Projects

• 3wks.com.au
  • 3wks.com.au - Privacy and security advice on cloud applications for 3wks.com.au and Victorian Government (2013)
• ABS - Australian Bureau of Statistics
  • ABS - Independent and Public Privacy Impact Assessment on 2021 Census (2019/20)
  • ABS - Independent and Public Privacy Impact Assessment on National Health Survey (NHS) Linkage Project for ABS and Department of Health (2018)
  • ABS - Independent and Public Privacy Impact Assessment on Multi-Agency Data Interchange Project (MADIP) (2017/18)
• ACCAN - Australian Communications Consumer Action Network
  • ACCAN - Overview
  • ACCAN - Fairness tests in consumer law (2010)
  • ACCAN - Draft Interoperability principles (2010)
  • ACCAN - Do Not Call Register Statutory Review (2009)
  • ACCAN - Customer Service Charters (2009)
  • ACCAN - Informed Consent (2009)
• ACMA - Australian Communications and Media Authority
  • ACMA - Overview
  • ACMA - Cybersecurity Education Analysis (2011)
• AEMO - Australian Energy Market Operator
  • AEMO - Advice on cloud based identity (2013)
  • AEMO - Identity and Access Management Architecture Strategy and Roadmap (2012)
• AGD - Australian Government Attorney-General's Department
  • AGD - Privacy Impact Assessment (PIA) on Change of Name Data Sharing (2016)
• AGIMO - Australian Government Information Management Office
  • AGIMO - Overview
  • AGIMO - Gatekeeper ad hoc advice (2009)
  • AGIMO - Australian Government e-Authentication Framework for Individuals (AGAFI) (May - August 2006)
  • AGIMO - Gatekeeper Public Key Infrastructure Framework (February 2006)
  • AGIMO - Identity Management for Government Employees (IMAGE) Framework (January 2006)
• AGOSP - Australian Government Online Service Point
  • AGOSP - Overview
  • AGOSP - Australian Government Online Service Point (AGOSP) Implementation (2009)
  • AGOSP - Australian Government Online Service Point (AGOSP) Architecture and Design (2008-2009)
• AHPRA - Australian Health Practitioner Regulation Agency
  • AHPRA - Overview
  • AHPRA - Privacy Impact Assessment (PIA) for Cloud Hosted Platforms (2017)
• ANTA - Australian National Training Authority
  • ANTA - Overview
  • ANTA - Legal and Regulatory advice
  • ANTA - National Authentication Workshop (August 2003)
  • ANTA - Strategic Advice
  • ANTA - Broadband Advice
  • ANTA - Interoperability Advice
• ARCA - Australasian Retail Credit Association
  • ARCA - Review of the Credit Reporting Code of Conduct (2008-2009)
• ASEAN - Association of South East Asian Nations
  • ASEAN - Overview
  • ASEAN - Special Assistance - Awareness Raising and Technical Assistance - Phase 4 (January 2008)
  • ASEAN - Electronic Commerce project - Phase 3 (Mutual Recognition of Digital Signatures) (April 2007)
  • ASEAN - Electronic Commerce project - Phase 2 (Electronic Contracting and Online Dispute Resolution (ODR)) (February 2006)
  • ASEAN - Survey of Cyberspace Laws (August 2005)
  • ASEAN - Electronic Commerce project - Phase 1 (March 2004)
• ASIC - Australian Securities and Investments Commission
  • ASIC - Security and risk mitigation advice for IT initiatives (2006 - 2007)
• ATO - Australian Taxation Office
  • ATO - Overview
  • ATO - 2-stage PIA for myGovID (2018)
  • ATO - Assistance with Identity Management Platform Upgrade (2008)
• AUSTRAC - Australian Transaction Reports and Analysis Centre
  • AUSTRAC - PIA on AML/CTF reforms (2014)
• Austroads
  • Austroads - Overview
  • Austroads - Privacy Impact Assessment (PIA) for Austroads on smart roads and driverless cars infrastructure (2016-2017)
  • Austroads - National Exchange of Vehicle and Driver Information System (NEVDIS) Strategy - Strategic Review (2009)
  • Austroads - National Exchange of Vehicle and Driver Information System Strategy - Phase II (2006)
  • Austroads - National Exchange of Vehicle and Driver Information System Strategy (2005)
• Baker & McKenzie Solicitors
  • Baker & McKenzie Cyberspace Law & Policy Centre - Digital Document Retention Research (April 2004)
