Office of the Australian Information Commissioner

We’ve published 2 new guides for businesses that articulate how Australian privacy law applies to artificial intelligence (AI) and set out our expectations as the regulator. Work for a business? The first guide will make it easier for your business to comply with your privacy obligations when using commercially available AI products and help you to select an appropriate product: https://lnkd.in/gH8frTkU Developing AI products? Our second guide provides privacy advice around using personal information to train generative AI models: https://lnkd.in/gvg-ra7N Privacy Commissioner Carly Kind said: ‘Our new guides should remove any doubt about how Australia’s existing privacy law applies to AI, make compliance easier, and help businesses follow privacy best practice.’ For more information, read our media release: https://lnkd.in/gWQanb6m

Privacy Commissioner Carly Kind has found that scraping data to target vulnerable people by Master Wealth Control Pty Ltd (DG Institute) and Property Lovers Pty Ltd was unlawful and interfered with the privacy of individuals. Both companies are associated with Ms Dominique Grubisa and provide similar training courses to members of the public that focus on property investment, wealth management and asset protection. Paying participants of the companies’ Elite Mentoring Program were encouraged to find ‘distressed properties’ in circumstances where a property owner might be incentivised to sell their property below market value as result of divorce, bankruptcy or a deceased estate. Commissioner Kind found the companies failed to: - collect the personal information by fair means - take reasonable steps to notify individuals whose information was collected - ensure the information it collected was accurate and up to date. Commissioner Kind has ordered both companies immediately cease unfairly collecting personal information of individuals from third parties, destroy their leads lists within 30 days, provide the OAIC with evidence of action taken to address the issues raised, and update their privacy policies. Property Lovers must also publish a written apology.   Media release: https://lnkd.in/gy_v2Cn3

Today I appeared before the Senate Committee scrutinising the government's plans to establish a minimum age of 16 for access to social media sites. I answered questions about the privacy protections in the Bill, but I didn't get to share some of my bigger thoughts on the proposal, so I thought I'd do that here.

We’ve released our 2023-24 #AnnualCyberThreatReport. The report highlights the rapidly evolving cyber threat landscape and reinforces the need to prioritise improved cyber defences to protect our nation’s #CyberSecurity. As data continues to be produced and stored in greater volumes, the attack surface has become more exploitable, and both criminal and state-sponsored cyber actors are taking advantage of vulnerabilities and gaps. This, coupled with geopolitical uncertainty, underscores the need for strengthened cyber security. 👉 State-sponsored cyber actors are persistently targeting Australian governments and critical infrastructure. These cyber operations are evolving globally, with the capability to gather intelligence, exert malign influence and pre-position on networks for disruptive effects. This threat is likely to increase as geostrategic competition grows, requiring greater partnership between government and industry to deter this activity. 👉 Critical infrastructure services are an attractive target to malicious cyber actors. This includes essential services such as power grids, water delivery systems, transport networks and health services. Of particular concern are operational technology systems. These are often not secure by design and many traditional security controls cannot be applied, making it likely that malicious cyber targeting of these systems will rise. 👉 Cybercrime is an evolving and persistent threat. Cybercriminals are evolving their tactics and capitalising on new opportunities, like artificial intelligence, to exploit victims. 👉 Collaboration across public and private sectors is key to effective cyber resilience. This report is only possible because Australians reported cybercrime, incidents and vulnerabilities to us. All Australians should report incidents to make us collectively stronger and put cyber threats on everyone’s radar. Learn more about the evolving cyber threat landscape in our report 👉 https://lnkd.in/gXUaip6X ASD thanks all of the organisations that contributed to this report, including: ACCC, Australian Department of Foreign Affairs and Trade, Australian Federal Police, Australian Institute of Criminology, Australian Security Intelligence Organisation, Defence Intelligence Organisation, Australian Department of Home Affairs, National Cyber Security Coordinator, Office of the Australian Information Commissioner & Reserve Bank of Australia

Thinking about using facial recognition technology for facial identification in a commercial or retail setting?   Our new guidance sets out key privacy principles you need to consider: https://lnkd.in/gPRn9Wnu

Today, the OAIC published my determination that retailer Bunnings Group Limited breached Australians’ privacy by collecting their personal and sensitive information through a facial recognition technology system. In this article, I'm sharing important takeaways from the determination for other retailers considering using facial recognition technology.

Privacy Commissioner Carly Kind has found Bunnings breached Australians’ privacy by collecting their personal and sensitive information through a facial recognition technology system. The system, via CCTV, captured the faces of every person – likely hundreds of thousands of individuals – who entered 63 Bunnings stores in Victoria and NSW between November 2018 and November 2021. ‘Facial recognition technology, and the surveillance it enables, has emerged as one of the most ethically challenging new technologies in recent years,’ said Commissioner Kind. ‘We acknowledge the potential for facial recognition technology to help protect against serious issues, such as crime and violent behaviour.’ ‘However, any possible benefits need to be weighed against the impact on privacy rights, as well as our collective values as a society.’ ‘This decision should serve as a reminder to all organisations to proactively consider how the use of technology might impact privacy and to make sure privacy obligations are met.’ Media release: https://lnkd.in/gpJUE6-Q   To help businesses meet privacy obligations, we have published a new privacy guide for those considering using facial recognition technology in a commercial or retail setting: https://lnkd.in/gPRn9Wnu 

Data & privacy in focus: Thank you to Australian Privacy Commissioner Carly Kind for sharing key updates on the Office of the Australian Information Commissioner's role in credit reporting, including their approval of the CR Code and future regulatory priorities shaping our industry’s path forward. #OAIC #arcacreditsummit #CRcode #creditreporting #Arca

⚠NEW PODCAST: Cross Examining Privacy Commissioner Carly Kind – Part 1 In this episode, I am joined by Kaman Tsoi, one of the country’s most experienced and respected privacy lawyers. Together we cross-examine Office of the Australian Information Commissioner, Privacy Commissioner, Carly Kind. Commissioner Kind takes on her first role in the public sector (with the Privacy Commissioner role) after a successful career working in human rights law with the #UN (spending time in Geneva, New York and London) and the intersection of human rights with technology. She has also worked on strategic litigation and #privacypolicy advice, and is the founding director of the #AdaLovelaceFoundation.   In today’s podcast we talk about the privacy reform agenda, the role of the regulator in strategic enforcement and the efficacy of the notifiable data breach regime. Commissioner Kind is an impressive individual, who brings a very practical approach to the role. Thanks again for listening. This is Cross Examining Commissioner Kind. Here we go… https://lnkd.in/gESZ_biM Peter Jones Magdalena Blanch-de Wilt Laura Newton Kaman Tsoi Marine Giral Heather Kelly Annie Zhang Caitlyn Bellis Christine Wong Julian Lincoln Katherine Gregor Kwok Tang Aaron W.

Businesses, did you know that if you use AI to generate an image from which a person is reasonably identifiable, that image is still counted as personal information? As such, you must handle it in accordance with the Australian Privacy Principles. Read our recently published guidance on AI: https://lnkd.in/gH8frTkU