Sunday, March 7, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

OAIC wants visual on what telcos are handing over under data retention regime

February 7, 2020
in Internet Security
OAIC wants visual on what telcos are handing over under data retention regime
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Australian Information and Privacy Commissioner Angelene Falk has agreed with the Parliamentary Joint Committee on Intelligence and Security (PJCIS) that physically seeing the datasets that telecommunications providers are handing over under the country’s data retention regime would enhance her agency’s role.

“We have not seen the actual disclosures. We’ve seen the documents that are required to be kept under Section 306 of the Telecommunications Act, which are around time, date, provision that’s been authorised,” Falk told the committee on Friday.

You might also like

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

Cyberattack shuts down online learning at 15 UK schools

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

Under the Telecommunications Act, the Office of the Australian Information Commissioner (OAIC) can monitor and inspect telecommunication service providers’ compliance with record-keeping obligations when disclosing telecommunications data to agencies.

Facing the PJCIS and its review of the data retention regime that came into being in March 2015, Falk was asked if she thinks having visual on the actual data would benefit the OAIC.

“I do think that it would enhance the oversight; I think there’d be a couple of things that would assist in enabling that more readily: One is to include … a list of the kinds of information that are permitted to be disclosed under the TIA Act and that would then enable my office to look at what has been provided,” she said.

“I would likely need some enhancements to my enforcement regime and the ability to compulsory acquire information in the context of an assessment, which I don’t currently have.

“It is something that I would like to have, the government’s announced a review of the Privacy Act, and they’re the kinds of matters that I’ll be putting forward.”

Falk said the OAIC has provided guidance, carried out inspections and assessments of telecommunications providers, and informed that its inspections and assessments have identified both good implementation of obligations and areas of improvement.

“In those cases, recommendations are made and have been accepted by the regulated entities,” she said. “My office will continue to carry out inspections and assessments in order to assess and address any privacy risks in the system.”

Committee members raised concerns, however, that the data possessed by telcos is not totally stored within Australia.

While Falk admitted her staff has visited storage centres in Australia, she said she was unaware of regime-related data being stored offshore.

“Under the Privacy Act, Australian privacy principle 11 requires the telecommunications providers to take reasonable steps to secure the data protected from unauthorised access, loss, disclosure, and so what we’re looking for is to ensure that the controls that we would expect — the access controls, the physical security, the governance — meets that reasonable steps test,” she continued.

“The location of the data is one aspect that any provider will need to consider in their risk assessment and they need to ensure that they have the reasonable steps in place.

“The location of the data in and of itself is not the issue. It’s the security parameters around it.”

With the committee saying it had been under the impression that all data would be kept onshore once the regime commenced, until it realised this wasn’t the case, Falk said that while there isn’t a data localisation provision in the law, she was not submitting that there should be.

“I note that in the My Health Records provisions, there is a requirement to store that data onshore and so these are all, I think, valid lines of inquiry with the telecommunications providers,” she said.

“I don’t have information that suggests that it’s located anywhere other than Australia, as at the time when we conducted this assessments last year.”

In her opening statement, Falk said some of the privacy issues raised by the OAIC back in 2015 have been addressed, but other “key” ones that sought to establish privacy safeguards were not adopted or fully adopted.

See also: OAIC still asking for information privacy amendments to data retention regime

“For example, we recommended that access to retain data be limited to where it is reasonably necessary to prevent or detect a serious offence and to safeguard national security,” she explained.

Falk asked the committee to consider reducing the potential for personal information to be collected outside of what is intended or reasonably necessary under the regime.

“This goes to the issue that’s previously been raised around defining what’s out of the regime, through the meaning of ‘content’ and ‘substance’ of communications,” she said.

Echoing remarks made by Human Rights Commissioner Edward Santow who appeared before her on Friday, Falk asked the committee to consider reducing the retention period.

“A high proportion of telecommunications data accessed by law enforcement is less than 12 months old, with the majority of data accessed being less than three months old,” she reiterated. “To complement that, to introduce an express obligation to destroy or de-identify telecommunications data after a defined period, noting that the impact of any data breach can increase with the commensurate increase in the volume of data that’s retained.”

Falk also asked the PJCIS to consider measures that ensure access to retain data is appropriately limited to agencies operating under the Telecommunications Interception and Access regime, and that any increases to the agencies, who are lawfully able to access data, be set out in the legislation by way of legislative amendment.

She wants the committee to similarly consider limiting the purposes for accessing historical data to where it’s reasonably necessary and consider introducing a warrant system.

“Warrants would provide one of the strongest forms of privacy protection through the exercise of real time, independent oversight over the operations of the regime,” she said.

“Analysis of telecommunications data can paint a very detailed picture of an individual’s location, movements, habits, relationships, and preferences with accuracy and detail that increases in line with the nature and volume of that data that’s available.

“With this in mind, I do recommend that the committee consider limiting the purpose for which an authorisation to disclose telecommunications data can be made to where it is reasonably necessary to investigate serious offenses, safeguard national security, and to consider within the context of all the evidence whether a warrant system should be introduced.”

RELATED COVERAGE

Credit: Zdnet

Previous Post

Human Learning and Machine Learning - How they differ ?

Next Post

Machine Learning in the Life Sciences Market 2020 Analysis & Future Development Till 2025 – Galus Australis

Related Posts

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
Internet Security

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

March 7, 2021
Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud
Internet Security

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

March 6, 2021
These two unusual versions of ransomware tell us a lot about how attacks are evolving
Internet Security

These two unusual versions of ransomware tell us a lot about how attacks are evolving

March 6, 2021
Next Post
Machine Learning in the Life Sciences Market 2020 Analysis & Future Development Till 2025 – Galus Australis

Machine Learning in the Life Sciences Market 2020 Analysis & Future Development Till 2025 – Galus Australis

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
Internet Security

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

March 7, 2021
How Optimizing MLOps can Revolutionize Enterprise AI
Machine Learning

How Optimizing MLOps can Revolutionize Enterprise AI

March 6, 2021
Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Facebook enhances AI computer vision with SEER
Machine Learning

Facebook enhances AI computer vision with SEER

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
Hands-on Guide to Interpret Machine Learning with SHAP –
Machine Learning

Hands-on Guide to Interpret Machine Learning with SHAP –

March 6, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool March 7, 2021
  • How Optimizing MLOps can Revolutionize Enterprise AI March 6, 2021
  • Cyberattack shuts down online learning at 15 UK schools March 6, 2021
  • Facebook enhances AI computer vision with SEER March 6, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates