consultation paper:
http://app.mica.gov.sg/Default.aspx?tabid=482
Asia Cloud Computing Association incorporates Galexia research into its Cloud Readiness Index - September 2011
|
The Cloud Readiness Index developed by the Asia Cloud Computing Association evaluates key attributes in order to identify the state of readiness for cloud computing in 14 markets across the Asia region. It also provides insight into how regulation and policy work address cloud computing issues.
The index incorporates information from several sources, including the Asia Pacific Digital Economy and Cloud Computing Scorecard completed by Galexia for the Business Software Alliance (BSA) in March 2011.
External link:
- Asia Cloud Computing Association Cloud Readiness Index:
http://www.asiacloud.org/docs/Cloud_Readiness_White_Paper_v6-0.pdf
Galexia research on privacy and health data published in two prestigious medical journals - July 2011
|
Galexia director Chris Connolly is the joint author (with Christine O’Keefe from CSIRO/Data61) of two articles on privacy and health data.
- Regulation and Perception Concerning the Use of Health Data for Research in Australia, Christine M O'Keefe and Chris Connolly was published in the Electronic Journal of Health Informatics, Vol 6, No 2 (2011): Special Issue on Smart Healthcare Systems.
A shorter version of the Article was also published in the Medical Journal of Australia:
- C.M. O'Keefe and C. Connolly, Privacy and the use of health data for research, Med J Australia 193 (2010), 537-541.
Abstract:
The primary objective of this review is to provide an overview of the issues involved in balancing privacy and access in the context of health research. Appropriate collection, management, linkage and interrogation of health data can play a vital role in improving individuals’ health and wellbeing. However, the assembly and use of linked population, clinical and genetic health databases in the research and policy analysis environments raises privacy, confidentiality and ethical concerns.
The topic of our review is of current interest in the context of the Australian Government National Collaborative Research Infrastructure Strategy (NCRIS) investment in the Population Health Research Network (PHRN), which aims to provide improved accessibility to health-related data for the research sector. This initiative is likely to attract new researchers to the field of population health, and the current review may assist them in taking account of privacy regulation and perceptions when designing study and consent processes.
Although there is little evidence of privacy complaints or breaches in health research, it seems clear that privacy regulation and privacy perception are both key factors in the health research context, acting as potential restraints on some types of research that could deliver considerable public benefit. In particular, significant concerns regarding consent and de-identification remain in the community.
Recent Australian Law Reform Commission recommendations leave room for technical solutions to play an increased role in allowing personal information to be de-identified for research purposes. Recent advances in the techniques for de-identifying personal information provide some hope that de-identification can occur without a negative impact on data quality.
External link:
- Electronic Journal of Health Informatics:
http://www.ejhi.net/ojs/index.php/ejhi/article/view/135/93 - Medical Journal of Australia:
http://www.mja.com.au/public/issues/193_09_011110/oke11214_fm.html
ACMA publishes Galexia’s research on international Cybersecurity awareness raising and educational initiatives - May 2011
|
An Overview of International CyberSecurity Awareness Raising and Educational Initiatives - a report for the Australian Communications and Media Authority (ACMA) by Galexia in partnership with the Cyberspace Law and Policy Centre, was launched in CyberSecurity Awareness week - 30 May 2011.
The study included research and advice on 68 Cybersecurity initiatives (both government and private sector) in 11 jurisdictions.
Browse the Research Report
Download the Research Report from the ACMA
Galexia team presents Asia Pacific Digital Economy and Cloud Computing Scorecard at Hong Kong workshop - April 2011
|
Galexia Director Peter van Dijk and Galexia’s Singapore based Associate Yee Fen Lim presented the Asia Pacific Digital Economy and Cloud Computing Scorecard at an industry workshop in Hong Kong in April 2011.
The Scorecard is a comparative analysis of major cyberlaw issues and digital infrastructure in 14 Asia-pacific countries. The presentation focussed on areas where the region is making good progress on developing consistent and harmonised laws and regulations that facilitate cloud computing. Some regional gaps and challenges were also identified in areas such as data protection law, cybercrime legislation and ICT infrastructure.
The workshop was attended by industry associations and business leaders from countries in the region, with strong representation from both developed and emerging economies.
Galexia completes Asia Pacific Digital Economy and Cloud Computing Scorecard - March 2011
|
Galexia has completed a comprehensive review of digital economy laws and infrastructure in 14 Asia Pacific countries - the Asia Pacific Digital Economy and Cloud Computing Scorecard. This important comparative analysis was commissioned by the Business Software Alliance (BSA).
The 14 countries in the study are: Australia, China, Hong Kong, India, Indonesia, Japan, Korea, Malaysia, New Zealand, Philippines, Singapore, Taiwan, Thailand and Vietnam.
The report is presented as a checklist of over 100 issues in 8 categories:
- Security;
- Cybercrime;
- Interoperability;
- Data protection;
- Intellectual property;
- International harmonisation of rules;
- Promoting free trade; and
- Infrastructure.
The full report is available to BSA members.
Treaties Committee recommends Australia sign two important cyberlaw Conventions - March 2011
|
The Joint Standing Committee on Treaties has recommended that Australia accede to two important cyberlaw Conventions. The United Nations Convention on the Use of Electronic Communications in International Contracts (Electronic Contracts Convention) and the Council of Europe Convention on Cybercrime (Cybercrime Convention).
Electronic Contracts Convention
The United Nations Convention on the Use of Electronic Communications in International Contracts (the Convention) is the first United Nations Convention to address legal issues arising from the digital economy. Eighteen countries have signed the Convention, including major trading partners such as Korea; China; and Singapore.
The Convention contains a comprehensive framework for establishing contracts using electronic communications.
The Committee noted that in practice, businesses with disputes relating to electronic contracts have not sought to use legal means to resolve their disputes. However, the Committee concluded that signing the Convention would ensure that when an “inevitable” legal dispute arises, the Australian legal system will comply with the internationally recognised process for resolving disputes.
The Committee recommended that Australia take binding treaty action to join the United Nations Convention on the Use of Electronic Communications in International Contracts.
Cybercrime Convention
The Council of Europe Convention on Cybercrime entered into force in 2004. The Convention covers a range of criminal activity involving use of computers or computer networks, such as in unlawfully accessing computer data or interfering with computer systems, or where computer use is integral to the offence, such as for the distribution of child pornography via the Internet.
Over 30 European member states and one non-member, the United States, are party to the Convention. Seventeen other nations have signed the Convention, including non-members Canada, Japan and South Africa.
The Treaties Committee drew considerable attention the role of the Convention in boosting international co-operation to deal with increasingly sophisticated and diverse forms of computer-related criminal activity.
Articles 29 to 34 of the Convention set out the expectations for mutual assistance between Parties including:
- The preservation of some computer data, and associated traffic data, by service providers for both domestic and foreign investigations;
- Mutual assistance in the disclosure of traffic data in real time, but only to the extent permitted under applicable treaties and domestic law (Australian legislation does not allow for real-time interception by foreign countries); and
- Establishment of a 24 hour, 7 days per week point of contact to receive requests and provide assistance for searching and accessing computer data.
Naturally, these aspects of the Convention have raised some community concerns about privacy and security.
The Attorney-General’s Department submitted to the Treaties Committee that the capacity to access and preserve data is fundamental to the new mutual assistance arrangements. However, they also advised that Australia would lodge a Reservation to requirements for foreign investigation of real-time data to ensure they matched Australian thresholds - in particular, Australian law limits disclosure of real-time traffic data to investigations relating to a criminal offence punishable by at least three years’ imprisonment.
The Committee recommended that Australia should accede to the Council of Europe Convention on Cybercrime and update local laws as appropriate.
External link:
- The full reports are available at:
http://www.aph.gov.au/house/committee/jsct/1march2011/report/fullreport.pdf
Cloud computing advice to the Victorian Department of Innovation, Industry and Regional Development (DIIRD) - November 2010
|
Galexia provided detailed advice to the Victorian Department of Innovation, Industry and Regional Development (DIIRD) on cloud computing.
In 2009 Galexia prepared an assessment for the Victorian Department of Innovation, Industry and Regional Development (DIIRD) on issues associated with cloud computing and issues concerning potential outsourcing and off-shoring of data.
In 2010 Galexia provided an update to reflect further expansion of the project.
Galexia contributes to new research on privacy complaints in the communications sector - September 2010
|
On 14 September 201 a new research report: Connolly, C and Vaile, D. Communications privacy complaints: in search of the right path was launched by the Australian Communications Consumer Action Network (ACCAN).
The research for the report was a joint effort between Galexia and the Cyberspace Law and Policy Centre.
External link:
- The full reports are available at:
http://www.cyberlawcentre.org/privacy/ACCAN_Complaints_Report/report.pdf
Galexia presented at the Privacy Laws & Business 23rd Annual International Conference - 14 April 2010
|
Galexia Director, Chris Connolly, presented at the Privacy Laws & Business 23rd Annual International Conference in Cambridge, UK, from 5-7 July 2010. Chris’s presentations covered:
- Benchmarks for Privacy Trustmarks: An analysis of the challenges facing trust schemes in Australia, Japan, Mexico, Singapore, Thailand; and
- The United States and The Future of the EU/US Safe Harbor Privacy Framework: Can it be improved or does it require a complete overhaul?
Galexia has previously conducted research into trustmark schemes and the Safe Harbor privacy framework.
Related links:
- Galexia's report: Trustmark Schemes Struggle to Protect Privacy »
- Galexia's report: The US Safe Harbor - Fact or Fiction? »
External links:
Malaysia Parliament passes Personal Data Protection Act - 5 April 2010
|
Malaysia’s lower house (Dewan Rakyat) has passed the Personal Data Protection Act 2009. The Act introduces protections for personal information, including requirements of and restrictions on private sector data users and rights of data subjects. The Act will also create a Personal Data Protection Commissioner, an advisory committee, and an appeals tribunal.
Related links:
External links:
Galexia prepares submission on consumer fairness tests for ACCAN - 5 March 2010
|
On behalf of ACCAN, Galexia prepared a submission to the Expert Panel On Franchising And Unconscionable Conduct, established by the Government following a parliamentary inquiry into provisions of the Trade Practices Act 1974 that prohibit unconscionable conduct.
The submission proposes to reform Australia’s consumer laws by inserting a new fairness test into Section 52 of the Trade Practices Act (and all legislation that mirrors that test). This would result in Section 52 prohibiting ‘conduct that is unfair or misleading, or conduct that is likely to mislead or be unfair’.
Related links:
External links:
- ACCAN home page (external site) »
- Unconscionable conduct issues paper at The Treasury (external site) »
- Government response to the inquiry at The Treasury (external site) »
Galexia director Chris Connolly speaking at Asia-Pacific privacy seminar - 2 March 2010
|
Galexia Director, Chris Connolly spoke at Privacy in the Asia-Pacific: 2010 Update A comprehensive survey of privacy and data protection in the region on 2 March 2010. The seminar was part of the Continuing Legal Education seminar series run by the Faculty of Law at the University of New South Wales.
Chris discussed the overlap between regional privacy developments and global privacy standards.
Related Galexia Reports:
- Galexia Report: Benchmarks for Global Privacy Standards »
- Galexia Report: Asia-Pacific Region at the Privacy Crossroads »
External links:
Asia-Pacific privacy advocates and academics: Professor Lee Bygrave, Professor Paul Roth, Dr Sinta Dewi Rosadi, Associate Professor Fumio Shimpo, Professor Whon-il Park, Professor Dennis T.C. Tang, Professor Colin Bennett, Professor Abu Bakar Munir, Ms Katrine Evans, Mr Iwan Setiawan, Mr Nigel Waters, Assistant Professor Pirongrong Ramasoota, Mr Chris Connolly, Mr Claro Parlade, Mr Edward Santow, Professor Roger Clarke, Mr David Vaile, Ms Robin Bayley, Professor Graham Greenleaf.
Galexia prepares draft interoperability principles for ACCAN - 2 March 2010
|
Galexia is preparing a report on interoperability for the Australian Communications Consumer Action Network (ACCAN), including a set of draft interoperability principles. Interoperability, in many systems, can provide a number of benefits for consumers, including reduced cost, increased functionality, and increased competition.
ACCAN will present the report to COPOLCO, the Consumer Policy Committee of the International Standards Organisation (ISO).
Related links:
External links:
Galexia interviewed by Privacy Laws and Business International Journal on the US Safe Harbor and recent actions by the FTC - 26 February 2010
|
Chris Connolly has been interviewed for the Privacy Laws and Business International newsletter, discussing the recent action taken by the US Federal Trade Commission against six organisations who falsely claimed membership of the US Safe Harbor.
Prior to the FTC action, Galexia published a report highlighting the problem of false membership claims and data accuracy of the Safe Harbor list. The report was published in Privacy Laws and Business International, and is available from Galexia’s website.
Related links:
External links:
- Privacy Laws and Business International (external site) »
- FTC news release concerning Safe Harbor action (external site) »
Galexia report on public information on credit reporting - 16 February 2010
|
Galexia has prepared a report for Veda Advantage on consumer information about credit reporting. The report recommends key consumer education requirements in the lead-up to the reform of Australia’s credit reporting and privacy laws (expected in 2011).
Related links:
External links:
Galexia and Qubit Consulting conduct IDM upgrade for the University of Western Sydney - 25 January 2010
|
Galexia and Qubit Consulting have implemented a major new identity management solution for the University of Western Sydney. Galexia assisted with the design, development and implementation of automated provisioning, password synchronisation and data cleansing for University staff and students.
Related links:
Galexia and CHOICE prepare submission to superannuation review - 18 December 2009
|
On behalf of CHOICE, Galexia prepared a submission to Phase 2 of the Super System Review (the Cooper Review). Phase 2 of the review deals with the operation and efficiency of Australia’s superannuation system.
The submission focuses on a small number of key areas where reform is most needed:
- Increasing the amount and quality of comparative data available to consumers;
- Removing the bias that results from sales commissions to advisers when recommending a superannuation fund to consumers;
- Introducing measures to decrease excessive fees and charges, including a new ‘fee target’ of 1%; and
- Introducing measures to reduce the number and impact of inactive and lost accounts.
Related links:
External links:
- Super System Review website (external site) »
- CHOICE's submission at the Super System Review website (external site) »
Galexia contributes to the Oxford Australian Law Dictionary - 17 December 2009
|
Galexia has contributed to the Australian Law Dictionary 2010, published by the Oxford University Press. The Australian Law Dictionary is a current and conceptually new dictionary of Australian legal terms designed as a practical and helpful resource for law students and practitioners. Galexia provided the definition of ‘privacy’ along with several related terms.
External links:
Legal Information Access Centre publishes Galexia’s Hot Topic on Cyberlaws - 1 December 2009
|
Galexia has prepared a ‘Hot Topic’ for the Legal Information Access Centre (LIAC). The Hot Topic is concerned with cyberlaws, covering key Australian and international laws, conventions, and guidelines as well as emerging trends and recent developments on:
- Accessibility;
- Domain Names;
- Copyright;
- Contracts;
- Defamation;
- Content Regulation;
- Privacy and Spam;
- Social Network Sites;
- Consumer Protection; and
- Cybercrime.
LIAC’s Hot Topics is a series of plain-language publications about key areas of law. Four issues are published each year, and are available by subscription or through public libraries in New South Wales. Older issues are available directly from the LIAC website.
External links:
Galexia prepares privacy analysis of Salesforce CRM - 17 November 2009
|
Galexia has prepared a Privacy Impact Assessment (PIA) of Salesforce Customer Relationship Management system (CRM). Salesforce CRM offers to simplify interactions between companies and their clients through its ´cloud services’, but such a system inevitably raises privacy concerns as client data is controlled by a third party.
Galexia and Qubit Consulting conduct IDM upgrade for the University of Sydney - 5 November 2009
|
Galexia and Qubit Consulting have conducted a major upgrade of identity systems for the University of Sydney. Galexia assisted with the development and implementation of a security and provisioning solution for University staff and students.
Related links:
Galexia prepares working draft of Benchmarks for Global Privacy Standards - 3 November 2009
|
Galexia has prepared a working draft of proposed benchmarks for Global Privacy Standards. The proposed benchmarks are designed to provide a basis for assessing the numerous proposed global privacy standards which have recently emerged.
The release of the working draft comes as Civil Society representatives meet at The Public Voice: Global Privacy Standards for a Global World in Madrid to discuss international privacy developments, including global privacy standards, and the release of the Civil Society declaration Global Privacy Standards for a Global World.
Comments on the working draft are welcome, and can be sent to [email protected].
Related links:
External links:
- The Public Voice: Global Privacy Standards for a Global World (external site) »
- The Madrid Declaration: Global Privacy Standards for a Global World (external site) »
Galexia publishes submission to the DBCDE Do Not Call Register Statutory Review - 20 October 2009
|
Galexia has published its submission to the Department of Broadband, Communications and the Digital Economy (DBCDE) review of the Do Not Call register and its associated legislation, the Do Not Call Register Act 2006 (Cth).
The submission raises particular concerns about the ways in which consumers might be taken to have expressed their consent to receive marketing calls, the current three-year registration period, the scope of exemptions in the Act, compliance, and the possibility of industry codes focusing on low-priority issues at the expense of the simplicity and effectiveness of the Register.
Galexia has previously conducted an analysis of the Australian Do Not Call Register and similar international systems, highlighting emerging best practices and the issues affecting the operation of these systems.
Related links:
- Submission in response to the Do Not Call Register Statutory Review »
- Emerging Best Practice in Do Not Call Registers »
External links:
Galexia completes PIA for Victorian Department of Innovation, Industry and Regional Development - 1 October 2009
|
Galexia recently completed a Privacy Impact Assessment (PIA) for the Victorian Department of Innovation, Industry and Regional Development concerning a proposed client data management system. The PIA raised issues of data security and transborder data flows, public perceptions and governance.
The project made use of Galexia’s Victorian PIA template, tailored to Victoria’s privacy law and the Privacy Impact Assessment Guidelines of the Victorian Privacy Commissioner.
Related links:
Galexia develops Victorian Privacy Impact Assessment template - 21 September 2009
|
Galexia has developed a Privacy Impact Assessment (PIA) template tailored to the privacy requirements under Victoria’s Information Privacy Act 2000 and the Victorian Privacy Commissioner’s Privacy Impact Assessment Guidelines. Our Victorian PIA template complements our Commonwealth and New South Wales PIA templates.
Galexia’s PIA templates are the result of our extensive experience in delivering PIAs and have been used in some of the largest and most complex PIAs in Australia. They ensure that our clients receive a PIA based on a well-tested and well-regarded methodology.
First US Prosecution for false web claim of Safe Harbor status - 11 September 2009
|
The California-based company Balls of Kryptonite has become the subject of the first complaint against a company for falsely claiming membership of the US Safe Harbor Principles.
The Safe Harbor Privacy Principles were developed to allow the export of personal information from the EU to the US, in the absence of any US laws meeting the EU ‘adequacy’ requirement of the EU Data Protection Directive 95/46/EC. The Safe Harbor is a voluntary arrangement; organisations wishing to receive personal information from the EU must self-certify to the Department of Commerce that they comply with the Principles. At present, no law expressly prohibits falsely claiming membership of the Safe Harbor; any prosecution must rely on more general prohibitions against, for instance, deceptive or misleading conduct.
A 2008 study by Galexia found over 200 organisations which claimed to have self-certified were in fact not members of the Safe Harbor.
Related links:
Related links:
- The US Safe Harbor Privacy Principles (external link) »
- The FTC Action entry for the Balls of Kryptonite complaint (external link) »
Galexia publishes international analysis of Do Not Call Registers - 8 September 2009
|
Do Not Call Registers have grown in popularity and are starting to deliver real privacy benefits for consumers. After some initial teething problems, they appear to be working well, with large numbers of registered consumers and numerous examples of enforcement action.
Chris Connolly and Amy Vierboom have published a comparison of the Do Not Call Registers of Australia, Canada, India, Spain, the United Kingdom and the United States. The article compares the functions and sizes of these Registers, and highlights emerging best practices and issues affecting their operation.
Browse online
- Title page
- Contents
- 1. Introduction
- 2. Comparative Analysis
- 3. Best Practice Recommendations
- 4. Emerging Issues
- 5. Conclusion
- 6. Summary Table
ACCAN releases Galexia research on Customer Service Charters in the Australian Telecommunications Sector - 25 August 2009
|
The Australian Communications Consumer Action Network (ACCAN) has released the final report for a research project, conducted by Galexia, on Customer Service Charters in the Australian Telecommunications Sector.
Galexia prepared an analysis of customer service charters in the telecommunications industry, compared with consumer codes. The analysis covered best practice consumer protection in Australia and internationally.
A key finding from the ACCAN Customer Service Research Report is that consumer charters are not effective and the industry proposals used to solve their problems through customer charter is a dead-end.
Related links:
- View the full research report »
- View ACCAN's press release (138KB PDF) »
- Read more about Galexia’s work with ACCAN »
External links:
ACCAN releases Galexia research on Informed Consent in the Australian Telecommunications Sector - 21 August 2009
|
The Australian Communications Consumer Action Network (ACCAN) has released the final report for a research project, conducted by Galexia, on informed consent in the Australian telecommunications sector.
Laws and codes of conduct set out only limited and inconsistent requirements to obtain informed consent, and industry practice varies greatly in the amount of information provided to consumers about telecommunications products.
The report also finds that industry practice often fails to address the additional complexities in obtaining informed consent from specific consumer categories, including people with disabilities, indigenous consumers, young people, and culturally and linguistically diverse consumers.
Related links:
- View the full research report »
- View ACCAN's press release (151KB PDF) »
- Read more about Galexia’s work with ACCAN »
External links:
eCrime symposium - 4 August 2009
|
Galexia Director Chris Connolly took part in a panel discussion at the 2009 eCrime Symposium. Chris discussing the legal roles and ethical boundaries for organisations in combating electronic crime, and in particular the EU Cybercrime Convention.
External links:
Galexia complete facial recognition PIA for NSW Roads and Traffic Authority - 1 August 2009
|
Galexia has completed a privacy impact assessment for the proposed NSW Roads and Traffic Authority (RTA) facial recognition system.
Related links:
External links:
CHOICE submission on consumer code development processes - 2 June 2009
|
CHOICE has published its submission to the Australian Government’s review of the consumer-related industry codes development process. The submission calls for
- An articulation of high-level code content principles in legislation;
- Power for regulators to be able to initiate code development (rather than only the industry);
- Requirements for the constitution of code development bodies (including a requirement for consumer representatives, and a mechanism for breaking deadlocks);
- Code monitoring and enforcement requirements;
- Code review requirements; and
- External dispute resolution requirements.
In preparation for the submission, Galexia provided CHOICE with a survey of key consumer code approval processes in use in Australia - those of the Australian Competition and Consumer Commission (ACCC), the Australian Securities and Investments Commission (ASIC), the Office of the Privacy Commissioner, and the Australian Communications and Media Authority (ACMA).
Related links:
External links:
- Read CHOICE’s submission (external site) »
- Review of consumer-related industry code processes at DBCDE (external site) »
Galexia has published an article on Privacy White Lists - 2 June 2009
|
Privacy white lists are published by trustmark schemes to help identify which organisations have been certified as compliant members of their scheme. If an organisation is on the list a consumer may have an increased level of confidence that they will be covered by the rules of the trustmark scheme, including privacy protection and dispute resolution. Consumers can also use the white lists to check that the use of the trustmark is valid, as a significant proportion of trustmarks that appear on websites are often fake or expired.
There is a trend towards the global expansion of white-lists and there is a proposal to develop an APEC white-list of organisations that comply with the APEC Privacy Framework Cross Border Privacy Rules.
This article summarises a Galexia study of white lists published by trustmark schemes. (Surprisingly, not all trustmark schemes publish white lists). The study only examined white lists where the trustmark operators claim that organisations on the lists have passed strict verification of privacy protection standards. Also, the study only examined white lists that have some form of Government backing, oversight or approval. Only six white lists are published that meet all of these criteria, and the Galexia study excluded one white list (ESRB) because it was limited to one very specific type of product (computer games).
The study found that privacy white lists contained an alarming proportion of inaccurate and out of date information. Depending on the trustmark scheme administering the white-list, between 22% and 73% of information is inaccurate or out of date.
This article was published in Privacy Laws and Business International, issue 98, April 2009.
Browse online:
Government to expand the Do Not Call Register - 29 May 2009
|
In its 2009-2010 budget, the Federal Government allocated AU$4.7 million over four years to the expansion of the Do Not Call Register. The expansion will allow small businesses and emergency services to register, thus prohibiting telemarketing and fax marketing companies form contacting them.
The Department of Broadband, Communications and the Digital Economy (DBCDE) released a discussion paper and called for submissions on the possible expansion in 2008. Galexia’s submission is available via the link below.
Related links:
External links:
- Budget 2009-2010: Expense measures for Broadband, Communications and the Digital Economy (external site) »
- Do Not Call Register (external site) »
ACCAN and customer service charters in the telecommunications sector - 27 May 2009
|
Galexia is preparing a report on Customer Service Charters and Consumer Codes in the Telecommunications Sector for the Australian Communications Consumer Action Network (ACCAN), a government-sponsored peak consumer representative organisation.
The report has been completed and will be launched by the Minister for Broadband, Communications and the Digital Economy in the near future.
Related links:
ACCAN and informed consent in the telecommunications sector - 26 May 2009
|
Galexia is preparing a report on Informed Consent in the Telecommunications Sector for the Australian Communications Consumer Action Network (ACCAN), a government-sponsored peak consumer representative organisation.
The report examines ‘informed consent’ in Australian law, particular measures used to inform consumers, and special issues of informed consent for consumers from culturally and linguistically diverse groups.
The report has been completed and will be launched by the Minister for Broadband, Communications and the Digital Economy in the near future.
Related links:
Government releases draft National Consumer Credit Reform Package - 28 April 2009
|
The Australian Commonwealth government has released a package of draft legislation for National Consumer Credit Reform, aimed at strengthening and consolidating Australia’s consumer credit laws.
Specific reforms include:
- Registration and licensing of credit organisations (including the introduction of an Australian Credit License);
- Responsible lending practices;
- Sanctions and remedies (to be administered by the Australian Securities and Investments Commission); and
- Reforms of dispute resolution and court mechanisms.
Galexia has worked closely with both industry and consumer groups on credit and consumer issues:
- Review of the proposed Credit Reporting Code of Conduct »
- Credit Reporting Framework - Submission to Australian Law Reform Commission Discussion Paper 72 »
- Consumer Protection in Telecommunications »
External links:
Galexia news available via RSS - 24 April 2009
Galexia news is now available as an RSS feed. To subscribe, click on the RSS logo or copy the address http://www.galexia.com/public/news.xml into your RSS reader.
Galexia news covers key developments in privacy, electronic commerce, and identity and authentication management in Australia and the Asia-Pacific region, along with news about Galexia’s work.
RSS feeds allow you to track news and updates on websites without having to visit the website in your browser. There are several ways to follow RSS feeds:
- Web browsers: current browsers like Internet Explorer (7+), Firefox (2+), Opera (9+) and Safari (2+) include built-in feed readers. Follow the link to the feed to view the news stories or subscribe.
- Websites: there are online tools for aggregating feeds into a single page, useful if you use multiple computers. Popular sites include Bloglines, NewsGator, Google Reader, Netvibes and MyYahoo.
- Feed reader software: You can install stand-alone programs to run from your desktop to read feeds. A typical Windows program is Feed Demon. There are many others listed at Wikipedia's RSS Reader entry.
- Email software: Email clients like Microsoft Outlook 2007 and Mozilla Thunderbird include feed reader features.
Australia to adopt the UN Convention on the use of Electronic Communications in International Contracts - 23 April 2009
|
Ministers at the Standing Committee of Attorneys-General meeting in April 2009 have agreed that the electronic commerce laws of Australia’s states and territories should be amended to allow Australia to adopt the United Nations Convention on the use of Electronic Communications in International Contracts.
The Convention sets out principles for the legal recognition of electronic communications, the nature of offer and acceptance in electronic contracts, the time and place of dispatch and receipt of electronic communications, the use of automated systems in contract formation, and errors in electronic communications.
As at April 2009, 18 countries have signed the Convention.
Galexia has written and worked extensively on electronic contracting issues in Australia and internationally, most notably assisting the ASEAN Member Countries in harmonising their electronic commerce laws and preparing an analysis of regional harmonisation of electronic commerce laws for the UN Conference on Trade and Development (UNCTAD).
Related links - Galexia’s publications on the Conventions and Australia’s electronic contracting laws:
- United Nations Convention on the Use of Electronic Communications in International Contracts (UNECIC) - Colloquium - Articles 19 and 20 (Declarations) »
- UN Convention on the use of Electronic Communications in International Contracts to come into force »
- First UN Convention on E-Commerce Finalised »
- UN Releases New International Convention on Electronic Contracting »
- Fantastic Beasts and Where to Find Them - A Guide to Exemptions in the Electronic Transactions Act (ETA) in Australia »
Related links - Galexia’s work on electronic contracting and e-commerce:
- Harmonisation of E-Commerce Legal Infrastructure in ASEAN Project »
- Galexia’s analysis for UNCTAD’s Information Economy Report 2007-2008 »
External links:
- Standing Committee of Attorneys-General (external site) »
- The Convention at the United Nations Commission on International Trade Law (external site) »
Department of Broadband, Communications and the Digital Economy (DBCDE) releases issues paper on consumer codes in telecommunications - 31 March 2009
|
The Department of Broadband, Communications and the Digital Economy (DBCDE) has released an issues paper on the processes involved in developing self-regulatory consumer codes in the telecommunications sector. The issues paper makes a number of references to Galexia and CHOICE’s joint paper Consumer Protection in the Communications Industry: Moving to best practice.
The release follows a number of government initiatives aimed at reforming the industry:
On 31 March 2009, Senator Stephen Conroy, Minister for Broadband, Communications and the Digital Economy, announced that the Australian Government would undertake a review of the processes associated with developing consumer-related industry codes, as specified under Part 6 of the Telecommunications Act 1997.
DBCDE has invited the public to make submissions on the issues paper by 15 May 2009.
Related links:
External links:
Australasian Retail Credit Association Credit Reporting Code - March 2009
|
Galexia has been commissioned by the Australasian Retail Credit Association to conduct a review of the Credit Reporting Code of Conduct. Galexia’s role is to develop aspects of the code and advise on important issues that the code creates in the field of credit reporting.
The Australasian Retail Credit Association brings together many senior credit executives from different credit agencies, to explore relevant issues and bring reform to the existing complex credit reporting laws in Australia.
Related links:
External links:
ASEAN, Australia, New Zealand sign free trade agreement - February 2009
|
On 27 February 2009 the Association of Southeast Asian Nations, Australia, and New Zealand signed the Agreement Establishing the Association of Southeast Asian Nations (ASEAN)-Australia-New Zealand Free Trade Area (AANZFTA).
Chapter 10 of the AANZFTA is designed to promote electronic commerce activities between the parties to the Agreement, and includes provisions calling for the enablement of electronic authentication and digital signatures, online consumer protection, online data protection, and paperless trade, as well as increased cooperation on e-commerce research and training between the parties.
Galexia has previously assisted the ASEAN Member Countries in harmonising their e-commerce legislation. At the completion of the Harmonisation of E-Commerce Legal Infrastructure in ASEAN Project, eight of the ten ASEAN Member Countries had enacted e-commerce legislation, while draft laws had been introduced in the remaining two.
Related links:
External links:
- The AANZFTA at the Department of Foreign Affairs and Trade (external site) »
- Australia’s trade relationship with ASEAN at the Department of Foreign Affairs and Trade (external site) »
First Technical Assistance Seminar on the Implementation of the APEC Data Privacy Pathfinder - February 2009
|
Galexia Director Chris Connolly was invited to speak at the First Technical Assistance Seminar on the Implementation of the APEC Data Privacy Pathfinder, held in Singapore on the 22nd and 23rd of February 2009. The meeting brought together a host of international delegates to further develop an understanding of how to effectively implement the APEC Data Privacy Pathfinder.
The seminar, entitled ‘Making it work - cross-border privacy in practice’ looked at a range of issues surrounding the Cross-Border Privacy Rules System. The different sessions focused on the EU’s perspective of Cross-Border Privacy, the ability of trustmarks to offer consumer protection, governance issues and practical questions of implementing cross-border privacy.
Chris presented a paper on trustmarks, and participated in a panel addressing matters that relate to trustmarks.
Survey on consumer protection laws in Asia-Pacific - February 2009
|
Galexia has partnered with a project steering committee of consumer organisation representatives from around the Asia-Pacific region to undertake a survey of consumer protection and competition laws. The survey will provide consumer organisations with a basic understanding of existing laws in the region and enable them to promote better outcomes for consumers.
The countries surveyed are Australia, Fiji, India, Korea, the Philippines, Thailand and Vietnam. Consumers International, the body overseeing the project, will complete a report based on Galexia's analysis of the surveys and make this available to the participating countries.
Related links:
External links:
AUSTROADS privacy review - February 2009
|
Galexia has been commissioned by AUSTROADS (Australian and New Zealand road and Transport Authorities) to assist with a full strategic review of the National Exchange of Vehicle and Driver Information System (NEVDIS). Galexia will be responsible for identifying key privacy issues relating to the NEVDIS database. Galexia is providing privacy expertise, offering effective advice on managing evident risks and presenting strategic solutions to the apparent challenges.
The project is an extension of previous work Galexia has undertaken for AUSTROADS, and will be conducted in partnership with Doll Martin Associates.
Related links:
External links:
Privacy in interstate student transfers - January 2009
|
Galexia has completed a report, identifying privacy issues arising as part of the Learning Identity Management Framework (LIMF) Project. The research analyses the current landscape of Student Data transfers and makes recommendations on converting the current manual system of transferring data (when a student changes schools, intra or inter jurisdiction) to an electronic one.
Galexia worked in partnership with Link Affiliates to complete the research, identifying key risks in establishing the Framework as well as effective strategies to manage these. The report was completed in January 2009 for The University of Southern Queensland on behalf of the Department of Education, Employment and Workplace Relations.
External links:
Privacy code for access to Queensland property data - January 2009
|
In late 2008 Galexia developed a Code of Conduct for bulk data access to identified information in the Queensland Valuation and Sales System (QVAS) database - the short title is the QVAS Code of Conduct.
The Code covers privacy protections and complaints mechanisms for access to information about real property transactions in Queensland. The Code was submitted to the QLD Cabinet in late 2008 and is the subject of public consultations in 2009.
Galexia assisted the Queensland Department of Natural Resources and Water and a working group of information broker industry representatives to develop this Code from scratch. The project included research on privacy issues, stakeholder workshops and the development of an explanatory memorandum.
The Code adopts best practice approaches to privacy protection and governance issues.
2008 review of the EFT Code of Conduct - January 2009
|
Galexia has assisted CHOICE, the Consumers’ Federation of Australia, and the Consumer Action Law Centre in preparing a joint consumer response to the Australian Securities and Investments Commission’s proposals for changes to the Electronic Funds Transfer (EFT) Code of Conduct. Key issues addressed in the response include liability of consumers and small businesses, and monitoring Code compliance.
Related links:
External links:
National e-Authentication Framework Website Authentication Guidelines - January 2009
|
In December 2008 the Australian Government Information Management Office (AGIMO) within the Department of Finance and Deregulation released a set of documents outlining the National eAuthentication Framework (NeAF).
The NeAF sets out a whole-of-government approach to managing identity-related risks in online transactions between individuals and government, and between businesses and government. It combines the earlier Australian Government e-Authentication Framework for Business and Australian Government e-Authentication Framework for Individuals into a single framework.
NeAF Best Practice Guideline 2 sets out methods for authenticating government websites - an essential part of developing trust in online transactions. BPG2 includes three technical appendices prepared by Galexia:
- Website authentication mechanisms;
- Website authentication - technology assessment schedule; and
- Current Attacks on Websites.
Related links:
External links:
New Galexia Study: The US Safe Harbor - Fact or Fiction? - December 2008
|
The US Safe Harbor is an agreement between the European Commission and the United States Department of Commerce that enables organisations to join a Safe Harbor List to demonstrate their compliance with the European Union Data Protection Directive, allowing the transfer of personal data to the US in circumstances where the transfer would otherwise not meet the European adequacy test for privacy protection.
First released in November 1998, and officially accepted by the EU in 2000, the Safe Harbor is best described as an uneasy compromise between the comprehensive legislative approach adopted by European nations and the self-regulatory approach preferred by the US. The Safe Harbor Framework has been the subject of ongoing criticism, including two previous reviews (2002 and 2004). Those reviews expressed serious concerns about the effectiveness of the Safe Harbor as a privacy protection mechanism.
After ten years of public debate it is time to examine the Safe Harbor again. Chris Connolly’s article The US Safe Harbor - Fact or Fiction? summarises the findings of a Galexia study regarding the current status of the Safe Harbor Framework. The Galexia study assessed each of the organisations listed on the Safe Harbor List (1,597 entries) against a small subset of key criteria contained in the Safe Harbor Framework Principles.