  • Baker & McKenzie - ASEAN Electronic Commerce project (March 2004)
  • Baker & McKenzie - Digital Copyright Review advice (2003)
  • Baker & McKenzie - Joint advice on Internet gambling regulation in South-East Asia (2001)
  • Baker & McKenzie - Joint advice on Internet content regulation in South East Asia (2001)
  • Baker & McKenzie - Joint advice on privacy law in South-East Asia (2001)
  • Baker & McKenzie - Joint advice on impact of EU data protection directive (2001)
  • Baker & McKenzie - Expert Witness for e-commerce litigation (2000)
• BSA | The Software Alliance (was Business Software Alliance)
  • BSA - Global Cloud Computing Scorecard (2018)
  • BSA - Global Cloud Computing Scorecard (2016)
  • BSA - Asia Pacific Cybersecurity Dashboard and 10 country reports (2015)
  • BSA - European Cybersecurity Dashboard and 28 Country Reports (2015)
  • BSA - Global Cloud Computing Scorecard (2013)
  • BSA - Global Cloud Computing Scorecard (2012)
  • BSA - Asia Pacific Digital Economy and Cloud Computing Readiness Scorecard (2010)
• CALC - Consumer Action Law Centre
  • CALC - Reforming the public benefit test in the Trade Practices Act (2007)
• CHOICE
  • CHOICE - Overview
  • CHOICE - Submission to the superannuation review (2009)
  • CHOICE - Consumer code development processes (2009)
  • CHOICE - Electronic Funds Transfer Code of Conduct Review (2008)
  • CHOICE - Consumer Protection in Telecommunications (May 2008)
  • CHOICE - Electronic Funds Transfer Code of Conduct Review (2007)
• CI - Consumers International
  • CI - Survey of Consumer Protection Measures in the Asia Pacific Region (2009)
• CreditED
  • CreditEd - Privacy Policy and Privacy Management Framework for CreditED Financial Literacy (2015/16)
• CSIRO - Commonwealth Scientific and Industrial Research Organisation
  • CSIRO - Privacy and trust issues in the use of health data in research (2005)
• DATA61
  • DATA61 -  Independent advice and assistance on the development of a key security standard in the Open Banking / Consumer Data Right (CDR) framework (2018)
• DBCDE - Australian Government Department of Broadband, Communications and the Digital Economy (formerly DCITA)
  • DBCDE - Overview
  • DBCDE - Strengthening Spam Legislation, Enforcement and Cooperation Regimes in the Pacific project (2007-2008)
  • DBCDE - Malaysia-Australia E-Commerce Legal Infrastructure Analysis project (2006)
• DCITA - Australian Government Department of Communications, Information Technology and the Arts
  • DCITA - Strengthening Spam Legislation, Enforcement and Cooperation Regimes in the Pacific project (October 2007)
  • DCITA - Malaysia-Australia E-Commerce Legal Infrastructure Analysis project (2006)
• DEEWR - Australian Government Department of Education, Employment and Workplace Relations
  • DEEWR - Learning Identity Management Framework (LIMF) (September 2008 - January 2009)
• Defence - Australian Government Department of Defence
  • Defence - PIA for Identity Management Project (2007)
• DHA - Australian Government Department of Health and Ageing
  • DHA - National Health Identifier project
• Diabetes Australia
  • Diabetes Australia - Privacy Review of the National Diabetes Services Scheme (NDSS) (2015)
• DigEU - DIGITALEUROPE
  • DigEU - Advice on the market for cross border data transfers (2015/2016)
• DIBP - Australian Government Department of Immigration and Border Protection
  • DIBP - Privacy Impact Assessment (PIA) on Biometrics and National Identity Management Implementation (2005)
• DITR - Australian Government Department of Industry, Tourism and Resources
  • DITR - Digital Credentials for the Legal Profession - Phase II (2006)
  • DITR - Digital Credentials for the Legal Profession (2005)
• DMA - Doll Martin Associates
• DPMC - Australian Government Department of Prime Minister and Cabinet
  • Privacy advice and independent public PIA on the proposed Data Sharing & Release Bill and related regulatory framework (2018/19)
• DTA - Australian Government Digital Transformation Agency
  • DTA - Overview