This article was published in Privacy Laws and Business International, issue 96, December 2008.
Browse online:
- Title page
- Contents
- 1. Introduction
- 2. Previous reviews of the Safe Harbor Framework
- 3. Safe Harbor participants
- 4. Compliant members
- 5. Detailed Findings
- 6. Recommendations
- 7. Appendix - Methodology for this study
Privacy in consumer credit reporting - November 2008
|
Chris Connolly presented a discussion, entitled Who’s to blame for credit stress, and how can we help consumers?, at the National Access to Justice and Pro Bono Conference, held by the Law Council of Australia and the National Pro Bono Resource Centre in Sydney from 14-15 November 2008.
Chris’s presentation examined potential reform of both consumer credit law and privacy law in Australia following the Australian Law Reform Commission’s privacy report For Your Information: Australian Privacy Law and Practice (Report 108). Galexia has previously prepared a submission to the ALRC’s inquiry, discussing options for stronger, more effective and more efficient consumer protection in credit reporting in Australia.
Related links:
External links
- The National Access to Justice and Pro Bono Conference (external site) »
- The Law Council of Australia (external site) »
- The National Pro Bono Resource Centre (external site) »
- ALRC’s Report 108 on Australian Privacy Law (external site) »
The ALRC recommendations for Cross Border Transfers - November 2008
|
The Australian Law Reform Commission’s Report 108: For Your Information: Australian Privacy Law and Practice sets out proposed ‘Unified Privacy Principles’ for reforming Australia’s privacy law.
Unified Privacy Principle 11 (UPP 11) attempts to combine the ‘accountability’ approach to cross-border privacy protection (similar in part to the approach taken in Japan, New Zealand and Canada) with elements of the existing, more traditional ‘adequacy’ approach (similar in part to the approach taken in the EU).
In Weak protection for offshore data - the ALRC recommendations for Cross Border Transfers, Chris Connolly examines the ALRC proposal in detail, and raises significant concerns about both the drafting and the likely impact of the proposal. There are fears that UPP 11 is so weak that all of the privacy protections contained in the other ten UPPs will be thrown away the minute data moves offshore. The proposed UPP 11 requires significant re-drafting so that the accountability principle is properly implemented, and steps must be taken to limit the broad exemptions contained in the proposal.
Related links:
External links:
CHOICE publishes Galexia report on consumer protection in the telecommunications industry - October 2008
|
CHOICE has released the report Consumer Protection in the Communications Industry: Moving to best practice, based on an issues paper prepared by Galexia. The report provides an overview of consumer concerns with the current co-regulatory consumer protection framework in the telecommunications sector in Australia.
Related links:
External links:
Trustmark Schemes Struggle to Protect Privacy - September 2008
|
Galexia has published an article examining the effectiveness of privacy trustmarks in protecting consumers’ rights.
July 2008 was a landmark month in the history of privacy trustmarks - the seals that appear on some websites to provide a level of assurance about privacy protection. The largest and most successful trustmark - TRUSTe with over 2000 members - changed its status from ‘non-profit’ to ‘for profit’. And the second largest trustmark - BBB Online Privacy with over 700 members - closed its doors for good, abandoning a scheme that it had run for over eight years.
The basic premise of privacy trustmarks is that end users are supposed to have confidence in web sites displaying the trustmark seal, as it presumably indicates that the site adheres to good privacy standards. In practice, although trustmark seals all appear similar, the level of privacy protection varies a great deal. Some seals are backed by detailed standards and independent audits. Other seals are provided with no requirements or checks (other than payment). Some seals include a free dispute resolution service for complaints, other seals have no complaints mechanism or charge consumers for lodging complaints.
This article examines both legitimate and non-legitimate privacy trustmarks, and finds that there are serious consumer issues for both categories. Trustmarks have struggled to provide even basic privacy protection to date, and with the demise of BBB Online Privacy and the change in status of TRUSTe, it is difficult to be optimistic about the future.
Browse online:
- Title page
- Contents
- 1. Introduction
- 2. Standards
- 3. Enforcement
- 4. Transience
- 5. Timing issues
- 6. Trustmark scams
- 7. Coverage
- 8. Independence
- 9. Penetration
- 10. Consumer understanding
- 11. Government and Trustmark Schemes
- 12. Conclusion
Galexia advises on Identity and Access Management strategy in the financial sector - 15 October 2008
|
Galexia was approached by a large financial institution to advise on the development of an identity management strategy, and provide assistance in evaluating available solutions.
The project involved a detailed analysis of business drivers including an assessment of governance, risk, and compliance issues (GRC). Business requirements were established through extensive stakeholder interviews, and these were elaborated into a comprehensive set of functional and non-functional identity and access management requirements.
Galexia also conducted a rigorous technology evaluation, identifying relevant products and inviting a shortlist of vendors to present their solutions. This was used to create a detailed product assessment based on the client’s specific needs, examining the candidate products across over 80 custom metric points.
Galexia provided the client with a governance structure, a path forward towards implementation, and independent assessment of market features and trends. Galexia’s analysis enabled the project to proceed with confidence, understanding and ownership in their identity management solution.
Galexia has specialised in the architecture of distributed identity solutions, including authentication, authorisation, accounting, auditing, single sign-on, federation, provisioning, synchronisation, public key infrastructure and emerging user-centric (Identity 2.0) approaches. The combined user population of the identity management systems Galexia has designed is in the tens of millions.
Related links:
Privacy issues in e-commerce - October 2008
|
Chris Connolly presented a paper on e-commerce privacy issues and the Australian Law Reform Commission’s privacy report For Your Information: Australian Privacy Law and Practice (Report 108) at a symposium on 2 October 2008. The symposium, entitled Meeting privacy challenges - the ALRC & NSWLRC Privacy Reviews, was held by the Cyberspace Law & Policy Centre at the Faculty of Law, University of New South Wales, as part of the Centre’s ‘Interpreting Privacy Principles’ ARC Discovery project and will address:
- Providing a set of Privacy Principles that set a new global standard;
- Building consumer trust in electronic commerce;
- Achieving effective enforcement of privacy rules and remedies for breaches;
- Limiting the growth of a surveillance society; and
- Meeting international standards to facilitate appropriate cross border data transfers.
Chris was also a commentator for the session on cross border data transfers.
Related links
External links:
- The Cyberspace Law and Policy Centre (external site) »
- ALRC’s Report 108 on Australian Privacy Law (external site) »
- NSWLRC’s Consultation Paper 3 on New South Wales Privacy Legislation (external site) »
Asia-Pacific regional privacy options - August 2008
|
The Asia-Pacific region has reached a significant crossroads regarding the protection of privacy.
The region could choose to follow a path that is based on the traditional approach to privacy found in the EU Data Protection Directive of 1995 and the domestic laws of many countries, with strong comprehensive privacy legislation establishing independent regulators and imposing conditions on the transfer of personal information to parties in third countries.
The alternative path is to follow a new model of privacy protection that involves greater reliance on self-regulation, self-certification, trust-marks and the registration of corporate rules. This approach is strongly advocated by US businesses and some features of this approach appear (in a limited way) in the APEC Privacy Framework of 2005 and related APEC Privacy Pathfinder Projects.
In Asia-Pacific Region at the Privacy Crossroads Galexia Director Chris Connolly examines current privacy developments in the Asia-Pacific region and analyses the benefits and risks of pursuing either the EU or the APEC approach to privacy regulation.
This article includes up to date information on privacy developments in the following Asia-Pacific jurisdictions:
|
|
|
Browse online:
- Title page
- Contents
- 1. Introduction
- 2. Privacy regulation in the Asia-Pacific region
- 3. The EU approach
- 4. The US/APEC approach
- 5. Other regional opportunities
- 6. Emergence of a global privacy norm?
- 7. Business Compliance
- 8. Advice and Recommendations
- 9. Appendix 1 - National Laws
- 10. Appendix 2 - Asia-Pacific Summary Table
Australian Law Reform Commission releases final report on Australian privacy laws - August 2008
|
The Australian Law Reform Commission released its final report for its inquiry into Australia’s privacy laws on 11 August 2008. The report, For Your Information: Australian Privacy Law and Practice (Report 108) is around 2700 pages long, and contains 295 recommendations for improving Australia’s federal data protection laws.
Galexia was commissioned by Veda Advantage to prepare an independent submission to the inquiry discussing the privacy issues surrounding credit reporting, in response to the ALRC’s Discussion Paper 72.
The Australian Government has proposed a phased response to the ALRC recommendations. The first phase will address the proposed Unified Privacy Principles, health privacy, credit privacy, and privacy education. The second phase will address the recommendations on removal of exemptions, data breach notifications and the tort of privacy.
Related links:
External links:
Galexia conducts Pacific spam enforcement workshop - July 2008
|
Galexia conducted a workshop on anti-spam law enforcement in the Pacific in Brisbane on 14 July 2008.
The workshop’s key objectives included:
- Identifying appropriate mechanisms and procedures to enforce anti-spam legislation
- Developing materials and activities for public awareness and education
- Facilitating the development of domestic, regional and international cooperative arrangements.
The workshop was part of the Strengthening Spam Legislation, Enforcement and Cooperation Regimes in the Pacific project, conducted by Galexia with the support of AusAID and the Australian Department of Broadband, Communications and the Digital Economy (DBCDE). The project has assisted the Pacific nations Niue, Samoa and Vanuatu in strengthening their anti-spam legislation and enforcement systems.
Related links:
Galexia publishes case study on Harmonisation of E-Commerce Legal Infrastructure in ASEAN project - May 2008
|
Galexia has completed a case study of the Harmonisation of E-Commerce Legal Infrastructure in ASEAN project. The case study illustrates the progress made during the four years of the program (2004-2008), with eight of the ten ASEAN Member Countries having enacted e-commerce laws, and the remaining two having draft laws.
Related links:
Galexia assists CHOICE with submission on consumer protection in telecommunications - May 2008
|
Galexia was commissioned by CHOICE to prepare a submission to the 2008 Telecommunications Consumer Representation Stakeholder Forum, held in late April 2008. The paper, entitled Consumer Protection in the Communications Industry: Moving to best practice, provides an overview of consumer concerns with the current co-regulatory consumer protection framework in the telecommunications sector in Australia.
Browse online:
- Title Page
- Contents
- 1. Scope and Purpose
- 2. Consumer Protection Framework in Telecommunications
- 3. Comparison with other sectors
- 4. An improved model
- 5. Appendix 1 - Summary of Australian Codes
- 6. Appendix 2 - Case Study on the Code on Information on Accessibility Features for Telephone Equipment
- 7. Appendix 3 - Resources
Related links:
- View Galexia’s collection of research articles and submissions »
- View CHOICE's telecommunications campaign page »
External links:
Recruitment - Legal/IT Research Consultant - April 2008
We are looking for an enthusiastic and dynamic person to join us as a junior Legal/IT Research Consultant on a casual basis. The role requires a background in both law and technology - we are particularly interested in hearing from university students in combined IT/Law or similar degrees.
The successful applicant’s core duties will include legal and technical research (with a strong international focus) in our areas of specialisation - e-commerce, identification, identity management, authentication, security and privacy - and assisting with system administration - maintaining our internal systems as well as our client extranets and public website.
Related links:
Automated business in life insurance and electronic commerce - April 2008
|
Chris Connolly will sit on a panel of experts at a seminar discussing the benefits, challenges and implications of automated business in life insurance and electronic commerce. The key issues to be addressed include:
- What are the benefits of automated underwriting?
- Do we need signatures?
- How much do advisers have to change the way they work?
- How far can the system go?
- How should we deal with cases that do not go straight through the automated system?
- What are the implications for underwriter training?
- Privacy issues
- Electronic record keeping issues
The discussion is being hosted by the Investment and Financial Services Association Limited.
External links:
Tenth ASEAN E-Commerce workshop held in Jakarta, Indonesia - March 2008
|
The tenth ASEAN E-Commerce workshop was held in Jakarta, Indonesia in April 2008. The workshop focused on regional and international e-commerce issues, and the Indonesian Law on Information and Electronic Transactions.
Related links:
- Read more about the ASEAN E-Commerce project »
- Read more about Galexia’s recent work on the Indonesian bill »
Chris Connolly (Galexia), Iwan Gunawan (Program Coordinator, AADCP Program Stream) and Roger Vitasa (ASEAN) |
Workshop Participants |
|
|
Presentation: International and ASEAN Best Practice in E-Commerce Legislation; Chris Connolly (Galexia) |
|
Indonesian Parliament passes e-commerce law - March 2008
|
On 25 March the Indonesian House of Representatives passed the Law on Information and Electronic Transactions. This omnibus law includes provisions for enabling e-commerce transactions and digital signatures, privacy, domain name registration and dispute resolution, digital copyright, content regulation and cybercrimes. The Law is an important step in meeting Indonesia’s e-commerce targets under the Roadmap for Integration of e-ASEAN Sector.
Galexia is assisting Indonesia by providing an analysis of the Law and a high-level awareness-raising workshop (the tenth ASEAN E-Commerce workshop) to facilitate the promotion of the Law. The workshop will be held on 8 April in Jakarta, Indonesia.
Related links:
- Read more about Galexia’s recent work on the Indonesian bill »
- Read about the tenth ASEAN E-Commerce workshop »
- Read more about the ASEAN E-Commerce project »
External links:
Consumer protection in electronic contracts - March 2008
|
CHOICE and the Cyberspace Law and Policy Centre at the University of New South Wales hosted a roundtable discussion on consumer rights in the information age in early March. Galexia Director Chris Connolly addressed participants on Australian and regional regulatory responses to the key challenges of consumer protection in electronic contracts.
The roundtable discussion was preceded by a public lecture by Professor Jane Winn of the University of Washington.
Related links:
Galexia completes study of cyberlaw harmonization for UNCTAD Information Economy Report - February 2008
|
Galexia was commissioned to prepare a case study on harmonisation of cyberlaws for the United Nations Conference on Trade and Development’s (UNCTAD’s) Information Economy Report 2007-2008. The case study analysed the development of consistent e-commerce laws across the ASEAN Member Countries, based on Galexia’s work in the region. The ASEAN Member Countries stand out as being the first regional group to adopt harmonised e-commerce laws.
Download Report
- Download Chapter 8 - Harmonising Cyber Legislation at the Regional Level: The case of ASEAN » (PDF)
- Read UNCTAD's Information Economy Report series (external link) »
Galexia assists Eric Bana in a domain name dispute - February 2008
|
Galexia assisted actor Eric Bana in a domain name dispute against a cybersquatter before a panel of the World Intellectual Property Organisation (WIPO) in late 2007. Under the Uniform Domain Name Dispute Resolution Policy (UDRP - the dispute resolution policy for top-level domain names), the panel ordered that the domain name be transferred to Eric Bana.
Galexia hosts Japanese privacy delegation - February 2008
|
Galexia recently hosted a delegation of Japanese privacy experts, including academics and professionals from the legal and technology fields. The delegation met with Australian privacy experts from within government, industry and academia, discussing a broad range of privacy issues, with a particular focus on privacy impact assessments (PIAs) and biometrics. The meetings were conducted in Sydney and Canberra.
Galexia has provided privacy compliance advice to a number of international companies with operations in Japan following the introduction of the Japanese Act on the Protection of Personal Information 2003.
The privacy implications of China's outsourcing industry - January 2008
|
Data protection law in China is currently going through a significant reform. There is potential for China’s existing patchwork of data protection requirements to be transformed into a strong, comprehensive data protection regime. This paper canvases the recent developments, particularly from the perspective of offshore outsourcing - a growing industry sector in China.
The article was published in Volume 10, No 9 of the Internet Law Bulletin (January 2008).
Related links:
- Read the article in full »
- Read more Internet Law Bulletin articles, casenotes, bytes and research »
Developments in digital rights management - January 2008
|
Digital rights management (DRM) restricts usage and copying of digital copyright materials (such as music) using technical access control measures. Online music retailers, such as the Apple iTunes store, have typically been forced to use these protected formats by the recording industry, in an attempt to combat online piracy.
Recently, key record labels have moved away from the use of DRM, allowing the online retailer Amazon to sell unprotected versions of their music. This byte discusses some of these developments, and related developments on the legal front.
The byte was published in Volume 10, No 9 of the Internet Law Bulletin (January 2008).
Related links:
Galexia provides technical assistance for Indonesian cyberlaw bill - January 2008
|
Galexia has been assisting ASEAN meet targets set in the Roadmap for Integration of e-ASEAN Sector (the e-ASEAN Roadmap). Measures contained in the e-ASEAN Roadmap for e-commerce include:
- Measure 78: Enact domestic legislation to provide legal recognition of electronic transactions (i.e., Cyberlaws) based on common reference frameworks. (Deadline: 31 December 2008)
Galexia’s project on e-commerce legal infrastructure for ASEAN has been expanded to include special assistance for Indonesia. This phase will run from January to April 2008.
Indonesia has developed draft legislation to meet this target - the Electronic Information and Transaction Bill. It is an ambitious piece of legislation covering e-government, electronic contracting, privacy, Cybercrime, spam, digital copyright and other cyberlaw issues in a single omnibus Bill.
This new project will assist Indonesia through:
- The research, preparation and distribution of materials on the benefits, issues and challenges of developing e-commerce legislation in Indonesia; and
- A high-level awareness raising and technical assistance workshop to facilitate the promotion of the Indonesian Electronic Information and Transaction Bill.
The Harmonisation of E-Commerce Legal Infrastructure in ASEAN Project is funded by the ASEAN Australia Development Cooperation Program (AADCP). AADCP is funded by the Australian Government through AusAID, implemented in close collaboration with the ASEAN Secretariat, and managed by Cardno Acil.
Related links:
Developments in Asia-Pacific privacy laws in 2007 - January 2008
|
This article provides a summary of the key privacy law developments in the Asia-Pacific region in 2007. As sharing of personal details online becomes more frequent, and the accessibility of such information is enhanced by rapidly improving technologies, the privacy risks that threaten a world citizen are greater than ever before. In the Asia-Pacific region there has been significant growth in Business Process Outsourcing (BPO), which demands countries develop coherent information protection laws. A number of countries in the region are making progress towards new privacy legislation. At the same time other countries in the region with existing privacy laws are looking to amend and reform laws so that they align with current technologies, community views and international standards. One new issue that is emerging is the consideration of data breach notification rules by Asia-Pacific countries - and this is likely to be a major talking point in the region over the next few years.
The article was published in Volume 4, Nos 6 and 7 of the Privacy Law Bulletin (December 2007).
Related links:
Credit reporting submission to the Australian Law Reform Commission's Privacy Review - December 2007
|
Galexia was recently commissioned by Veda Advantage to independently research and develop options for a framework for stronger, more effective and more efficient consumer protection in credit reporting in Australia. This task was been initiated in response to the Australian Law Reform Commission (ALRC) review of privacy legislation.
Consumer protection in the regulation of credit reporting is a very complex territory and Veda Advantage wanted to assist the ALRC and stakeholders with a cogent expert’s report to guide understanding of the major issues.
Related links:
External links:
Galexia Associate Claro Parlade wins Endeavour Fellowship to study privacy law - November 2007
|
Claro Parlade, Galexia’s associate from the Philippines, has won an Endeavour Fellowship and will be funded to visit Australia in 2008 for 3 months to study privacy law.
Claro is currently the Executive Director of the Cyberspace Policy Centre for Asia-Pacific (CPCAP), a leading source of expertise on electronic commerce, privacy and online dispute resolution issues in the Asian region.
Galexia and the Office of the Privacy Commissioner (OPC) are Claro’s joint sponsors for the programme, and Galexia will be co-hosting Claro along with the OPC. He will also spend time travelling around the country interviewing key business, government and consumer stakeholders about privacy issues.
Claro has considerable experience in policy work in the Philippines, having been Chairman of the Legal and Regulatory Committee of the IT and E-Commerce Council (‘ITECC’) of the Philippines from 2000 to 2004. He has been involved in the drafting of the Philippines E-Commerce law, and has worked on numerous draft bills and regulations on matters such as the creation of a department of ICT, telecommunications reform, cybercrime and Internet governance.
The Endeavour Programme brings leading researchers, executives and students to Australia to undertake short or long term study, research and professional development in a broad range of disciplines and enables Australians to do the same abroad.
External links:
Claro Parlade
Jurisdictional and enforcement issues of internet gambling - October 2007
|
The online gambling market is facing the same challenges of jurisdiction and law enforcement as internet activities in general. In this article, Christina Fränngård discusses recent issues in these areas, and examines the situation in three jurisdictions in detail - the US, the EU and Australia.
The article was published in Volume 10, No 7 of the Internet Law Bulletin (October 2007).
Related links:
- Read the article in full »
- Read more Internet Law Bulletin articles, casenotes, bytes and research »
Galexia assists the NSW RTA with their Document Verification System - October 2007
|
Galexia has been selected to conduct a Privacy Impact Assessment (PIA) for the NSW Roads and Traffic Authority (RTA). The PIA will cover the RTA’s potential participation in the national Document Verification Service (DVS).
The DVS has been developed as part of the National Identity Security Strategy. The DVS will be a secure, electronic, on-line system accessible by certain Australian Government, state and territory agencies to check the validity of an identity document. The verification of driver licences will be completed via the National Exchange of Vehicle and Driver Information System (NEVDIS) database, operated by AUSTROADS.
Galexia to help develop spam laws in the Pacific - October 2007
|
After a competitive tender process, Galexia has been chosen to assist the Department of Communications, Information Technology and the Arts (DCITA) in the development of a harmonised spam legislation, enforcement and co-operation regime for three Pacific nations.
This project, funded in part by AusAID's Pacific Governance Support Program (PGSP), will be applied across the island states of Niue, Samoa and Vanuatu.
As part of the project, Galexia will have a central role in developing a package of anti-spam policy and legislation, specifically tailored for these Pacific nations, which will be modelled on Australia's Spam Act of 2003.
DCITA's role will continue through to developing a local enforcement capability, as well as assisting the Pacific nations participate in an international network of enforcement agencies.
Related links:
Five new signatories to the UN Convention on the Use of Electronic Communications in International Contracts - October 2007
|
The treaty event, entitled "Focus 2007: Towards Universal Participation and Implementation - A Comprehensive Legal Framework for Peace, Development and Human Rights" was held at United Nations Headquarters in New York, on the 25-27 of September and the 1-2 of October 2007. During the event, the United Nations Convention on the Use of Electronic Communications in International Contracts received five new signatories:
- The nations of Panama and the Philippines;
- The Islamic Republic of Iran; and
- The nations of Colombia and Montenegro.
The Convention was adopted by the UN General Assembly in November 2005 and has since received 15 signatories. The Convention aims to improve the legal certainty and commercial predictability of electronic contracts. Other signatories to the Convention are the Central African Republic, China, Lebanon, Madagascar, Paraguay, Senegal, Sierra Leone, Singapore, Sri Lanka and The Russian Federation.
Related links - Galexia’s publications on the Convention:
- How and when the United Nations Convention on the Use of Electronic Communications in International Contracts 2005 will come into force »
- The main provisions of the Convention and the impact of the Convention on the legal rules surrounding electronic contracting »
- The scope and exclusions to the Convention »
Consumer Action Law Centre publish Galexia's Trade Practices Act Public Benefit Report - September 2007
|
The Consumer Action Law Centre (CALC) has now published the Galexia-written report focussing on defining the ‘public benefit’ in Part VII of the Trade Practices Act 1974 (Cth). It was completed as part of a project to identify weaknesses in the way in which the public benefit test is currently applied under the Act and to propose solutions that will ensure that consumers receive the protections they require when reductions in competition through mergers, acquisitions and collusions are considered. The report has a particular focus on the potential inclusion of social and environmental considerations in the public benefit test.
Part VII of the Trade Practices Act 1974 acknowledges that there are circumstances in which anti-competitive conduct will be permissible - where the detriment caused by the conduct is outweighed by other benefits to the public. The report examines the application of the public benefit test in both theory and practice, and makes recommendations aimed at improving consideration of the public benefit in authorisations.
Related links:
Galexia meets with Secretary of State to the Ministry of Commerce in Cambodia - September 2007
|
Galexia was asked to advise Cambodia on their draft E-Commerce Law during their visit to the country for Workshop W9. This was at the invitation of HE Pan Sorasak - Secretary of State to the Ministry of Commerce. The Secretary was an attendee at AADCP E-Commerce Project workshops (W3 and W5) in his former capacity as an Under-Secretary in the Cambodian Ministry of Posts and Telecommunications.
On Thursday 23 August 2007 Galexia travelled to Phnom Penh to meet with the Secretary and the team working on drafting Cambodia’s e-commerce legislation. Galexia held an initial meeting with the Secretary to discuss aid and development in Cambodia and the region more broadly - gaining insights into other work in the region being carried out by the International Telecommunications Union (ITU) and UN Conference on Trade and Development (UNCTAD).
Galexia briefed the E-Commerce law meeting on the overall AADCP E-Commerce Legal Infrastructure Harmonisation Project and on the workshop (W9) outcomes in Siem Reap. Galexia also provided specific feedback and advice on the draft Cambodian E-Commerce Law.
Cambodia Ministry of Commerce - August 23 From left to right: Sven Callebaut (UNCTAD), Yin Yanno, Tous Sapha, Kang Koy (Ministry of Commerce), Ban Lim (Nat. Bank of Cambodia), Chris Connolly (Galexia), H. E. Sorasak Pan (Ministry of Commerce), Srey Siyout (Nat. Bank of Cambodia), H. E. Mao Thora (Ministry of Commerce), Francis Vierboom (Galexia), Peter van Dijk (Galexia)
|
Cambodia Ministry of Commerce - August 23 From left to right: Kang Koy (Ministry of Commerce), Srey Siyout (Nat. Bank of Cambodia), H. E. Mao Thora (Ministry of Commerce), H. E. Sorasak Pan (Ministry of Commerce), Chris Connolly (Galexia), Peter van Dijk (Galexia), Sven Callebaut (UNCTAD), Tous Sapha (Ministry of Commerce)
|
Related links:
Galexia's commentary on the UN Convention on Electronic Contracting documents - September 2007
|
From the 29th to the 31st of August, an international conference on the United Nations Convention on the Use of Electronic Communications in International Contracts (UNECIC) was held in Hanover, Germany.
The UNECIC conference was aimed at analysing and interpreting the text of the new UN ECIC-Convention and promoting its application.
Chris Connolly addressed the conference on two broad issues:
1) The Scope and Exclusions of the Convention (Articles 2, 3, 19 and 20) as they stand; and
2) Using the Convention to Harmonise the domestic regulation of Electronic Contracting (including a practical case study on the Association of South East Asian Nations (ASEAN) E-Commerce Project).
A paper is now available, which outlines the scope and exlcusions of the convention. This is an early working draft of the final conference paper, intended for future revision and publication in a book on the Convention (Kluwer, mid 2008). Commentary on the document is welcome, and can be emailed to [email protected].
Related links:
External links:
Data retention by search engines and Australian privacy law - August 2007
|
Galexia Consultant, Sarah Andrews has recently written an article looking at the data retention regimes of search engines, and their effects under Australian privacy law.
Recent months have seen Google, the world’s most popular search engine, at the centre of controversy concerning the length of time it retains records of its users’ search queries. This is not the first time the practices of search engines have hit the headlines or attracted privacy watchdogs’ attention. Nor is Google alone among search engines in retaining users’ search queries for extended periods. The Google case does, however, provide a very useful illustration of the significance of data protection concerns raised by the retention of data on past searches and the importance for search engines of implementing robust privacy policies and practices.
The article, published in Volume 4 of the Privacy Law Bulletin, examines these issues from the perspective of Australian privacy law and suggests steps that search engines can take to ensure compliance with the law and promote trust among users.
Related links:
Land rights in virtual worlds - August 2007
|
In August 2007, the State of Play V: Building the Global Metaverse conference was held in Singapore. Jointly organized by Harvard Law School, Yale Law School, New York Law School, Trinity University, and Nanyang Technological University in Singapore, this global conference on ‘virtual worlds’ invited experts across disciplines to discuss the future of cyberspace and the impact of these new immersive, social online environments on education, law, politics and society. The hallmark of the conference was its multi-disciplinary perspective.
Professor Yee Fen Lim spoke at the State of Play V conference on the topic of Space, Place and Culture focusing on the concept of land in Second Life, a highly topical issue due to the Bragg v Linden litigation currently on foot in the US.
Yee Fen also ran a Workshop on Law and Regulation at the State of Play V conference with colleagues from CAPTEL, Nanyang Business School.
Both Yee Fen’s paper and Workshop were reported in the press.
External links:
UN Electronic Communications in International Contracts Convention in Hanover, Germany - August 2007
|
From the 29th to the 31st of August, an international conference on the United Nations Convention on the Use of Electronic Communications in International Contracts (UNECIC) was held in Hanover, Germany.
The UNECIC conference was aimed at analysing and interpreting the text of the new UN ECIC-Convention and promoting its application.
Chris addressed the conference on two broad issues:
1) The Scope and Exclusions of the Convention (Articles 2, 3, 19 and 20) as they stand; and
2) Using the Convention to Harmonise the domestic regulation of Electronic Contracting (including a practical case study on the Association of South East Asian Nations (ASEAN) E-Commerce Project).
Related links:
External links:
Ninth ASEAN E-Commerce workshop held in Siem Reap, Cambodia - August 2007
|
On the 20th of August 2007, the ninth ASEAN Workshop on E-Commerce was held in Siem Reap, Cambodia.
This Workshop (W9) had a focus on Phase 3 of the Project, Mutual Recognition of Digital Signatures, and on building an ASEAN Digital Signature Strategy. The Workshop discussed strategy and implementation issues.
The development of an ASEAN Digital Signature Strategy will assist ASEAN countries in addressing the legal, policy, technical and infrastructure issues needed to develop common methods for mutual recognition of digital signatures. It will assist those countries with legal infrastructures to make necessary adjustments and provide direction for those countries yet to implement an infrastructure.
The Workshop was also run in parallel to of the 8th ASEAN Telecommunications and IT Senior Officials Meeting (8th TELSOM) and the 7th ASEAN Telecommunications and IT Ministers Meeting (7th TELMIN).
Cambodia Strategy Meeting (W9) - August 20 Back Row: Peter van Dijk (Galexia), Amir Suhaimi Hassan (Malaysia), Harme Mohamed (Malaysia), Riki Arif Gunawan (Indonesia), Than Htun Aung (Myanmar), Chris Connolly (Galexia), Vu Chi Kien (Vietnam), Lee Hooi Teck (Malaysia), Troeng Douma (Cambodia) Front Row: Dr Ajin Jirachiefpattana (Thailand), Maw Maw Aye (Myanmar), Lin Ah Tin (Malaysia), Patricia M. Abejo (Philippines), (Vietnam), Bui Thi Ngoc Khanh (Vietnam), Somlouay Kittignavong (Laos)
|
Cambodia Strategy Meeting (W9) From left to right: Than Htun Aung (Myanmar), Patricia M. Abejo (Philippines), Amir Suhaimi Hassan (Malaysia), Peter van Dijk (Galexia), Bui Thi Ngoc Khanh (Vietnam), Vu Chi Kien (Vietnam), Mima Sefrina (ASEC), Riki Arif Gunawan (Indonesia), Somlouay Kittignavong (Laos), Harme Mohamed (Malaysia)
|
Cambodia Strategy Meeting (W9) - August 20 The workshop lunch: Mima Sefrina (ASEC), Maw Maw Aye (Myanmar), Patricia M. Abejo (Philippines)
|
Cambodia Ministry of Commerce - August 23 From left to right: Sven Callebaut (UNCTAD), Yin Yanno, Tous Sapha, Kang Koy (Min. Comm), Ban Lim (Nat. Bank of Cambodia), Chris Connolly (Galexia), H. E. Sorasak Pan (Min. Comm), Srey Siyout (Nat. Bank of Cambodia), H. E. Mao Thora (Min. Comm), Francis Vierboom (Galexia), Peter van Dijk (Galexia)
|
Related links:
Internet and E-commerce Law - August 2007
|
Professor Yee Fen Lim, a senior consultant at Galexia, is the co-author of Internet and E-commerce Law: Technology, Law and Policy published in August 2007.
The focus of the book is the regulatory framework of the Internet and e-commerce. Yee Fen’s contributions offer a detailed analysis of authentication, privacy and Cybercrime that are extensive, and up to the minute.
External links:
OECD issues new Recommendation on Consumer Dispute Resolution and Redress - August 2007
|
The Organisation for Economic Cooperation and Development (OECD) has issued a new Recommendation on Consumer Dispute Resolution and Redress. Adopted by the OECD Council on 12 July 2007, the Recommendation aims to ensure that consumers have access to swift and effective mechanisms to resolve complaints and obtain compensation when transactions with businesses go wrong.
Although the Recommendation applies to all forms of commerce, a major impetus behind its development was to address consumer complaints arising from e-commerce. OECD governments recognised that if they are to take full advantage of the global digital marketplace, consumers need to be confident that they will be able to resolve complaints with businesses online and in other countries.
The Recommendation calls on member countries to update their dispute resolution and redress systems so that they better respond to the varying nature of consumer complaints. Specifically, it identifies three different categories of mechanisms to be included in domestic frameworks - mechanisms for consumers to act individually; mechanisms for consumers to act collectively; and mechanisms for the government to obtain redress for consumers. It then sets out goals to ensure that these mechanisms are more accessible and effective in cross-border cases. The Recommendation also includes provisions on complementary measures that can be taken by the private sector to help consumers resolve disputes efficiently and at the earliest possible stages.
In Australia, the adequacy of existing dispute resolution mechanisms and redress provisions will be reviewed by the Productivity Commission as part of its inquiry into the national consumer policy framework. The final results of the inquiry are due to be released in December 2007.
External links:
- Read the Recommendation »
- Read more information on the OECD’s work on consumer protection »
- Read more information on the Australian Productivity Commission inquiry »
Galexia presents final digital signature strategy to Law Society of NSW - July 2007
|
Galexia has presented a digital signature strategy to the Law Society of NSW’s Legal Technology Committee.
The project was an extension of work completed by Galexia in 2005, and involves the development of a strategy of the Law Society’s potential use of digital credentials. Galexia’s role is to ensure that policies are compatible with current best practices in PKI and the recent Gatekeeper reforms.
Related links:
Galexia writes chapter in Information Economy Report 2007 for UNCTAD - July 2007
|
Galexia has been commissioned by the United Nations Conference on Trade and Development (UNCTAD) to write a chapter in the Information Economy Report 2007. Galexia’s chapter presents a case study on the ASEAN E-Commerce Project - a major 4-year project to assist the ten Member Countries of the Association of South East Asian Nations develop and implement a harmonised e-commerce legal infrastructure. The E-Commerce Project is funded by the ASEAN Australia Development Cooperation Program (AADCP).
The experience of the ASEAN Member Countries in the E-Commerce Project may be helpful for developing countries formulating their own e-commerce legislation and beyond this, developing a comprehensive legal infrastructure, including regulations, standards, training and education.
The Information Economy Report is to be published in October 2007.
Related links:
Galexia completes initial PIA for the Department of Defence - June 2007
|
Galexia has completed an initial Privacy Impact Assessment (PIA) for the Australian Department of Defence. This PIA - on the JP2099 Program - is in accordance with the Privacy Impact Assessment Guide issued by the Office of the Privacy Commissioner.
The broad purpose of this PIA was to provide a description and assessment of the personal information flows that are expected to occur for the JP2099 Identity Management Capability, assess the potential privacy legal issues and privacy perception issues that arise from the identified flows, and the Capability as a whole, and assess the impact these issues may have on the privacy of individual’s personal information. This is an initial PIA based on an assessment of an initial set of business processes that have been developed to support the proposed Capability.
External links:
OECD issues Recommendation and Guidance on Electronic Authentication - June 2007
|
On the 12th of June 2007, the OECD Council adopted a new Recommendation on Electronic Authentication. The Recommendation recognises the role that electronic authentication can play in developing trust in online transactions by providing certainty and strengthening protection of information security and individuals’ personal data. It calls on member countries to: work towards “technology-neutral” approaches for authentication in both domestic and cross-border contexts; foster the development, deployment and use of sound electronic authentication mechanisms that meet privacy and security needs; encourage compatibility and interoperability of authentication schemes as a means to facilitate cross-sectoral and cross-jurisdictional use; and raise awareness, including among non-members, of the benefits of the use of electronic authentication. The Recommendation is specifically aimed at “electronic authentication of persons and entities” as opposed to authentication of the validity of documents or electronic signatures.
The Recommendation is accompanied by a Guidance document, defining a set of ‘Foundation’ and ‘Operational’ Principles for the use and implementation of authentication mechanisms. The Foundation Principles identify security, privacy, and risk management goals and establish that the roles and responsibilities of different participants in the authentication process should be proportionate to their degree of knowledge and control. The Operational Principles address issues of usability, fitness for purpose, education, disclosure, complaints handling, audits and assessments, cross-jurisdictional recognition and interoperability, and standards.