  • DTA - Second Privacy Impact Assessment (PIA) on the Trusted Digital Identity Framework and GovPass identity platform (2018)
  • DTA - Initial Privacy Impact Assessment (PIA) on the proposed Trusted Digital Identity Framework and GovPass identity platform (2016/2017)
• Foxtel
  • Foxtel - Access Control Design (2007)
• Fidelity International
  • Fidelity - Offshore Data Transfer in Business Process Outsourcing (March 2007)
  • Fidelity - Electronic Human Resource Records (March 2007)
  • Fidelity - Privacy Compliance Strategy and Statement (January 2007)
  • Fidelity - Privacy Sanctions (December 2006)
  • Fidelity - Regional Privacy Advice (November 2006)
• FWC - Australian Government Fair Work Commission
  • FWC - Iterative privacy advice and independent PIA for eCASE - a new cloud-based case management platform (2018/19)
• Major Global Financial Institution
  • Identity Management Strategy and Technology Evaluation (2008)
• Japan PIA Study Tour
• KWM - King & Wood Mallesons
  • KWM - King & Wood Mallesons + Galexia and Data Governance (2017)
• Law Society of New South Wales
  • Law Society of NSW - Digital Credentials for the Legal Profession - Phase II (2006)
  • Law Society of NSW - Digital Credentials for the Legal Profession (2005)
• Level 3 Communications
  • Level 3 - Advice on impact of EU data protection directive
  • Level 3 - Advice on privacy law in South-East Asia
  • Level 3 - Advice on Internet content regulation in South East Asia
  • Level 3 - Advice on Internet gambling regulation in South-East Asia
• Lexis Australia
  • Lexis - Internet Law Bulletin (1998-2003)
• LIAC - Legal Information Access Centre
  • LIAC - Overview
  • LIAC - Cyberlaws Hot Topic (2009)
• LittlePay
  • LittlePay - Privacy Impact Assessment (PIA) on a micropayment system for public transport (United Kingdom and Australia, 2016)
• LIV - Law Institute of Victoria
  • LIV - Law Institute of Victoria (1997-2009)
• Macquarie Bank
  • Macquarie Bank - Strategic Advice (2005)
• NEHTA - National E-Health Transition Authority
  • NEHTA - Healthcare Provider Identifier (HPI) and Individual Healthcare Identifier (IHI) Preliminary Privacy Impact Assessments (PIAs) (2006)
• NOIE - National Office for the Information Economy
  • NOIE - Overview
  • NOIE - ABN-DSC project
  • NOIE - Privacy and Public Key Infrastructure: Consultation Paper on Privacy Issues in the Use of PKI for Individuals and Possible Guidelines for Handling Privacy Issues in the Use of PKI for Individuals by Commonwealth agencies (2001)
• NSC - Naval Shipbuilding College
  • NSC - Overview
  • NSC - 2-stage privacy advice and independent PIA for the Naval Shipbuilding College Workforce Register (2018/19)
• NSW-IPC - NSW Information and Privacy Commission
  • NSW-IPC - Privacy Impact Assessment on Government Access Tool (2016)
• NSW-RMS - Roads and Maritime Service (was RTA - Roads and Traffic Authority)
  • NSW-RMS - Overview
  • NSW-RMS / RTA - Facial Recognition System PIA (2009)
  • NSW-RMS / RTA - Document Verification Service Privacy Impact Assessment (November 2007)
• OAIC - Office of the Australian Information Commissioner
  • OAIC - Joint Sponsor with Galexia for Endeavour Fellowship from The Philippines to study privacy law in Australia (November 2007)
  • OAIC - Consultation Paper on Privacy Issues in the Use of Public Key Infrastructure (PKI) for Individuals (June 2001)
• ONDC - Office of the National Data Commissioner
  • Privacy advice and independent public PIA on the proposed Data Sharing & Release Bill and related regulatory framework (2018/19)
• QT - Queensland Department of Transport
  • QT - Strategic advice (2001-2005)
  • QT - Privacy Stakeholder Consultations for new Queensland Driver License (2003)
  • QT - Privacy Management Strategy (PMS) for new Queensland Driver License (September 2003)
  • QT - Privacy Impact Assessment (PIA) for new Queensland Driver License
• Qubit Consulting
  • Qubit - Overview
  • Qubit - University of Western Sydney Identity Systems Upgrade (2010)