External links:
Galexia attends the second APEC Privacy Seminar in Cairns - June 2007
|
In June 2007, Sarah Andrews, Chris Connolly and Peter van Dijk attended the 2nd APEC Privacy Seminar in Cairns. The APEC Data Privacy Seminar brought together governments, regulators, supervisory authorities, business and consumers of APEC economies to explore the practical mechanisms to facilitate the responsible and accountable transfer of personal information across international borders.
Following on from the first seminar in Canberra in January 2007, the seminar looked at:
- Cross-border privacy rules in protecting cross-border transfers of personal information
- The development of cross-border cooperative arrangements between stakeholders to facilitate the implementation of cross-border privacy rules, and
- The role of privacy regulators, trustmarks and Pathfinder projects in implementing a cross-border rules privacy system.
Related links:
Review of the EU Directive on Electronic Commerce - June 2007
|
The E-Commerce Directive was intended to provide a general framework for electronic commerce laws, and thereby to increase confidence in e-commerce. It imposed mandatory requirements on member states, and led to greater harmonisation of relevant laws. This byte discusses several of the perspectives on the Directive as its next mandatory review approaches.
The byte was published in Volume 10, No 3 of the Internet Law Bulletin (June 2007).
Related links:
Sarah Andrews joins Galexia - June 2007
Galexia would like to welcome Sarah as a Senior Consultant.
Previously, she worked at the Organisation for Economic Co-operation and Development (OECD) in Paris, where she co-ordinated the work of the Committee on Consumer Policy. A primary focus of her work was on promoting consumer trust in the global marketplace through better access to dispute resolution and redress mechanisms and increased enforcement co-operation against cross-border fraud.
Sarah also spent 3 years as Research Director for the Electronic Privacy Information Center (EPIC) in Washington, DC where she specialised in international developments in privacy law and policy.
Sarah holds a Bachelor of Laws degree (Hons) from University College Cork, Ireland and a Masters of Laws in International Legal Studies (Distinction) from Georgetown University Law Center, Washington DC, US. She is licensed to practice law in New York State, US.
Galexia publishes article on recent developments in internet jurisdiction - May 2007
Prashanti Ravindra has recently published an article detailing recent developments in the realm of Internet jurisdiction.
Traditionally, questions of jurisdiction are answered based on the territoriality, but this approach has proved problematic in online contexts, where transactions occur freely across national boundaries.
This article examines three recent cases in which courts have considered the problems of Internet jurisdiction: the order of the French Tribunal de Grande Instance de Paris against Yahoo! Inc for its online auctioning of Nazi artifacts and memorabilia in Association Union des Etudiants Juifs de France v Yahoo! and the ensuing chain of actions in the US over whether US courts could exercise jurisdiction over the French parties; an order by a US district court against a UK anti-spam organisation in e360 Insight v The Spamhaus Project; and the assertion of jurisdiction of a Michigan court over a New York defendant who contracted with a Michigan resident.
The article was published in Volume 10, No 1 of the Internet Law Bulletin (May 2007).
Related links:
- Read the article in full »
- Read more Internet Law Bulletin articles, casenotes, bytes and research »
The Telecommunications (Interception) Amendment Act 2006 - May 2007
|
Galexia Consultant Saira Ahmed has published an article detailing the recent amendments to the Telecommunications Act 1979 (Cth).
The amendments insert a warrant regime for access to stored communications held by a telecommunications carrier and enable interception of telecommunications of an innocent person known to communicate with a person of interest - known as ‘B-Party’ intercepts. This article discusses the main provisions of the Telecommunications (Interception) Amendment Act 2006 (Cth) and the controversy surrounding these amendments.
Implications of the amendments enable the Australian Security Intelligence Organisation (ASIO) and other law enforcement agencies to intercept telecommunications of third parties including emails, SMS and voicemail messages. These provisions are naturally significant for lawyers advising clients on cooperation with law enforcement authorities in relation to telecommunications, including emails.
The article was published in Volume 10, No 1 of the Internet Law Bulletin (May 2007).
Related links:
- Read the article in full »
- Read more Internet Law Bulletin articles, casenotes, bytes and research »
Galexia assists CHOICE with a joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC - May 2007
|
Galexia assisted CHOICE with its submission regarding the 2007 review of the Electronic Funds Transfer (EFT) Code of Conduct, as conducted by the Australian Securities and Investment Commission (ASIC).
Among the major issues considered by Galexia were the liability of parties in electronic funds transactions, particularly with regard to Internet banking. The project involved detailed technical advice on authentication techniques for electronic transactions.
The Submission was prepared by Galexia. Guidance, input and comments were received from a small reference group consisting of representatives of CHOICE, the Consumer Action Law Centre, the Centre for Credit and Consumer Law, the Australian Privacy Foundation, the Consumer Credit Legal Centre (NSW), Care Inc. Financial Counseling Service and Consumer Law Centre of the ACT. Funding assistance was received from the Australian Securities and Investments Commission Consumer Advisory Panel (ASIC CAP).
Related links:
Galexia joins AGIMO Identity Management and Authentication Consultancy Services Panel - May 2007
|
The Australian Government Information Management Office (AGIMO) Identity Management and Authentication Consultancy Services Panel was formed in 2007 obtain specialist consultancy services relating to identity management and authentication. Galexia has been accepted onto the panel in four key areas of expertise.
AGIMO is a part of the Department of Finance and Administration, and works across government to maintain Australia’s position as a leader in the productive application of information and communications technologies (ICT) to government administration, information and services. AGIMO fosters the efficient and effective use of ICT by Australian Government departments and agencies.
The Identity Management and Authentication Consultancy Services Panel will be used by AGIMO to obtain:
- advice and support in the development and refinement of whole of government, and cross government, ICT frameworks, policies and for guidance on identity management and authentication matters;
- assistance with the provision of support to agencies and other jurisdictions that are pursuing individual projects pertaining to identity management and authentication; and
- in the event that the Department of Finance pursues ICT projects that encompass identity management and authentication matters, consultancy advice on any such projects.
Galexia’s services categories on this panel include:
- Identity and access management, including
- technical solutions, incorporating architectural analysis, business analysis, testing and systems design across both physical and logical environments;
- policy and governance advice across a range of government environments;
- advice in regard to business process analysis and re-engineering, quality assurance and accreditation;
- Australian and International standards;
- developments, both in industry and in foreign government jurisdictions;
- emerging technologies; and
- other identity and access management related advice.
- Authentication, including
- technical solutions, incorporating architectural analysis, business analysis, testing and systems design;
- policy and governance advice across a range of government environments;
- advice in regard to business process analysis and re-engineering, quality assurance and accreditation;
- Australian and International standards;
- developments, both in industry and in foreign government jurisdictions;
- emerging technologies; and
- other authentication related advice.
- Public key infrastructure (PKI) , including
- contextual analysis of the Government’s Gatekeeper PKI Framework in a changing and developing PKI and wider encryption solutions market;
- interoperability;
- Australian and International standards;
- National and international developments, both in industry and government jurisdictions;
- emerging technologies, in PKI specifically and encryption generally; and
- other PKI related advice.
- Privacy, including
- the specific development of identity management and authentication frameworks and in the delivery of identity management and authentication solutions and services.
Related links:
External links:
Eighth ASEAN E-Commerce workshop held in Vientiane, Laos - March 2007
|
On the 28 February - 2 March 2007, the eighth ASEAN Workshop on E-Commerce was held in Vientiane, Laos. This Workshop (W8) was a gathering of around 45 delegates and technical experts, including more than 40 from ASEAN member countries.
This Workshop (W8) had a training and capacity building focus. The Workshop discussed the project Implementation Guide and provide information and resources on implementation issues.
The objective of this Workshop was to facilitate implementation of a harmonised legal infrastructure for e-commerce, including Online Contract Formation, Jurisdiction and Online Dispute Resolution, through the provision of training and guidance on the use of the Implementation Guide developed during the project, and the exchange of information between member country participants.
Workshop content included the following presentations and materials:
— Review and discussion of developmnts in member countries and international initiatives in electronic contracting,
— Training materials and worksheets.
Related links:
Galexia undertakes third extension to ASEAN E-Commerce Harmonisation work - April 2007
One of the key steps to be fulfilled in the e-ASEAN Framework Agreement[2] is that Member Countries will need to allow the mutual recognition of digital signatures across borders in ASEAN.
The new ASEAN E-Commerce Project (Phase 3) on the Mutual Recognition of Digital Signatures is designed to help ASEAN Member Countries develop a common strategy to meet this objective.
The development of an ASEAN Digital Signature Strategy will assist ASEAN countries in addressing the legal, policy, technical and infrastructure issues needed to develop common methods for mutual recognition of digital signatures. It will assist those countries with legal infrastructures to make necessary adjustments and provide direction for those countries yet to implement an infrastructure.
Five steps have been identified as necessary in the establishment of a harmonised legal framework covering mutual recognition of digital signatures in ASEAN:
- Step 1: Develop recognition clauses for foreign digital signatures;
- Step 2: Develop recognition criteria for foreign digital signatures;
- Step 3: Identify interoperability model (amongst six available models worldwide);
- Step 4: Establish governance structure or arrangement for accreditation of foreign digital signatures; and
- Step 5: Establish a technical committee/body to monitor the implementation of mutual recognition of digital signatures.
This phase runs from April through to December 2007.
Related links:
Galexia at the Canberra APEC Data Privacy Seminar - January 2007
|
On the 22-23rd January 2007, the First Technical Assistance Seminar on the APEC Privacy Framework was held at the National Convention Centre in Canberra. The meeting was a gathering of delegates from around the world to discuss the international implementation of the Framework, with a core focus on making compliance possible and enforcement credible when personal information moves between economies.
The Seminar allowed participants to discuss issues raised by the transfer of personal information in the APEC region. Cross-Border Privacy Rules were discussed as a potential mechanisms for business and APEC economies to put into place the privacy principles contained in the APEC Privacy Framework. A seminal point raised by the delegates on the use of Cross-Border Privacy Rules by business, was how they might provide certainty to their customers on how their personal information will be protected.
Galexia Director Chris Connolly spoke at the meeting, discussing the practical issues of achieving global compliance, particularly from a business perspective. Chris outlined and explored mechanisms that enable industry to meet business and consumer needs through accountable transfers of personal information across economies, whilst remaining consistent with the APEC Privacy Framework.
External links:
Second edition of 'Cyberspace Law: Commentaries and Materials' - January 2007
|
Yee Fen Lim, senior consultant at Galexia, has published a comprehensive revision of her Oxford University Press book, Cyberspace Law: Commentaries and Materials.
Cyberspace Law brings the complex legal issues of the Internet to both law students and practitioners. With a foreword by the Honourable Justice Gummow AC QC of the High Court of Australia, the book reflects recent changes in legislation, providing a detailed study of this fast moving field of law. It covers new technological developments as well as recent changes in legislation.
Cyberspace Law has been adopted by numerous universities around the world as the definitive textbook on cyberspace laws, providing expert commentary on cases and legislation in all areas of e-commerce, internet and technology law.
External links:
Gatekeeper reforms published - October 2006
In late September 2006, the Australian Government Information Management Office (AGIMO) released amended documentation for the Gatekeeper PKI Framework. This documentation was developed in conjunction with Galexia in order to govern the use of PKI in government for the authentication of external clients. The strategy provides a whole-of-government framework that delivers integrity, interoperability, authenticity and trust for agencies and their clients. The strategy is underpinned by a standards-based, technology neutral accreditation program for issuers of digital certificates.
This project included a mixture of strategic, technical, security and legal advice. Gatekeeper is considered to have provided only limited success in Australia, and the reform of Gatekeeper is designed to enable the production of new, flexible digital certificate categories and the removal of compliance burden and paperwork for PKI service providers. Legal and privacy issues were also reviewed to ensure greater certainty and simplicity.
External links:
Galexia hosts 7th ASEAN Workshop on E-Commerce in Brunei - September 2006
On the 9-11th of September 2006, the seventh ASEAN Workshop on E-Commerce was held in Brunei. The Brunei Workshop (W7) was a gathering of around 30 delegates and technical experts, including more than 20 from ASEAN member countries. Galexia hosted the workshop and provided expert presentations and materials.
Workshop content included the following presentations and materials:
— Report on proceedings at the Working Group meeting in Manila on 29 May 2006;
— Review and discussion of developments in member countries and international initiatives in electronic contracting, jurisdiction and online dispute resolution legal infrastructure;
— The contents of the Draft Framework Document (FD). The FD will contain options for a common framework for harmonised legal infrastructure for electronic contracting, jurisdiction and online dispute resolution; and
— Discussion and confirmation of steps required to achieve consensus on a preferred Option for harmonisation in ASEAN.
The objective of this Workshop (W7) was to help ASEAN and the Galexia E-Commerce Project team to finalise the content of the Framework Document (FD) and develop a recommendation to the ASEAN Working Group on E-Commerce and ICT Trade Facilitation.
Related links:
Online Dispute Resolution - August 2006
|
Galexia has recently published an article as part of the ASEAN E-Commerce Project. The article canvasses the various legal issues in the field of Online Dispute Resolution (ODR). ODR involves using online technologies to facilitate the resolution of various types of disputes that arise from electronic transactions - in much the same way that generic dispute resolution does in the offline realm. The article explores different ODR methodologies currently used in cyberspace. It also highlights the importance of ODR as a means of engendering consumer confidence in the online medium, thereby facilitating a growth in the number of people that engage in e-commerce.
Related links:
Galexia to help develop the Singapore National Authentication Framework - August 2006
|
The Infocomm Development Authority of Singapore (iDA) is spearheading a National Authentication Framework (NAF) programme under their 10 year Intelligent Nation Masterplan. NAF aims to implement a nationwide infrastructure for strong authentication through the development of appropriate business, technical and operational frameworks. A NAF steering committee and four NAF sub-committees (Finance, Telecommunications, Government and Technical) comprising of industry captains and government agencies will provide sponsorship and inputs to the developmental works under NAF.
Galexia has been chosen as a member of a consortium (also including KPMG, Baker & McKenzie, Wong & Leow and Biometix) to drive and guide the establishment of the NAF. As such Galexia’s work entails the proposal of a model to deploy the NAF, and to develop 4 supporting components that are needed to realise the deployments:
- Governance Framework and Regulatory Requirements;
- Accreditation Audit Criteria for Authentication Operators ("AOs");
- Reference Business Agreement; and
- Reference Technical Standards and Protocols.
Related links:
Galexia provides privacy compliance advice to Fidelity International - August 2006
|
Galexia has been providing privacy compliance advice to the Risk, Security and Business Continuity division of Fidelity International, including advice to their Hong Kong, Japan, Korea, Singapore, Sydney and Taiwan offices. This project will assist Fidelity manage their domestic and international privacy compliance requirements.
Related links:
Galexia examines best practice privacy management for public registers in Australia - July 2006
|
Galexia has recently been commissioned by RP Data to complete a report to examine the best practice privacy management for public registers in Australia.
Specifically, the paper includes the following:
- A detailed description of how privacy is managed in Australian jurisdiction for public register information (land registry data, electoral roll data, etc.);
- A detailed description of best practice approaches to managing privacy in public registers (codes of conduct, published papers etc.);
- Analysis of legislative approaches to managing privacy in public registers (Commonwealth and State legislation); and
- Insight into trends in privacy regulation of privacy in public registers (Australian Law Reform Commission review etc.).
Related links:
Galexia reviews identity management paper for South Australian Chief Information Officer - July 2006
|
Galexia has won a successful bid to review a position paper developed by the South Australian Office of the Chief Information Officer. The paper, on Identity and Access Management (IAM) for the South Australian Government, is a pre-cursor for the planned development of an IAM Framework for all of South Australia.
Related links:
Galexia to conduct analysis of e-commerce legal infrastructure in Malaysia - July 2006
|
Galexia is assisting the Commonwealth Department of Communications, Information Technology and the Arts (DCITA) in preparing a Malaysia - Australia E-Commerce Legal Infrastructure Analysis. The report will be of assistance in the development of the relationship between Malaysia and Australia in a number of areas - at a time when Malaysia and Australia are negotiating a Free Trade Agreement (FTA) that contains a chapter on E-Commerce. Malaysia and Australia also have an ongoing interest in the harmonisation of electronic commerce legal infrastructure. Specifically, the document is a coverage analysis of selected areas of E-Commerce Legal Infrastructure in Australia and Malaysia.
Related links:
UN Convention on the Use of Electronic Communications in International Contracts comes into force - July 2006
|
Galexia has written an article outlining how and when the United Nations Convention on the Use of Electronic Communications in International Contracts 2005 (the UN Convention on Electronic Contracting) will come into force. The Convention aims to improve the legal certainty and commercial predictability of electronic contracts. This is achieved through a number of provisions in the Convention, including those which establish the functional equivalence of electronic communications and signatures with their paper-based counterparts and those which set rules to assist in determining when and where an electronic communication has been sent and received.
The Convention was adopted by the UN General Assembly in November 2005 and has since received six signatories. A number of important economies have been quick to sign and endorse the Electronic Contracting Convention and it appears that it will play a significant role in shaping global e-contracting law.
Related links:
Sixth ASEAN E-Commerce workshop in Manila - May 2006
|
The sixth ASEAN Workshop on E-Commerce was held in Manila from 27-28th May 2006. It was a gathering of around 32 delegates (including more than 27 from ASEAN, 3 from ASEC, 1 from AADCP and 1 expert speaker) and technical experts to discuss many important aspects of the ASEAN E-Commerce Project. Most prominently discussed were the topics of:
- The results from Survey (S4) of existing approaches to Online Contract Formation and Online Dispute Resolution in ASEAN countries;
- The practical application of Online Dispute Resolution through examination of an Online Dispute Resolution facility (Philippines) to examine dispute resolution issues in greater detail;
- Existing approaches and activities in ASEAN member countries for Online Contract Formation and Online Dispute Resolution covered in Discussion Paper (DP3); and
- Existing approaches and activities for Online Contract Formation and Online Dispute Resolution in other countries/regions and international organisations covered in Discussion Paper (DP4).
The objective of this Workshop was to introduce project participants to the objectives and activities of the one-year project extension to consider Online Contract Formation and Online Dispute Resolution. The Workshop confirmed the scope of the project extension and facilitated liaison between the project and the ASEAN Working Group on E-commerce and ICT Trade Facilitation (Working Group). The Working Group also met in Manila on Monday 29 May 2006 at the same venue.
Workshop content included:
- The presentation of material and updates on national, regional and international initiatives in Online Contract Formation and Online Dispute Resolution;
- Preliminary discussion of options for harmonisation for ASEAN; and
- A virtual site visit to an Online Dispute Resolution facility in the Philippines.
The Workshop was facilitated by the Manila based Cyberspace Policy Centre for Asia-Pacific (CPCAP) and Galexia. The Executive Director of CPCAP, Claro V Parlade arranged for the workshop to be opened by Mr Angelo Timoteo M. Diaz de Rivera (Commissioner of e-Government Development).
W6 - Day 1: Iwan Gunawan (ACIL), Claro Parlade (Philippines), Timoteo Diaz de Rivera (Philippines), Chris Connolly (Galexia), Peter van Dijk (Galexia) and Honorio R. Vitasa (ASEC) | EC-ITF Working Group Meeting: Peter van Dijk (Galexia), Ambalagan K (Chairman), Chris Connolly (Galexia) and Honorio R. Vitasa (ASEC) |
W6 - Day 2: Honorio R. Vitasa (ASEC), Chris Connolly (Galexia), Ky Anh Nguyen (ASEC) and Mega Irena (ASEC) | W6 - Day 2: Mega Irena (ASEC), Claro Parlade (Philippines), Maw Maw Aye (Myanmar), Khin Htwe Myint (Myanmar), Chris Connolly (Galexia) and Do Xuan Minh (Vietnam) |
Related links:
Galexia to help develop the Australian Government e-Authentication Framework for Individuals (AGAFI) - April 2006
|
Galexia has recently won a competitive tender to work with the Department of Finance and Administration to conduct consultancy services for the Australian Government e-Authentication Framework for Individuals (AGAFI). The project will involve the provision of strategic advice, and the provision of a Privacy Impact Assessment (PIA) and Privacy Management Strategy (PMS) documentation for publication.
Galexia will also undertake investigation and report on technical approaches to protecting privacy in online transactions, known as Privacy Enhancing Technologies (PETs). This will incorporate assessments of the potential for PETs to enhance the uptake of online services, including their effectiveness, their maturity as protocols, implementation issues such as barriers to implementation, interoperability between these protocols and usability.
The documents will also look to investigate and report on the legal liability implications of government agencies relying on the evidence of identity and other identity management processes of other agencies and non-government organisations such as banks and financial institutions. Galexia’s work will incorporate the examination of best practice governance arrangements for the framework including an examination of current implementations in other national and international jurisdictions.
This project is an extension of previous Galexia work for AGIMO, and is a joint undertaking with Doll Martin Associates.
Galexia to help complete the Gatekeeper Public Key Infrastructure Framework for AGIMO - April 2006
|
Following a competitive tender, the Department of Finance and Administration has selected Galexia to undertake consultancy services relating to the Gatekeeper PKI Framework.
The Gatekeeper Strategy governs the use of PKI in government for the authentication of external clients. The strategy provides a whole-of-government framework that delivers integrity, interoperability, authenticity and trust for agencies and their clients. The strategy is underpinned by a standards-based, technology-neutral accreditation program for issuers of digital certificates.
The Framework is aimed at making the application of PKI less complex and more affordable for businesses and government agencies. It better aligns the Gatekeeper Strategy with the way governments and businesses conduct their day-to-day activities. The Framework introduces new categories of digital certificates for Organisations and Individuals.
More information about the Gatekeeper PKI Framework can be found at http://www.agimo.gov.au/infrastructure/gatekeeper.
Galexia will be working with the Australian Government Information Management Office (AGIMO), who works across government to maintain Australia's position as a leader in the productive application of information and communications technologies (ICT) to government administration, information and services.
Galexia will also work with both the Department of Finance and members of other specific working groups established by the Gatekeeper Policy Committee to deliver an operational Gatekeeper PKI Framework by 30 June 2006.
External links:
The UN Convention on Electronic Contracting - March 2006
|
Read the full text of the article from the Galexia website »
An update on the UN Convention on Electronic Contracting is available from the Galexia website:
- UN Convention on the Use of Electronic Communications in International Contracts to come into force - July 2006 Read more »
Galexia’s article on the UN Convention on electronic contracting by Chris Connolly and Prashanti Ravindra has now been published in the Computer Law and Security Report. The Computer Law and Security Report is a journal dedicated to covering key developments in IT law and security.
The UN Convention seeks to enhance the legal certainty and commercial predictability of international electronic transactions by setting out a number of interpretive rules for the use of electronic communications in negotiating and forming contracts. The paper discusses the main provisions of the Convention and the impact of the Convention on the legal rules surrounding electronic contracting.
The final draft of the UN Convention is available as an annex to the UNCITRAL Report of its 38th Session at: <http://www.uncitral.org/uncitral/en/commission/sessions/38th.html>.
This article was first published in Computer Law & Security Report, 22 (2006) 31-38 <http://www.sciencedirect.com/science/journal/02673649>.
Related links:
Galexia conducting Preliminary Privacy Impact Assessments (PIAs) on Healthcare Provider Identifier (HPI) and Individual Healthcare Identifier (IHI) for National E-Health Transition Authority (NEHTA) - February 2006
|
From 1 July 2016 NeHTA is the Australian Digital Health Agency »
Following a competitive tender, the National E-Health Transition Authority (NEHTA) has asked Galexia to contribute the development of a secure, interoperable e-health environment in Australia.
The project involves the development of two different types of healthcare identifiers. As such, Galexia’s primary role is the development of two preliminary Privacy Impact Assessments (PIAs) to examine and document potential privacy concerns.
- The first, the Healthcare Provider Identifier (HPI), is required so that individual providers can communicate with their colleagues, and jurisdictions can improve connectivity between their clinical systems within and across borders. Nationally, unique provider identification is recognised as a foundation for the broader e-health agenda and the implementation of Shared Electronic Health Records (Shared EHRs).
- The second, the Individual Healthcare Identifier (IHI), is required to ensure the correct identification of an individual and to make sure that the right information is attached to the right person.
Galexia to assist in further harmonisation of ASEAN electronic commerce - February 2006
|
Galexia has won a competitive tender for a ground-breaking one-year project that will further streamline electronic commerce in South East Asian nations.
The project is an extension of a previous Galexia project to develop and implement a harmonised legal infrastructure for electronic commerce in ASEAN (Association of South East Asian Nations: Brunei Darussalam, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam). This project extension will focus on harmonising electronic contracting and Online Dispute Resolution legal infrastructures in the region.
The goal of the project is to assist ASEAN to integrate into one market for goods, services and investment by the establishment of a harmonised legal, regulatory and institutional environment for electronic contracting and dispute resolution. The development and implementation of harmonised legal infrastructures for electronic contracting and dispute resolution will facilitate the development of e-commerce by providing users with common methods for completing electronic contracting steps, and a common framework for resolving electronic commerce disputes.
The project will produce the following outputs:
- A compilation of discussion papers focussing on ASEAN and international developments in electronic contracting, Online Dispute Resolution and jurisdiction of legal frameworks;
- Conducting surveys on the electronic contracting and Online Dispute Resolution legal landscapes in ASEAN member countries;
- The development of a proposed framework for harmonised legal infrastructure for electronic contracting and dispute resolution; and
- The compilation of implementation guides to support the proposed framework.
This project is funded by the ASEAN Australia Development Cooperation Program (AADCP) - Program Stream. AADCP is funded by the Australian Government, through AusAID and implemented in close collaboration with the ASEAN Secretariat and is managed by Cardno Acil Pty Ltd.
Related links:
Galexia publishes case note on WL v La Trobe University case - February 2006
|
Galexia has written a case note on the recently decided Victorian Civil and Administrative Tribunal decision, WL v La Trobe University.[3] The case examines what personal information can be collected and stored in order to come within the definition of personal information under the Information Privacy Act 2000 (Vic). The case note examines the facts and the decision of the case, as well as the implications for information handling after the decision.
This is a key decision as it is the most detailed consideration of the definition of ‘personal information’ in Australian privacy laws to date. For more information on the impact of this decision on your organisation, contact Galexia.
In completing this case note, Galexia has used the opportunity to examine various areas of privacy law, including freedom of information, the de-identification of personal data and the specific area of personal health information.
Related links:
Galexia publishes plain language guide to cyberlaws - January 2006
|
As part of an analysis of cyberlaws coverage in ASEAN (the Association of South East Asian Nations), Galexia has written a paper which looks closely at the following aspects of online-laws:
- Consumer Protection;
- Privacy and Data Protection;
- Cybercrime;
- Spam;
- Online Content Regulation;
- Digital Copyright;
- Domain Name Regulation;
- Electronic Contracting; and
- Online Dispute Resolution.
Related links:
Galexia expands work with Law Society of NSW and Commonwealth Department of Industy, Tourism and Resources (DITR) - January 2006
|
As part of work completed in 2005; and continuing in 2006, Galexia is working closely with the Law Society of NSW and the Commonwealth Department of Industy, Tourism and Resources (DITR) to develop policies, procedures and documents for a pilot of the Law Society’s digital credentials. Galexia’s role in the project is to ensure that policies are compatible with current best practices in public key infrastructure (PKI) and proposed Gatekeeper reforms.
The project is a timely consideration of digital identity for lawyers and considers:
- Digital signature certificates and Electronic Signatures
- Public Key Infrastructure (PKI)
- Smart Cards
- Impact of GateKeeper reforms
- Electronic conveyancing
- Electronic Court Lodgement
Related links:
- Read more about Law Society of NSW projects »
- Read more about Department of Industry, Tourism and Resources projects »
Galexia to develop Privacy Impact Assessment (PIA) for Government employees in Australia - January 2006
|
Galexia has won a competitive tender to work with AGIMO, the Australian Government Information Management Office to conduct a Privacy Impact Assessment (PIA) on their Identity Management for Government Employees (IMAGE) Framework. AGIMO, the governmental arm that deals with the delivery of public services by utilising ICT, aims to provide infrastructure, protocols, policy and work practices that will allow government agencies to efficiently manage the identities of their employees and contractors.
As well as a PIA, Galexia will be working closely with AGIMO to develop a Privacy Management Strategy (PMS) for IMAGE to provide a consistent, transparent identity management system across the Australian Government public services sector.
The goal of this project and resulting framework is to build trust across agencies and facilitate confidence in the associated identification credentials.
Related links:
AUSTROADS engages Galexia for a risk management framework on national vehicle database - January 2006
|
Galexia has been commissioned to assist the association of Australian and New Zealand road and transport authorities (AUSTROADS), with a proposed expansion of third-party access to information held in the National Exchange Of Vehicle And Driver Information System (NEVDIS) database. Galexia’s role is to provide strategic privacy advice and a risk management framework. This project is an extension of previous Galexia work for AUSTROADS, and is a joint undertaking with Doll Martin Associates.
Related links:
Galexia complete Cyberlaws Survey in ASEAN - January 2006
|
Galexia has completed a review of cyberlaws in ASEAN which presented data and examined the coverage of cyberlaws in ASEAN. The Cyberlaws Analysis supports material published as part of the ASEAN E-Commerce Project and provides information on existing and planned cyberlaw developments in ASEAN member countries. This paper has been created to assist ASEAN understand how e-commerce law ‘fits in’ to the broader context of cyberspace laws.
This analysis is also designed to assist the ASEAN E-Commerce and ICT Trade Facilitation Working Group in its consideration of the cyberlaw needs of ASEAN. It examines cyberlaws that have been enacted in all ASEAN member countries, both from an ASEAN-wide perspective and on a county-by-country basis and contains a number of conclusions and findings on the status of cyberlaw regulation in ASEAN.
The analysis examines the following cyberlaws, in each of the ASEAN jurisdictions:
- Consumer protection;
- Privacy and data protection;
- Cybercrime;
- Spam;
- Online content regulation;
- Digital copyright;
- Domain name regulation;
- Electronic contracting; and
- Dispute resolution.
Related links:
Fifth ASEAN E-Commerce harmonisation workshop in Singapore - December 2005
|
Continuing Galexia’s series of international workshops on the ‘Harmonisation of Legal Infrastructure for E-Commerce in ASEAN’ project, Galexia co-ordinated a fifth workshop (W5) in Singapore in December 2005. The workshop brought together high-level representatives from ASEAN member countries to facilitate the practical implementation of a harmonised e-commerce legal infrastructure in the region.
The workshop was attended by over 35 delegates from member countries throughout ASEAN, and a number of high-profile guest speakers. In facilitating the practical implementation of the harmonised e-commerce legal infrastructure, training and capacity building sessions were conducted on:
- Drafting and implementing e-commerce laws and regulations;
- Managing e-commerce law and exemptions;
- Making e-commerce laws accessible to business and the public;
- Relevant international instruments (eg The UNCITRAL Convention on Electronic Contracting);
- Recognition of digital signatures, including recognition of foreign digital signatures;
- PKI regulation, licensing and accreditation; and
- Business perspectives on e-commerce law.
The UNCITRAL Convention on Electronic Contracting
A keynote presentation was made at the workshop by Mr. Jeffrey Chan Wah Teck, Principal Senior State Counsel, Civil Division Attorney-General's Chambers (AGC) Singapore. Jeffrey Chan is the current Vice-Chair and former Chair of the UNCITRAL General Assembly. He also chaired the UNCITRAL Electronic Commerce Working Group during the development of the UNCITRAL Convention on Electronic Contracting.
The presentation emphasised the salient features of the Convention, how the Convention alters existing international law, and the likely impact of the Convention. Skills emphasising practical considerations involved with implementing the Convention into domestic law were also developed in an interactive break-out session.
Guest Presenters at the Singapore Workshop (W5)
Guest presenters, Mr Ken Chia and Mr Kenneth Lim, were organised by Galexia to provide participants with first-hand knowledge of recent developments in APEC and the ASIA PKI Forum.
Mr Chia presented on the regional context of e-commerce laws including the need to keep e-commerce laws up-to-date through regular reviews of electronic transactions legislation.
Mr Lim’s presentation focused on the commercial deployment of PKI, including using PKI as a tool for trade facilitation.
The workshop was a highly successful conclusion to the project and delegates were provided with material that provided on going assistance in their efforts to integrate into a single online market.
This workshop marks the conclusion of a two year project conducted by Galexia to to assist ASEAN to integrate into one market for goods, services and investment by the establishment of a harmonised legal, regulatory and institutional environment for e-commerce. It will be followed by a one-year project extension that will assist ASEAN develop and implement harmonised legal infrastructures for electronic contracting and online dispute resolution
Guest Presenters and Galexians (left to right) Peter van Dijk (Galexia), Ken Chia (Baker & McKenzie, Wong & Leow Lawyers, Singapore), Chris Connolly (Galexia) and Jeffrey Chan (Attorney-General's Chambers, Singapore) |
Galexia presentation Chris Connolly (Galexia) and Peter van Dijk (Galexia) |
Galexia presents gift to guest presenter, Kenneth Lim Chris Connolly (Galexia), Peter van Dijk (Galexia) and Kenneth Lim (CrimsonLogic, Singapore) |
Guest presentation by Ken Chia Ken Chia (Baker & McKenzie, Wong & Leow Lawyers, Singapore) |
Related links:
AGIMO develops out e-Authentication Framework to individuals - December 2005
|
On the 5th of December 2005, the Special Minister of State, Eric Abetz announced the proposed extension of the Australian Government e-Authentication Framework to individuals. The original Framework was used to facilitate and manage the risks involved with the electronic transactions between business and government via the use of electronic authentication. It constituted a whole-of-government approach to managing these risks, as first acknowledged by the Australian Government Information Management Office (AGIMO). By extending AGAF to individuals, (hence AGAF(I)), simple transactions such as change of address or name could be spread throughout all government organisations from a central point without having to individually notify them all. It is hoped that the use of electronic channels would provide greater convenience to individuals and value for money for the community. As noted by AGIMO, the convenience of replacing multiple transactions with different agencies with one transaction is appealing, as long as individuals’ privacy is protected.
Whilst in the past, the Framework was limited to bilateral transactions between business and government, the roll-out to individuals is seen as a far more important and arguably from a privacy point of view, problematic extension. Issues such as function creep, the access or modification of personal information in transit, or the solicitation of personal information constitute a far greater risk when dealing with individuals. The sheer number of possible transactions and the ability to gain access to higher levels of personal information once simple information is found, either by way of brute force, or social engineering attacks increases security risks. This is also compounded when one takes into account the fact that individuals might be less vigilant when choosing or withholding passwords than a business may be. To counter these problems, in the lead up to the discussion paper AGIMO convened a Privacy Impact Assessment Consultative Group (consisting of privacy and public policy advocates) to explore privacy issues around e-authentication.
AGIMO has released a discussion paper in order to outline the proposal generally, as well as to inform the public of the their ability to share their views on the appropriateness of the framework. Issues such as user control, risk apportionment, infrastructure and potential services are also discussed. The paper also offers an interesting analysis of other e-authentication frameworks throughout out the world and compares and contrasts the salient privacy features of each. Among these are the Canadian Authentication principles, the New Zealand Policy and Implementation Principles for online authentication and the Microsoft Laws of Identity.
Related links:
Galexia presents at CSIRO Science Policy Workshop - November 2005
|
Galexia directors Peter van Dijk and Chris Connolly presented at the CSIRO Science Policy Workshop in Canberra in late November 2005. The Workshop is an annual event discussing potential links between CSIRO scientific research and Australian Government policy initiatives.
Galexia presented on privacy and ethical issues in human data research, accompanied by presentations from Dr Richard Head from CSIRO and Professor Donald Chalmers, Dean of the Faculty of Law at the University of Tasmania. Galexia’s topic ‘Privacy and Research’ looked at the common public perceptions of privacy in Australia and the impact these community perceptions may have on health research in the future.
Related links:
Galexia publishes article on the Montreux Declaration - November 2005
|
Privacy commissioners around the world have called for the United Nations to prepare a convention on data protection. The proposed convention will recognise the universal nature of data protection and privacy rights and will seek to overcome the inconsistencies and barriers to cross-border information exchanges created by inconsistent data protection regimes.
The proposals for a universal privacy convention were made following the 27th International Conference of Data Protection and Privacy Commissioners (Montreux, Switzerland, 14-16 September 2005).
The Montreux Declaration recognises the increasing cross-border context surrounding data exchange; the disparity in national and regional data protection regimes; and the protection of privacy as a fundamental human right and recommended the creation of a convention to strengthen the universal character of data protection principles.
This article includes detailed information about the Declaration and the proposal for an international convention. This article also considers other international and regional efforts aimed at promoting harmonisation of privacy laws and the potential impact of a UN data protection privacy convention.
Related links:
Galexia to publish article on the UNCITRAL Convention on Electronic Contracting - November 2005
|
An article on the UNCITRAL Convention on electronic contracting by Chris Connolly and Prashanti Ravindra will soon be published in the Computer Law and Security Report. The article is due to be published in late 2005 or early 2006.