  • Qubit - University of Sydney Identity Systems Upgrade (2009)
  • Qubit - Vodafone Authentication Gateway and Identity Management (2009)
• QVAS - Queensland Valuation and Sales System (QVAS)
  • QVAS - Overview
  • QVAS - Review of Queensland Personal Identification Information in Property Data (PIIPD) Code of Conduct (2013)
  • QVAS - Development of the Code of Conduct (2008)
• RAB - Regional Australia Bank
  • RAB - Review and Briefing on Identity Management and Customer Initiated Data Sharing (2017)
• RP Data (now CoreLogic Australia)
  • RP Data - Privacy and Public Registers Advice
• Sensis
  • Sensis - Identity and Access Management (2007)
• Singapore iDA (Infocomm Development Authority of Singapore)
  • Singapore iDA - A Study of Singapore’s Certification Authority Scheme
  • Singapore iDA - Singapore National Authentication Framework (NAF)
• South Australia - Office of the Chief Information Officer
  • South Australia - Office of the Chief Information Officer - Review of Identity and Access Management Position Paper
• Telstra
  • Telstra - Identity Management and Authentication Projects (2006-2008)
    • Telstra BigPond
    • Telstra ‘Transformation’ project
    • Telstra Sentinel
    • Sensis Identity and Access Management
• Thomson Reuters Australia
  • Thomson Reuters - Overview
  • Thomson Reuters - The Laws of Australia (2009)
• UNCTAD - United Nations Conference on Trade and Development
  • UNCTAD - Overview
  • UNCTAD - Major study on data protection and trade (2016)
  • UNCTAD - Review of E-commerce Legislation Harmonization in ASEAN (2013)
  • UNCTAD - Information Economy Report (2007-2008) - Harmonising Cyber Legislation at the Regional Level: The case of ASEAN
• UNSW - University of NSW
  • UNSW - Faculty of Law - Overview
  • UNSW - Faculty of Law - Electronic Commerce Law Materials (2004-2005)
  • UNSW - Faculty of Law - Cyberspace Law Materials (2003-2004)
  • UNSW - Baker & McKenzie Cyberspace Law & Policy Centre - Digital Document Retention Research (April 2004)
  • UNSW - Faculty of Law - Online Dispute Resolution Research (May 2004)
• USYD - The University of Sydney
  • USYD - Identity and Access Management (IdAM) Strategy and Roadmap (2017)
• Veda Advantage
  • Veda Advantage - Overview
  • Veda Advantage - Credit reporting and consumer information (2010)
  • Veda Advantage - Credit Reporting Framework - Submission to Australian Law Reform Commission Discussion Paper 72 (2007)
• VIC-DIIRD - Victorian Department of Innovation, Industry and Regional Development (DIIRD)
  • VIC-DIIRD - Client data management PIAs (2009 and 2010)
• VIC-DSDBI - Victorian Department of State Development, Business and Innovation (DSDBI)
  • VIC-DSDBI - PIA for migration of Victorian Resource Rights Allocation and Management (RRAM) services to the cloud (2014)
  • VIC-DSDBI - PIA for migration of Business Victoria to the cloud (2014)
• VIC-DTPLI - Victorian Department of Transport Planning and Local Infrastructure (DTPLI)
  • VIC-DTPLI - PIA for migration of grant management services to the cloud (2014)
• VIC-LHLA - Victorian Labour Hire Licensing Authority (LHLA)
  • VIC-LHLA - 2-stage PIA for Cloud-based Registry System (2018/19)
• VIC-TAC - Victorian Transport Accident Commission (TAC)
  • VIC-TAC - Privacy Advice and 2-stage PIA of PageUp services to TAC (2018)
  • VIC-TAC - PIA for MyTAC enhancement - Supported Needs Identification (2018)
  • VIC-TAC - 2nd PIA for proposed cloud-based Data, Analytics and Reporting (DAR) Platform and Development of a Data Release Privacy Checklist (Phase 2 - Expanded Data Set) (2018)
  • VIC-TAC - Initial PIA for proposed cloud-based Data, Analytics and Reporting (DAR) Program (Phase 1 - Working Model) (2018)
  • VIC-TAC - PIA for Point of Sale (PoS) online service (2017)
  • VIC-TAC - PIA for Phase 1 of proposed Online Client Service (2017)
• VIC-VAHI - Victorian Agency for Health Information (VAHI)
  • VIC-VAHI - PIA for  Victorian Health Incident Management System (VHIMS) (2018)
• Vodafone Australia
  • Vodafone Australia - Access Controls Project

Galexia undertakes a range of projects for both Government and private sector clients. The scope and location of our projects may be state, national, regional or international. The length of our projects cover short term (1 month) to longer term (5 years) and have ranged in value from $USD 50,000 to $USD 2 mil.

3wks.com.au

Related Galexia services and solutions Cloud Computing Strategy and Advice. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

3wks.com.au - Privacy and security advice on cloud applications for 3wks.com.au and Victorian Government (2013)

Galexia worked with 3wks.com.au and a Victorian government agency to consider the legal and regulatory issues regarding the development of cloud based application for government.

This work required a review and analysis of:

• Google Apps terms and privacy policy
• Google Cloud Services Partner Agreement
• Comparison of cloud provider privacy policies (including Google Compute, Google Apps, Salesforce, AWS, etc)
• Agency privacy policies
• General research and literature review on offshore privacy issues
• Review of relevant guidance from the Office of the Victorian Privacy Commissioner;
• Review of relevant Victorian Government guidance on security and cloud computing and DSD Cloud Computing Security Considerations (2011); and
• Review of Victorian Government Security Policy Documents

ABS - Australian Bureau of Statistics

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Related Galexia news about ABS Galexia providing privacy advice and an independent public Privacy Impact Assessment (PIA) on 2021 Census for ABS - August 2019 » ABS accepts all recommendations in Galexia independent Privacy Impact Assessment (PIA) on National Health Survey (NHS) Linkage - 28 August 2018 » Galexia selected to provide independent and public Privacy Impact Assessment on National Health Survey (NHS) Linkage Project for ABS and Department of Health - April 2018 » ABS accepts recommendations in Galexia Privacy Impact Assessment (PIA) on the Multi-Agency Data Interchange Project (MADIP) - April 2018 » Galexia providing independent privacy advisory services to Australian Bureau of Statistics (ABS) - August 2017 »

ABS - Independent and Public Privacy Impact Assessment on 2021 Census (2019/20)

Additional Information ABS Media Release (23 August 2019) » [External link]

Following on from a competitive tender process, in August 2019, Galexia has been engaged by the Australian Bureau of Statistics (ABS) to prepare an Independent and Public Privacy Impact Assessment (PIA) examining the privacy considerations around the conduct of the 2021 Australian Census of Population and Housing.

The Privacy Impact Assessment will be publicly available in mid 2020.

ABS - Independent and Public Privacy Impact Assessment on National Health Survey (NHS) Linkage Project for ABS and Department of Health (2018)

Download PIA View PIA and ABS response » [Galexia - PDF] View ABS PIAs and responses » [External Link]

Galexia was engaged by the Australian Bureau of Statistics (ABS) to prepare an Independent Privacy Impact Assessment (PIA) examining the privacy considerations around the National Health Survey (NHS) Linkage Project.

The purpose of the PIA was to assist in identifying and managing privacy issues that are raised by the proposed integration of data between the 2014-15 NHS and MADIP (Multi-Agency Data Integration Project). While the NHS survey data was at a point in time (in this case collection took place between July 2014 and June 2015), MADIP data is longitudinal.

The key proposal was to:

1. Link the 2014-15 NHS data with a range of other data held in MADIP to facilitate research and statistical analysis; and

2. Ensure an effective governance framework for the proposed data integration (noting that NHS Linkage Governance will fall under MADIP Governance arrangements).

Galexia's advice included:

• Advising on the privacy issues associated with linking the 2014/15 NHS to the MADIP, including support for a targeted consultation process and conduct of an independent PIA.
• Identifying sub-populations for particular attention, and assess personal information and sensitive/less- sensitive variables;
• Providing general advice to inform the communication strategy for the project.
• Assisting ABS to apply learning from this process to inform its approach for future health surveys

In August 2018 this PIA was publicly released, and ABS has accepted all the recommendations.

• View PIA and ABS response » [Galexia]
• View ABS PIAs and responses » [External Link]

ABS - Independent and Public Privacy Impact Assessment on Multi-Agency Data Interchange Project (MADIP) (2017/18)

Related ABS links ABS - Multi-Agency Data Integration Project (MADIP) » [External link] MADIP Consultation and independent Privacy Impact Assessment » [External link] ABS - Privacy Impact Assessments and ABS responses » [External link] Download PIA View PIA and ABS response » [Galexia - PDF] View ABS PIAs and responses » [External link]

On 4 April 2018 the Australian Bureau of Statistics (ABS) published an independent Privacy Impact Assessment (PIA) on the Multi-Agency Data Interchange Project (MADIP) completed by Galexia.

The ABS (and the 6 partner agencies in MADIP) accepted all 14 recommendations in the PIA.  

Galexia was engaged by the ABS to provide independent advice on the large-scale data interchange between the ABS and other Government agencies. This PIA reflects a growing interest in ensuring that privacy and security concerns are addressed in the integration of data for research purposes.

The Multi-Agency Data Integration Project (MADIP) proposes to bring important national datasets together to explore how the Australian Government can make better use of existing public data for policy analysis, research, and statistical purposes.

There are six Commonwealth agencies working together on the MADIP:

• Australian Bureau of Statistics (ABS),
• Australian Taxation Office (ATO),
• Department of Education and Training,
• Department of Health,
• Department of Human Services (DHS), and
• Department of Social Services (DSS).

As part of the PIA process Galexia also consulted with the Department of Prime Minister & Cabinet (PM&C) and the Office of the Australian Information Commissioner (OAIC).

In accepting the PIA recommendations, the ABS has agreed to boost openness, transparency and security arrangements for the project. 