Related links:
CSIRO P-Health Flagship engages Galexia in analysis of privacy and trust issues in the use of health data in research - August 2005
|
Following a competitive tender, CSIRO engaged Galexia to analyse privacy and trust issues in the use of health data in research and in applications in clinical settings.
This analysis considers new technology products in the identity management and authentication space, including strategic advice on the commercialisation of products developed by CSIRO -- for example, Privacy Preserving Analytics (PPA).
This work is being undertaken for the CSIRO Preventative Health National Research Flagship. This Flagship Programme has recognised that the appropriate collection, linking, interrogation and management of data will play a vital role in facilitating healthier, more productive lives for Australians. However, the analysis of linked population, clinical and genetic health databases raises privacy, confidentiality, and potentially ethical concerns.
Related links:
Galexia commissioned to conduct a survey of ASEAN Cyberlaws - August 2005
|
Galexia has been commissioned to conduct a Survey of Cyberlaws in ASEAN and to produce a “gap analysis” which would be published as a report for member countries.
Potential Cyberlaws to be discussed include:
- Consumer protection;
- Privacy and data protection;
- Cybercrime;
- Spam;
- Online content regulation;
- Digital copyright;
- Domain name regulation;
- Electronic contracting; and
- Dispute resolution.
This project is funded by the ASEAN Australia Development Cooperation Program (AADCP) - Program Stream. AADCP is funded by the Australian Government, through AusAID and implemented in close collaboration with the ASEAN Secretariat and is managed by ACIL Australia Pty Ltd.
Related links:
Malaysian Minister announce new E-Commerce Laws at Galexia Workshop - July 2005
|
Continuing Galexia’s series of international workshops on the ‘Harmonisation of Legal Infrastructure for E-Commerce in ASEAN’ project, Galexia co-ordinated a fourth workshop in Malaysia in July 2005. The workshop brought together high-level representatives from ASEAN member countries to discuss the implementation of e-commerce legal harmonisation for the region.
The Malaysian Ministry for Domestic Trade and Consumer Affairs were the hosts for the workshop. The Minister (Hon. Datuk Shafie Apdal) opened the workshop and announced the progress of e-commerce and e-government legal infrastructure in Malaysia.
This event was well attended by the press and television. Following the opening address the Minister conducted a press conference and subsequently there was coverage in the newspapers and on television news.
Related links:
- Download speeches and media coverage » [PDF, 13 pages, 1.3MB]
- Read more about the ASEAN E-Commerce project »
Fourth ASEAN E-Commerce harmonisation workshop in Malaysia - July 2005
|
Continuing Galexia’s series of international workshops on the ‘Harmonisation of Legal Infrastructure for E-Commerce in ASEAN’ project, Galexia co-ordinated a fourth workshop in Malaysia in July 2005. The workshop brought together high-level representatives from ASEAN member countries to discuss the implementation of e-commerce legal harmonisation for the region.
This Workshop was a gathering of around 35 delegates (including more than 31 from ASEAN, 2 from ASEC and 1 expert speaker) and technical experts to discuss many important aspects of the Project:
- Recent developments in member countries in improving e-commerce legal infrastructure;
- The meeting of the ASEAN Working Group on E-Commerce and ICT Trade Facilitation (Myanmar, 5 July 2005);
- A report from UNCITRAL on the final consideration of the Convention on Electronic Contracting (Vienna, 4-15 July 2005);
- Reports from other international developments, including the recent meeting of the ASIA PKI Forum (Singapore, 6 July 2005);
- Consideration of the draft content of the Generic Implementation Guide; and
- Consideration of the template for the Country Implementation Guides.
The objective of this Workshop (W4) was to help ASEAN and the Galexia E-Commerce Project team to further develop the content of the Generic Implementation Guide (GG1) and seek member country input and advise on the content and structure of the Country Specific Implementation Guides (CG1-10).
Workshop content included the presentation of material and updates on national, regional and international initiatives including an extended presentation on the final text of the UNCITRAL draft convention, and a detailed examination of the Generic Implementation Guide (GG1) and the Survey on Implementation Issues and Constraints for a Harmonised E-Commerce Legal Infrastructure in ASEAN (S2) results.
Related links:
Digital credentials for the legal profession - July 2005
|
Galexia won a competitive tender to provide business analysis, research and advice in the development of digital credentials for the legal profession in NSW and Australia.
This has been commissioned by the Law Society of NSW and the Commonwealth Department of Industry, Tourism and Resources (DITR).
Related links:
Presentation at Asia PKI Forum in Singapore - July 2005
Galexia Director, Chris Connolly, made a presentation to the quarterly meeting of the ASIA PKI Forum in Singapore. The meeting was well attended and Chris discussed various e-commerce legal issues, PKI interoperability and the ASEAN E-Commerce Project.
- For more information, visit: <http://www.asia-pkiforum.org/>
- Read more about the ASEAN E-Commerce project »
Workshop on 'Privacy Management Strategies for Local Government' - July 2005
|
Galexia delivered a presentation at the advanced workshop 'Privacy Management Strategies for Local Government'.
The presentation Managing Privacy Responsibilities: Privacy Impact Assessments outlined a number of issues and challenges in handling new technology from a privacy management standpoint. The presentation also delved into the management of privacy by looking closely at Privacy Impact Assessments (PIAs) and Privacy Management Strategy (PMS).
Related links:
Galexia publishes article on the US Real ID Act - June 2005
|
Identity fraud and identity theft are major issues in Internet regulation. They have become the major focus of cyber crime initiatives and debate. Legislation has recently been passed in the US that critics say will create a de facto national ID card. Backed by the REAL ID Act of 2005, the US will soon bring into place massive reforms to standardise driver’s licenses and personal identification cards, effectively paving the way for a system of national identification.
This article describes the key aspects of the US REAL ID Act and some of the controversy that has surrounded this proposal. The article concludes with an examination of the potential impact of this development in Australia.
Related links:
Patient privacy and security - June 2005
|
Chris Connolly, Elizabeth Denny-Wilson and Stephen Wilson will have an article published in the Journal of the Australian Epidemiology Association on ‘Patient Privacy and Security - Not a zero sum game!’. The article is due to be published in June 2005.
Related links:
Galexia participates in 2005 Australian Mission to the Asian Development Bank - March 2005
Galexia attended 2005 Australian Trade Mission to the Asian Development Bank in Manilla, Philippines in March 2005.
Related links:
Biometrics and Privacy - March 2005
|
Galexia has provided strategic privacy advice to a major government agency on the design and implementation of biometric identity solutions.
Related links:
Remaining legal barriers to the use of digital signatures in Australia - March 2005
|
Chris Connolly, Director of Galexia, presented to the Gatekeeper Policy Advisory Committee (GPAC) on “Remaining legal barriers to the use of digital signatures in Australia”. GPAC is made up of government agency directors and industry association representatives and advises the Australian Government Information Management Office on PKI.
Related links:
- Fantastic Beasts and Where to Find Them - A Guide to Exemptions in the Electronic Transactions Act (ETA) in Australia »
- Read more on Galexia’s published works »
Galexia publishes article on PKI Interoperability - February 2005
|
As a vital aspect of e-commerce regulation and security, PKI policy analysis and development is one of Galexia’s core skills. But rather than touting PKI as a panacea for electronic systems all over the globe, Galexia appreciates that at this early stage only very specific markets have the need and desire to implement a PKI.
This article considers how PKI systems can advance from that ‘localised’ stage to become interoperable - where necessary - and enable the wide authentication that has been promised for so long. It looks at both the theoretical and more practical models that have been suggested as approaches to the problem.
Related links:
Third ASEAN E-Commerce harmonisation workshop in Cambodia - February 2005
Following on from the success of the previous workshops for the ‘Harmonisation of Legal Infrastructure for E-Commerce in ASEAN’ project in 2004, Galexia hosted a third workshop in Siem Reap, Cambodia in February 2005. The workshop brought together high-level representatives from ASEAN member countries to discuss options for harmonisation and many other important aspects of the Project, including:
- Developments since the E-Commerce Project Bangkok Workshop (W2). For example, reaffirmation at the Vientiane ASEAN Summit of e-ASEAN as a priority sector and developments with the UNCITRAL Draft Convention on Electronic Contracting;
- Update on developments in ASEAN member countries since the Bangkok Workshop;
- Consideration of options for a harmonised e-commerce legal infrastructure;
- The technical recommendation of the E-Commerce Project Participants on a preferred option for harmonisation; and
- Discussion and confirmation of steps required to achieve consensus on a preferred option in ASEAN.
In addition to the substantive content of the workshop a number of social activities were organised by Galexia. This included:
- Welcome Dinner with Cultural Entertainment
Delegates who attended the Project Workshop were invited to attend a Welcome Dinner with Cultural Entertainment hosted by Galexia. This dinner and cultural entertainment (Cambodian classical dancing) was held at a prominent Siem Reap hotel. The event was enjoyed by all and was a successful networking and team-bonding event. - Tour of Angkor Wat Temple Complex
Delegates who attended the Project Workshop were also invited to attend a half-day tour of the Angkor Wat Temple complex. Delegates participated in guided tours of the Angkor Wat and Angkor Thom temples. The event provided more successful networking and team building opportunities.
Related links:
The UN Convention on Electronic Contracting - January 2005
|
Galexia conducts a wide range of strategic projects on e-commerce law in Australia and the region, and the new Convention on electronic contracting is of particular importance in this area.
The United Nations Commission on International Trade Law (UNCITRAL) Draft Convention on the use of electronic communications in international contracts is one of the most significant recent developments in international electronic commerce law. UNCITRAL has now finalised the text of the convention and expects to discuss approval of the Draft Convention at a full Commission meeting in mid 2005. The Draft Convention could then be presented to the UN General Assembly and may be open for ratification by the end of 2005 or early 2006.
Related links:
ASEAN Prioritises E-Commerce Integration - November 2004
29th November 2004 - At the 10th ASEAN Summit in Vientiane, Laos, the ASEAN leaders have agreed to accelerate the integration of 11 priority sectors, including the e-commerce 'e-ASEAN' initiative, reaffirming ASEAN’s commitment to fast track the integration towards the ASEAN Economic Community (AEC) that ASEAN Leaders agreed to establish by 2020. The AEC is envisaged as a single market and production base with free flow of goods, services, investment, skilled labour and freer flow of capital.
The 11 priority sectors accounted for more than 50% of intra-ASEAN trade in 2003. In value terms, the priority sectors contributed US$48.4 billion and US$43.4 billion of intra-ASEAN exports and imports, respectively, in 2003.
Attached to each protocol is a roadmap to serve as the basis for economic integration of each of the priority sectors. These roadmaps were prepared with active involvement of the private sector. The roadmap includes specific measures that are of direct relevance to each sector, as well as common measures that cut across all priority integration sectors to be implemented with timelines from now on to the year 2010. For example, relevant to e-ASEAN, product standards and technical regulations will be harmonised to reduce the transaction costs of doing business in ASEAN.
Galexia's work on e-commerce legal infrastructure harmonisation forms a vital part of this initiative. Read more about the ASEAN E-Commerce project »
Overview of E-Commerce Legal Infrastructure - October 2004
The development and implementation of a harmonised legal infrastructure for e-commerce can facilitate the development of e-commerce by providing parties with certainty that their transactions will be recognised in multiple jurisdictions. This paper provides an overview of the requirements for establishing a successful E-Commerce Legal Infrastructure.
Related links:
Second ASEAN E-Commerce harmonisation workshop in Bangkok - October 2004
Following on from the successful first workshop for the ‘Harmonisation of Legal Infrastructure for E-Commerce in ASEAN’ project in May 2004, Galexia hosted a second workshop in Bangkok, Thailand in October 2004. The workshop brought together high-level representatives from ASEAN member countries to discuss options for harmonisation.
Related links:
Galexia presented at APEC TEL 30 - September 2004
Galexia made a presentation to the 30th meeting of the Asia-Pacific Economic Co-operation Telecommunications & Information Working Group (APEC TEL WG), in Singapore in September 2004.
The presentation, for the e-Security Task Group of APEC TEL WG, was on the harmonisation of e-commerce laws in ASEAN.
Related links:
External links:
Exemptions in the Australian Electronic Transactions Act - September 2004
|
This article provides an overview of the Commonwealth Electronic Transactions Act (ETA) and the eight State and Territory ETAs in Australia. It focuses on the many exemptions and how to find them.
This is an important area of law for many new technology implementations involving electronic communication. If a particular transaction is exempt from the ETA in one or more jurisdictions, this can present a significant barrier to the use of electronic communication. For example, a wholly electronic process for selling consumer credit products is not viable in many Australian jurisdictions, because consumer credit laws requiring hard copy disclosure documents are exempted from the relevant ETAs.
Identifying and locating the relevant ETA exemption can be a difficult and time-consuming task. This article provides some guidance through the ETA maze, and includes an appendix listing common exemptions and their location.
Related links:
Galexia's Commonwealth Endorsed Supplier Arrangement extended to 2007 - August 2004
Galexia’s Endorsed Supplier Arrangement (ESA) with the Australian Government has been extended to September 2007.
Related links:
Galexia develops and hosts course materials for Electronic Commerce Law - August 2004
|
Galexia has developed materials for the University of NSW course on Electronic Commerce Law (2004). This is available as an updated extranet for course participants.
- 00 - Briefing Notes
- 01 - Course Timetable
- 02 - Regulatory Structure
- 03 - Jurisdiction Overview
- 04 - Jurisdiction Cases
- 05 - Online Contracts Australia
- 06 - Online Contracts International
- 06A - Other International Developments
- 07 - Authentication
- 08 - ASEAN Case Study
- 09 - Electronic Commerce - ODR
- 10 - Online Business Conduct
- 11 - Cybercrime
- 12 - Payment Systems
Galexia has also developed and hosts course materials on Cyberspace Law. Read more »
Galexia publishes article on Managing Consent in a Multidisciplinary Team Environment - June 2004
This article examines the issue of Managing Patient Consent to the use and disclosure of personal information in a Multidisciplinary Team Environment. It reviews the recent NSW Administrative Decisions Tribunal decision in KJ v Wentworth Area Health Service and considers the future of privacy law and practice in this field.
This paper is available in the following formats from <http://www.galexia.com/>:
Read more on Galexia’s published works »
Galexia at the inaugural Asian Law Institute (ASLI) conference - May 2004
The ASLI inaugural conference topic was ‘The Role of Law in a Developing Asia’ and was hosted by the Faculty of Law, National University of Singapore, on 27 and 28 May 2004. The conference covered a number of contemporary issues on Asian law, including, constitutional reform, the administration of justice, Asian legal traditions, international trade and investment, cross-border crime, the harmonisation of commercial law in Asia and intellectual property protection in Asia.
Galexia team members were involved in a number of presentations:
- Chris Connolly from Galexia presented a paper Harmonisation of Electronic Commerce Legal Infrastructure in ASEAN countries.
- Galexia project partner, Adrian Lawrence (Baker & McKenzie, Sydney) presented a joint paper on Legal Challenges in cross-border electronic transactions.
- Galexia Associate, Yee Fen Lim, presented a paper on A Comparative Analysis of PKI Regimes in Asian Jurisdictions.
Related links:
External links:
Galexia presents on Legal and Privacy Issues in e-Government - May 2004
Galexia participated in The Business e-Volution of Government (Conference and e-Government Expo) on 26 and 27 May 2004, organised by the Australian Government Information Management Office (AGIMO) and Institute of Public Administration (IPAA) Act Division
Galexia presented a paper Managing privacy in identity management - the way forward. This paper examines the question: How can privacy risks be understood and managed within large-scale identity management systems? This paper is published in the IPAA/AGIMO e-Government Research Papers, which was launched at the conference.
Additionally, Galexia participated in the panel discussion on Legal and Privacy Issues in e-Government
Related links:
External links:
Galexia holds first workshop on ASEAN e-commerce harmonisation in Singapore - May 2004
As part of the ongoing Harmonisation of Legal Infrastructure for E-Commerce in ASEAN project, Galexia hosted the project’s first workshop in Singapore on May 26.
The meeting brought together high-level representatives from Brunei, Cambodia, Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam, as well as representatives of the ASEAN Secretariat and Galexia’s own team of experts, to discuss current frameworks for digital signatures and e-transactions, and consider the way forward for the project.
Related links:
Federal Court injunction obtained under Privacy Act - May 2004
In a highly significant legal development affecting many of Galexia’s clients, the Federal Court has granted a permanent injunction under section 98 of the Privacy Act 1988 (Cth).
In the case of Seven Network (Operations) Limited v Media Entertainment and Arts Alliance [2004] FCA 637 (21 May 2004), Seven Network was seeking to restrain the MEAA (a union that represented Seven employees) from using a company phone directory. The MEAA had already used the directory to conduct a phone poll of Seven employees regarding an enterprise agreement that Seven Network was offering directly to its workers. Negotiations over the agreement with the MEAA had previously broken down.
Justice Gyles rejected MEAA’s argument that only the Federal Privacy Commissioner, and not the Federal Court, could grant injunctions under the Privacy Act.
Related links:
External links:
Committee for Economic Development of Australia (CEDA) - E-Commerce - Pausing for Breath, Maximising Financial Returns & Managing Risks - April 2004
Seminar topic: ‘E-Commerce - Pausing for Breath, Maximising Financial Returns & Managing Risks’ for the Committee for Economic Development of Australia (CEDA). The speech will cover a variety of current issues in IT and business management
Date: 2 April 2004
Presenters:
- Chris Connolly, Director, Galexia
- Peter van Dijk, Director, Galexia
- Matthew Hall, Partner, Phillips Fox.
Venue: CEDA Boardroom, Sydney. Level 9, 275 George St Sydney, NSW 1043
Audience: CEDA Member Company Representatives and Guests Only
About CEDA: The Committee for Economic Development of Australia (CEDA) is Australia’s leading business think tank. It regularly hosts presentations by the country’s economic and political leaders and its research has significant influence and media coverage.
Related links:
External links:
Galexia to assist ASEAN harmonise electronic commerce - March 2004
|
Galexia has won a competitive tender for a groundbreaking two-year project that will streamline electronic commerce in South East Asian nations.
Galexia is partnering with global law firm Baker & McKenzie to develop and implement a harmonised legal infrastructure for electronic commerce in ASEAN (Association of South East Asian Nations: Brunei Darussalam, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam).
The goal of the project is to assist ASEAN to integrate into one market for goods, services and investment by the establishment of a harmonised legal, regulatory and institutional environment for e-commerce. Additionally, there is an opportunity for some of the developing nations within ASEAN to ‘leap-frog’ paper based commerce and develop more efficient electronic transactions for cross-border trade. The project is the first of its kind to be conducted in the Asia Pacific region, and is second only to the European Union in its approach to legislatively facilitate borderless electronic transactions across a group of nations.