The PIA and the Government's response to the 14 recommendations are available at: http://www.abs.gov.au/websitedbs/D3310114.nsf/home/ABS+Privacy+Impact+Assessments

ACCAN - Australian Communications Consumer Action Network

ACCAN - Overview

Related Galexia services and solutions Self-regulation and Codes of Conduct. Read more » Specialised Legal and Regulatory Consulting. Read more » ACCAN links ACCAN home page (external site) » Related Galexia news Galexia contributes to new research on privacy complaints in the communications sector - September 2010 » Galexia prepares submission on consumer fairness tests for ACCAN - 5 March 2010 » Galexia prepares draft interoperability principles for ACCAN - 2 March 2010 » ACCAN releases Galexia research on Customer Service Charters in the Australian Telecommunications Sector - 25 August 2009 » ACCAN releases Galexia research on Informed Consent in the Australian Telecommunications Sector - 21 August 2009 » ACCAN and customer service charters in the telecommunications sector - 27 May 2009 » ACCAN and informed consent in the telecommunications sector - 26 May 2009 »

The Australian Communications Consumer Action Network (ACCAN) is a consumer body representing consumer interests in telecommunications. Its primary activities include disseminating information to consumers through the Internet and publications, engaging and training volunteer consumer advocates, coordinating responses to government-initiated processes, and conducting conferences and workshops.

<www.accan.org.au>

ACCAN - Fairness tests in consumer law (2010)

On behalf of ACCAN, Galexia prepared a submission to the Expert Panel On Franchising And Unconscionable Conduct, established by the Government following a parliamentary inquiry into provisions of the Trade Practices Act 1974 that prohibit unconscionable conduct.

The submission proposes to reform Australia’s consumer laws by inserting a new fairness test into Section 52 of the Trade Practices Act (and all legislation that mirrors that test). This would result in Section 52 prohibiting ‘conduct that is unfair or misleading, or conduct that is likely to mislead or be unfair’.

ACCAN - Draft Interoperability principles (2010)

Downloads and further reading ISO consumer resources (external site) »

Galexia prepared a report on interoperability for the Australian Communications Consumer Action Network (ACCAN), including a set of draft interoperability principles. Interoperability, in many systems, can provide a number of benefits for consumers, including reduced cost, increased functionality, and increased competition.

The report was prepared for presentation to COPOLCO, the Consumer Policy Committee of the International Standards Organisation (ISO).

ACCAN - Do Not Call Register Statutory Review (2009)

Downloads and further reading View ACCAN's submission (external site) »

Galexia assisted ACCAN in the development of its submission to Department of Broadband, Communications and the Digital Economy 2009 statutory review of the Do Not Call Register.

ACCAN - Customer Service Charters (2009)

Downloads and further reading View the full research report » Related Galexia news ACCAN releases Galexia research on Customer Service Charters in the Australian Telecommunications Sector - 25 August 2009 » ACCAN and customer service charters in the telecommunications sector - 27 May 2009 »

Galexia prepared an analysis of customer service charters in the telecommunications industry, compared with consumer codes. The analysis covered best practice consumer protection in Australia and internationally.

ACCAN released its final report in August 2009.

ACCAN - Informed Consent (2009)

Downloads and further reading View the full research report » Related Galexia news ACCAN releases Galexia research on Informed Consent in the Australian Telecommunications Sector - 21 August 2009 » ACCAN and informed consent in the telecommunications sector - 26 May 2009 »

Galexia conducted research into informed consent in Australian law. The research explored:

• Current requirements for informed consent in law (including industry codes);
• Methods used to ensure consumers are able to give informed consent - for example, the measures taken in contracts to ensure that consumers understands what they are agreeing to;
• The meaning of ‘informed consent’ for consumers from culturally and linguistically diverse groups, from different age groups, and with accessibility issues;
• Better and fairer selling practices.

Galexia also advised on a best practice framework of informed consent, and mechanisms for putting this framework into place.

ACCAN released its final report in August 2009.

ACMA - Australian Communications and Media Authority

ACMA - Overview

Related Galexia services and solutions Cybersecurity Research and Advice. Read more » International, Comparative and Cross-Border Research. Read more » ACMA links ACMA home page » [External link] Search for "Galexia" at ACMA » [External link]

The Australian Communications and Media Authority (ACMA) is the national regulator for telecommunications, media, broadcasting and the Internet. They also play a key role in Cybersafety and cybersecurity education and awareness raising in Australia.