This project is funded by the ASEAN Australia Development Cooperation Program (AADCP) - Program Stream. AADCP is funded by the Australian Government, through AusAID and implemented in close collaboration with the ASEAN Secretariat and is managed by ACIL Australia Pty Ltd.
e-ASEAN Framework
The e-ASEAN framework agreement states that members shall ‘adopt electronic commerce regulatory and legislative frameworks that create trust and confidence for consumers and facilitate the transformation of businesses towards the development of e-ASEAN’.
It is envisaged the legal infrastructure may take the form of a regionally agreed model for consistent national laws supported by an appropriate infrastructure that will legally recognise the effectiveness of online transactions and facilitate their enforceability.
A harmonised legal infrastructure presents a great opportunity for technological and commercial advancement. The agreed framework and resulting laws will underpin increasing confidence in and use of electronic commerce by businesses, governments and consumers, both within and beyond ASEAN. To be effective beyond ASEAN the framework will reflect the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce (1996) and the UNCITRAL Model Law on Electronic Signatures (2001).
Case study (2008)
Galexia has completed a case study of the Harmonisation of E-Commerce Legal Infrastructure in ASEAN project. The case study illustrates the progress made during the four years of the program (2004-2008), with eight of the ten ASEAN Member Countries having enacted e-commerce laws, and the remaining two having draft laws.
Project Extension (2006)
In January 2006, Galexia won the opportunity to work further in the ASEAN region by undertaking work to provide an extension to the ASEAN project. This project extension will focus on harmonising electronic contracting and Online Dispute Resolution legal infrastructures in the region.
The goal of the project is to assist ASEAN to integrate into one market for goods, services and investment by the establishment of a harmonised legal, regulatory and institutional environment for electronic contracting and dispute resolution. The development and implementation of harmonised legal infrastructures for electronic contracting and dispute resolution will facilitate the development of e-commerce by providing users with common methods for completing electronic contracting steps, and a common framework for resolving electronic commerce disputes.
The project will produce the following outputs:
- A compilation of discussion papers focussing on ASEAN and international developments in electronic contracting, Online Dispute Resolution and jurisdiction of legal frameworks;
- Conducting surveys on the electronic contracting and Online Dispute Resolution legal landscapes in ASEAN member countries;
- The development of a proposed framework for harmonised legal infrastructure for electronic contracting and dispute resolution; and
- The compilation of implementation guides to support the proposed framework.
UNCITRAL Convention of Electronic Contracting (2005)
The United Nations Commission on International Trade Law (UNCITRAL) has finalised its Convention on electronic contracting following over three years of deliberations. The Convention has been formally titled the Convention on the use of electronic communications in international contracts. It will be presented at the UN General Assembly meeting later this year, where if adopted it will become the first UN Convention addressing legal issues created by the digital environment.
The UNCITRAL Convention seeks to enhance the legal certainty and commercial predictability of international electronic transactions by setting out a number of interpretive rules for the use of electronic communications in negotiating and forming contracts.
The new Convention is likely to establish a default standard for electronic transactions. Even if a country does not ratify the Convention (once it is brought into force) it will still influence the terms of a transaction; particularly where the other contracting party is from a country that is a signatory to the Convention.
The Convention on electronic contracting also seeks to harmonise national law regarding how electronic contracts can be made. Harmonised domestic legislation will overcome the legal uncertainty in international business transactions where contracting parties are from different countries. A more certain legal environment will increase confidence in conducting electronic transactions, and in turn participation in e-commerce.
The Convention follows on from earlier work of the UNCITRAL Working Group on Electronic Commerce who released the Model Law on Electronic Commerce in 1996 and the Model Law on Electronic Signatures in 2001 (see below).
UNCITRAL Model Law on Electronic Signatures (2001)
It is intended that Model Law on Electronic Signatures (2001) will operate as a supplement, or an extension to the Model Law on Electronic Commerce (1996).
Despite the wider adoption of the Model Law on Electronic Commerce, within ASEAN the Model Law on Electronic Signatures has only been adopted by Thailand.
Thailand enacted dedicated electronic commerce legislation in 2001 at which point it was convenient to incorporate both the 2001 and 1996 Model Laws. By this time other nations had enacted electronic commerce legislation based on the 1996 UNCITRAL Model Law, and have generally not made any subsequent alterations to their domestic legislation. There are a few countries that have adopted the Electronic Commerce Model Law after 2001 without adopting the Model Law on Electronic Signatures.
In the interests of promoting party autonomy many provisions of UNCITRAL’s Model Law on Electronic Signatures (2001) can be contracted out of or varied by the mutual agreement of the parties. A flexible and expansive approach helps to facilitate the development of new techniques and technologies.
The Model Law on Electronic Signatures also promotes the same functional and media neutrality of its 1996 predecessor by providing that electronic signatures in any form should be treated equally provided they meet the minium functional specifications required to guarantee the signature’s integrity.
Generally, the Model Law on Electronic Signatures provides a broad legislative framework of sufficient detail to enable national governments to fill in the procedural ‘blanks’ needed to tailor the legislation to their national circumstances.
UNCITRAL Model Law on Electronic Commerce (1996)
The Model Law on Electronic Commerce is based on two principles:
1. Functional equivalence - paper documents and electronic transactions are treated equally by the law (Article 5); and
2. Media neutrality - the law does not discriminate between different forms of technology (Article 1 read with Article 2(a)).
These two principles are pivotal in ensuring that electronic transactions receive universal recognition. Transparency and predictability are the other desirable qualities in electronic commerce legislation - these will minimise legal uncertainty between contracting parties.
Existing laws in Singapore, the Philippines, Brunei and Thailand, are to a large extent based on the UNCITRAL Model Law on Electronic Commerce.
Website links
Australian Agency for International Development (AusAID)
|
ASEAN Secretariat (Jakarta) |
ASEAN Australia Development Cooperation Program (AADCP) |
About Galexia
Galexia has expertise and experience in all aspects of electronic commerce law and provides expert analysis of PKI, authentication and digital signature regulatory issues to a range of local and international clients.
The Galexia team matches project management experience with legal expertise and technical understanding.
For more information
Galexia delivers specialist management consulting services to our clients. Galexia has expert consultants in privacy, authentication, electronic commerce and new technology. We leverage our legal, business and technical knowledge to deliver successful business strategies to a diverse range of clients.
Our focus is on research, strategy and advice on electronic commerce, digital signatures, identification, authentication, security and privacy in Australia and the Asia Pacific.
- Galexia (Chris Connolly or Peter van Dijk)
http://www.galexia.com/
Phone: +61 2 9555 5666
Cardno ACIL Australia is the ASEAN Australia Development Cooperation Program (AADCP) Program Stream manager
- Cardno ACIL Australia (Sue Majid)
http://www.acil.com.au
Phone: +61 3 9819 2877
This project is funded by the ASEAN Australia Development Cooperation Program (AADCP) - Program Stream. AADCP is funded by the Australian Government, through AusAID and implemented in close collaboration with the ASEAN Secretariat and is managed by Cardno Acil Pty Ltd.
|
Enhanced data security and customer understanding through identity and access management - March 2004
|
Galexia lead a workshop on Building privacy into identity management solutions.
This workshop covered how to ensure that privacy compliance and privacy expectations are managed within an identity management strategy, including an overview of Federated Identity solutions.
Part 1 - Recognising the importance of privacy issues within identity management strategies
- Overview of the relevant legal requirements;
- Current privacy expectations in the community;
- Conducting Privacy Impact Assessments (PIA); and
- Benefits of building privacy into the strategy from the outset.
Part 2 - Privacy design issues in identity management
- Overview of the Privacy Management Lifecycle
- Developing Privacy Management Strategies;
- Exploring Federated Identity;
- Adopting appropriate industry standards - Liberty Alliance / WS-Federation;
- Technical Q & A on network identity; and
- Considering alternative identity structures - e.g. brokered identity.
Case studies
The workshop included three detailed case studies:
- Whole of sector electronic authentication strategy for the Australian Vocational Education and Training sector;
- Liberty Alliance or WS-Federation - emerging standards for Federated Identity; and
- Reach - Ireland’s brokered identity solution.
Galexia continues to conduct research on distributed identity systems. Read more »
Go to the IQPC identity management conference website »
Read more about the IQPC project »
Galexia completes a strategic consultancy on a national health identifier for the Commonwealth Department of Health and Ageing - February 2004
In 2004 Galexia completed a significant project on identity management in the health sector.
The Commonwealth Department of Health and the Ageing commissioned Galexia to produce a strategic issues paper on a "National Health Identifier".
The paper was completed in February 2004 and is the subject of consideration by the Australian Health Information Council and the National Health Information Group. The project involved national and international research, consultation with government and non-government stakeholders and the development of findings and recommendations.
Galexia conference presentation on health identity management - March 2004
Galexia director Chris Connolly has presented a paper on identity management in the health sector to the International Quality and Productivity Centre (IQPC) conference on Identity and Access Management.
The paper considered the potential uses and benefits of broad schemes for health information, as well as looking at community attitudes to new systems. It also assessed current implementations both within Australia and overseas.
Go to the IQPC identity management conference website »
Galexia's Representative Complaints paper to appear in Privacy Law & Policy Review - February 2004
The Privacy Law & Policy Reporter (PLPR), Australia’s leading legal journal on privacy law, will be publishing a version of Galexia’s article Representative complaints - a new approach to making privacy laws work for consumers in issue 10.9.
The article, written by director Chris Connolly and researcher Nawaz Isaji, looks at a number of legal approaches in different jurisdictions to handling privacy class actions and complaints made on behalf of individual privacy victims (who often wish to remain anonymous).
Baker and McKenzie Cyberspace Law and Policy Centre (CLE Series 2003) - Online contracts: Banking, finance and insurance - December 2003
Chris Connolly presented on ‘Best practice in the formation Online consumer finance and insurance contracts’.
The issues surrounding the online creation of insurance and finance contracts, including disclosure, non-repudiation, independent advice and the broad policy settings for consumer protection in electronic commerce will be examined.
Read more about Baker and McKenzie projects »
Baker and McKenzie Cyberspace Law and Policy Centre (CLE Series 2003) - Privacy Complaints: How to Get a Win for Your Client (Making Privacy Laws Work) - December 2003
Chris Connolly presented on ‘Representative privacy complaints and class actions’.
There is a growing trend to pursue privacy breaches through representative organisations, or as a part of a class of affected persons. This looks at the benefits of representative complaints, recent Australian and international case studies, tactics and procedural issues.
In September 2003 Galexia published a survey of Australian and international privacy laws that allow class actions and representative complaints to be made.
Australian Telecommunications Industry Ombudsman (TIO) Conference - Convergence: Redrawing the Boundaries - December 2003
Chris Connolly presented on ‘Managing Convergence in Telecommunications and Financial Services’.
Go to the TIO conference website »
Galexia's Privacy Management Strategy (PMS) for New Queensland Smart Card Driver Licence released - September 2003
|
In March 2003 Galexia completed the Privacy Management Strategy (PMS) for Queensland Transport on the proposed Queensland Smart Card Driver Licence. In September 2003 this was released to the public as part of a formal consultation process.
This Privacy Management Strategy (PMS) covers a wide range of technical and legal issues and proposes short, medium and long-term measures for ensuring that privacy issues are managed in the proposed roll-out of the new licence.
Download the Privacy management Strategy from the New Queensland driver licence web site:
Read more about Queensland Transport projects »
Case studies on distributed identity - September 2003
Distributed identity is being considered as a privacy positive alternative to national identification schemes (such as the failed Australia Card). The paper argues that while distributed identity may be a reasonable alternative to national identification schemes, distributed identity is not necessarily a privacy positive initiative in its own right. The level of privacy intrusion depends on numerous technical factors and the effective management of privacy issues during design, implementation and the active life of distributed identity systems.
Galexia continues to conduct research on distributed identity systems. These case studies and the accompanying power point presentation provide a brief introduction to the field.
Privacy class actions - Galexia has published a survey of Australian and international privacy laws that allow class actions and representative complaints to be made - September 2003
This paper surveys national and international privacy laws to assess the ability of courts and privacy regulators to consider “representative complaints”, and argues that privacy breaches are particularly suited to resolution through representative action. Several case studies of representative privacy complaints are included, as well as an overview of privacy class actions in the United States, Canada, Hong Kong, Australia and New Zealand.
This paper provides a useful insight into the growing trend for privacy class actions and concludes that the benefits of representative complaints are yet to be fully realised in the privacy field.
Galexia presents paper at national Electronic Authentication Stakeholder workshop for the Vocational Education and Training sector - August 2003
Galexia conducted a National Authentication Workshop for ANTA in Melbourne in August 2003. The workshop considered strategic issues in the development of electronic authentication solutions in the Vocational Education and Training sector. The workshop brought together government and industry participants from all states to consider the potential business case for electronic authentication, plus a range of practical considerations and technical issues.
Galexia delivers report on ABN-DSC interoperability - April 2003
Galexia provided a detailed report on issues which have arisen in the implementation of the Australian Business Number Digital Signature Certificate (ABN-DSC). The report was provided to NOIE following a three-month project involving consultations with numerous Government agencies and industry certificate providers. The final report is not a public document.
For more details on the ABN-DSC see NOIE’s authentication pages.
Read more about NOIE (now AGIMO) projects »
Ian Booth joins Galexia as an Associate - March 2003
Read more in Consultant Profiles »
Galexia completes research paper on Electronic Authentication for Flexible Learning for Australian National Training Authority - February 2003
|
Galexia has completed the E-authentication research paper for ANTA, a Commonwealth statutory authority established in 1992 to provide a national focus for vocational education and training (VET).
The paper outlines the current legal and regulatory framework for electronic authentication in Australia. It also covers general and specific legal and regulatory issues relevant to education providers and outlines suggested models for electronic authentication in Vocational Education and Training (VET). The paper includes detailed strategic advice for the VET sector.
Download from the Australian National Training Authority (ANTA) Australian Flexible Learning Framework - http://flexiblelearning.net.au
- Download PDF - 1.83 MB
Read more about ANTA projects »
Galexia updates Intelligence Report on privacy law in Asia - January 2003
The Asian privacy Intelligence Report provides an in-depth account on the latest in privacy law and regulation in many important Asian jurisdictions. The previous Intelligence Report covered the jurisdictions of Hong Kong, Japan, South Korea and Taiwan. The updated Intelligence Report adds Malaysia and Singapore to the list, outlining the laws of two of Australia’s closest and most important neighbours. The update also adds fresh information on developments in the existing jurisdictions.
Privacy Regulation in Asia: Intelligence Report Contents
Access Galexia Intelligence Reports from the client extranet » [client access only] |
||
Galexia wins tender to deliver research paper on Electronic Authentication for Flexible Learning for Australian National Training Authority - September 2002
The report will contain a comprehensive analysis of current and proposed e-authentication law and regulation. The report will also contain recommended measures for addressing barriers to the development of flexible learning posed by e-authentication legal and regulatory issues.
For more information see the Flexible Learning Advisory Group.
Read more about ANTA projects »
Galexia Intelligence Report #6 - Privacy Codes of Conduct (Process and Content Issues) - August 2002
This Intelligence Report summarises the key process and content issues which need to be addressed when developing privacy codes of conduct, especially where the intention is to have a code approved by the Australian Office of the Federal Privacy Commissioner . This Intelligence Report provides an update on the Australian legal framework and a discussion of the key steps in developing a code and gaining approval.
Privacy Codes of Conduct: Intelligence Report Contents
Access Galexia Intelligence Reports from the client extranet » [client access only] |
||
Galexia focuses on E-Commerce law: The Law and Policy of Consumer Protection in Electronic Commerce in Australia (Updated) - October 2001
The fifth Intelligence Report from Galexia focuses on the law and policy considerations of consumer protection in electronic commerce. It includes the Australian Codes of Conduct, as well as a case study on financial services, which looks at disclosure, privacy and complaint handling within in the online environment. The report also looks to the international scene, to detail the current legal positions of a number of countries in this area.
Read more about E-Commerce law projects »
Galexia commissioned to write a consultation paper on privacy issues in the use of PKI for individuals - June 2001
|
In mid-2001, the National Office for the Information Economy (NOIE) and the Office of the Federal Privacy Commissioner (OFPC) commissioned Galexia to produce a research and discussion paper on privacy guidelines for the use of digital certificates. Part of our report was published as a public consultation paper.
In mid-2001, Galexia was commissioned, by the National Office for the Information Economy (NOIE) and the Office of the Federal Privacy Commissioner (OFPC) to produce a research and discussion paper on privacy guidelines for the use of digital certificates.
Part of our report was published as a public consultation paper and is available from the Office of the Federal Privacy Commission - http://www.privacy.gov.au
- Download Word - 456 K
- Download RTF - 649 K
The Guidelines subsequently became formal Guidelines under the Privacy Act 1988 and are available from the Office of the Federal Privacy Commission - http://www.privacy.gov.au. It sets out guidelines for agencies considering the use of PKI to help them minimise any privacy risks for individuals.
- Download PDF - 312 K
Galexia completes a new Intelligence Report: An Introduction to e-Commerce Law - May 2001
E-Commerce law is one of the most important and diverse sections of Galexia’s research. This Intelligence Report details the law of domain names, copyright, contracts, jurisdiction, defamation and content regulation and how it differs in an Internet context.
An Introduction to e-Commerce Law: Intelligence Report Contents
Access Galexia Intelligence Reports from the client extranet » [client access only] |
||
Read more about E-Commerce law projects »
Galexia's first Intelligence Report: Privacy Impact Assessments (PIAs) - February 2001
This report details the purpose, design and preparation of Privacy impact Assessments (PIAs). It also provides a sample PIA checklist.
Privacy Impact Assessments (PIAs): Intelligence Report Contents
Access Galexia Intelligence Reports from the client extranet » [client access only] |
||
Paper on Electronic Lodgment in the Land and Environment Court - February 2001
|
Working with the NSW Attorney General’s Department and the Law Society of NSW, Galexia prepared this paper on secure electronic court lodgement. The paper covers PKI, Digital Certificates, and electronic lodgement, and how this may be incorporated into the judicial process. It also details how it may be utilised by both the courts and solicitors.
Final Report:
Presentation at Australian Institute of Judicial Administration (AIJA) Technology for Justice 2001:
[1] From Austroads Connected and Automated Vehicles Program Overview <http://www.austroads.com.au/drivers-vehicles/connected-and-automated-vehicles/overview>
[2] ASEAN Secretariat, e-ASEAN Framework Agreement, 2000, <http://www.aseansec.org/6267.htm>.
[3] [2005] VCAT 2592.