<https://www.acma.gov.au>

ACMA - Cybersecurity Education Analysis (2011)

Downloads and further reading Browse web version (Galexia micro-site) » Download the full research report as PDF/DOCX (ACMA site) » Related Galexia news Updates to Galexia Website - 4 September 2019 » Galexia completes Privacy Impact Assessment (PIA) for Victorian Labour Hire Licensing Authority (LHLA) - June 2019 » Galexia completes independent review of Consumer Data Standards - Security Profile (CDS-SP) and process on Open Banking for Data61 - 21 December 2018 » Galexia completes Privacy Advice and 2-Stage Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on PageUp Services - November 2018 » Iterative privacy advice for Fair Work Commission (FWC) and independent PIA for eCASE - a new cloud-based case management platform - October 2018 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on MyTAC enhancement - October 2018 » Galexia completes 2nd PIA and Privacy Checklist for the Victorian Transport Accident Commission (TAC) on cloud-based Data Analytics and Reporting (Phase 2 - Expanded Data Set) - October 2018 » Galexia completes initial Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on proposed cloud-based Data Analytics and Reporting Pilot - July 2018 » BSA & Galexia Global Cloud Computing Scorecard 2018 (Galexia Analytics Release) - May 2018 » 2018 Global Cloud Computing Readiness Scorecard released - 6 March 2018 »

Galexia prepared an analysis of international cybersecurity awareness raising and educational initiatives for ACMA in 2011.

An overview of international cybersecurity awareness raising and educational initiatives, a report for the Australian Communications and Media Authority (ACMA) by Galexia in partnership with the Cyberspace Law and Policy Centre, was launched in CyberSecurity Awareness week - 30 May 2011.

The study included research and advice on 68 cybersecurity initiatives (both government and private sector) in 11 jurisdictions.

AEMO - Australian Energy Market Operator

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more » Identity Management and Authentication - Cloud and Software-as-a-Service. Read more » AEMO links Australian Energy Market Operator » [External link]

AEMO - Advice on cloud based identity (2013)

Galexia provided the Australian Energy Market Operator (AEMO) with options for implementing Single Sign-On (SSO) to external Software-as-a-Service (SaaS) applications. Our consultants performed an analysis of AEMO's authentication requirements, internal and external applications, and existing processes. We used our expert knowledge of cloud-based SSO technology vendors and solutions to select and cost the best approach, based on proven cloud identity design principles and best practices.

AEMO - Identity and Access Management Architecture Strategy and Roadmap (2012)

Galexia delivered an Identity and Access Management (IAM) Strategy for the Australian Energy Market Operator (AEMO). Our consultants performed an analysis of AEMO's current state IAM business processes and technology, and determined the future state based on requirements and best practice. Galexia performed an IAM market review and technology evaluation that identified and costed the products most appropriate to AEMO. Leveraging the analysis and review, Galexia consultants provided an IAM Strategy and Roadmap for a 2-3 year period.

Our phased approach generates a number of staged outputs.

• Phase 1: Engage - Agree on the project scope and timetable, establish communication and collaboration mechanisms, and confirm on reporting requirements.
• Phase 2: Identify - Focus on identifying relevant inputs via stakeholder consultations and collection of other relevant materials.
• Phase 3: Analyse - Develop analysis and advice in four major documents:
  • A Current State Analysis (Output 1), focusing on issues and gaps in current AEMO IAM processes and technologies;
  • A set of Business Requirements (Output 2), based on analysis of materials collected in Phase 2;
  • A Technology Evaluation (Output 3), comparing a number of vendor offerings across metrics relevant to the identified requirements; and
  • An Identity and Access Management (IAM) Strategy (Output 4), a technology-neutral document setting out a broad vision, identifying key requirements and goals, and presenting a high-level architecture.
• Phase 4: Plan - Based on the recommendations and outcomes of the analysis, development of an Implementation Roadmap (Output 5) that includes scope, plan and timeline for proceeding with IAM implementation activities. This also includes recommendations regarding a vendor solution and estimated implementation costs. The Roadmap enables commencement of IAM implementation activities.

AGD - Australian Government Attorney-General's Department

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Identity Management and Authentication - Strategic Consulting. Read more » AGD links AGD home page » [External link]

.

AGD - Privacy Impact Assessment (PIA) on Change of Name Data Sharing (2016)

Related links Department of Home Affairs - Identity Security » [External link] DPMC - Martin Place Siege: Joint Commonwealth - New South Wales Review, January 2015 » [External link]

Galexia was engaged by the National Security Policy Branch of the Australian Government Attorney General’s Department to conduct an independent Privacy Impact Assessment (PIA) on proposals to allow change of name data to be shared across multiple Commonwealth, State and Territory agencies.

This PIA includes consideration of legislative requirements, identity verification protocols, national security considerations and community privacy perceptions.

Stakeholders included the National Security Policy Branch (Attorney General’s Department), Department of Immigration and Border Protection and all of the state Births Deaths and Marriages Registries.

The broad purpose of this PIA was to assist in the development of ongoing data sharing arrangements regarding formal change of name information between State and Territory Registries of Births Deaths and Marriages (BDMs), and the Australian Government Department of Immigration and Border protection (DIBP).

The Martin Place Siege: Joint Commonwealth - New South Wales Review (the Review) identified gaps in the sharing of information on changes of name between government agencies. In particular, the Review highlighted the need to improve the robustness of checks on identity by Commonwealth and state and territory government agencies, including the need for improved arrangements for sharing formal name change information between Commonwealth and state bodies. A national Change of Name Working Group has been established to manage the implementation of a solution.

AGIMO - Australian Government Information Management Office

AGIMO - Overview

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Related Galexia projects Read about Galexia’s projects with the Digital Transformation Office (DTA) » Read about Galexia's previous projects with the NOIE » Related Galexia news Digital Transformation Agency (DTA) releases 2nd Galexia Privacy Impact Assessment (PIA) on Digital Identity - 13 November 2018 » Two-stage independent PIA for myGovID finalised - September 2018 » Galexia undertakes Review and Briefing on Identity Management and Customer Initiated Data Sharing for Regional Australia Bank - September 2017 » Digital Transformation Agency (DTA) releases 1st Galexia Privacy Impact Assessment (PIA) on Digital Identity - 17 March 2017 » Galexia completes initial Privacy Impact Assessment (PIA) for the Australian Government Digital Transformation Agency (DTA) on the proposed Trusted Digital Identity Framework (TDIF) - December 2016 » National e-Authentication Framework Website Authentication Guidelines - January 2009 » Galexia joins AGIMO Identity Management and Authentication Consultancy Services Panel - May 2007 » Gatekeeper reforms published - October 2006 » Galexia to help develop the Australian Government e-Authentication Framework for Individuals (AGAFI) - April 2006 » Galexia to help complete the Gatekeeper Public Key Infrastructure Framework for AGIMO - April 2006 » Galexia to develop Privacy Impact Assessment (PIA) for Government employees in Australia - January 2006 » AGIMO develops out e-Authentication Framework to individuals - December 2005 » Galexia presents on Legal and Privacy Issues in e-Government - May 2004 » Galexia delivers report on ABN-DSC interoperability - April 2003 » Galexia commissioned to write a consultation paper on privacy issues in the use of PKI for individuals - June 2001 »

Galexia continues to provide trusted strategic advice to the Australian Government and agencies on authentication, identity management and privacy issues.

Galexia sat on the GateKeeper Policy Committee and has provided input to the national Authentication working group.

AGIMO - Gatekeeper ad hoc advice (2009)

Downloads and further reading Australian Government Standard Business Reporting home page (external site) »

Galexia provided advice for the Standard Business Reporting (SBR) project. The SBR project promises an easier, faster and simpler business-to-government reporting mechanisms, but introduces a number of technical and privacy issues.

AGIMO - Australian Government e-Authentication Framework for Individuals (AGAFI) (May - August 2006)

Downloads and further reading Australian Government e-Authentication Framework for Individuals (AGAFI) project »

Galexia completed work with the Department of Finance and Administration to conduct consultancy services for the Australian Government e-Authentication Framework for Individuals (AGAFI). The project involved the provision of strategic advice, and the provision of a Privacy Impact Assessment (PIA) and Privacy Management Strategy (PMS) documentation for publication.

Galexia also undertook investigation of technical approaches to protecting privacy in online transactions, known as Privacy Enhancing Technologies (PETs). This incorporated assessments of the potential for PETs to enhance the uptake of online services, including their effectiveness, their maturity as protocols, implementation issues such as barriers to implementation, interoperability between these protocols and usability.

Galexia developed a packages of 8 reports:

• 1. PIA and PMS - Conduct a Privacy Impact Assessment and develop a Privacy Management Strategy
• 2: PETs - Investigate and report on technical approaches to protecting privacy in online transactions, known as Privacy Enhancing Technologies (PETs).
• 3: Website Authentication - Investigate and report on possible means to authenticate and assure the integrity of government websites to users.
• 4: Legal Liability - Investigate and report on the legal liability implications of government agencies relying on the evidence of identity and other identity management processes of other agencies and non-government organisations
• 5: Governance - Investigate and report on best practice governance arrangements for the AGAF for Individuals
• 6: Technical Approaches - Investigate and report on technical approaches to authentication and protecting data shared by participating agencies
• 7: Options - Investigate and report on options for:

(a) Whole of government and multi-agency transactions, such as change of address/circumstances;

(b) Authentication portals for both individuals and businesses;

(c) Single/simplified sign on for multi-agency and whole of government transactions; and

(d) Potential involvement of non-government organisations (such as banks and financial institutions) as providers of identity credentials which could be relied on by government.

• Task 8: Economic Model - Rank options for implementation, detailing the rationale for ranking. Such rationale should include economic modelling that estimates the potential costs, savings, efficiencies and benefits.

The documents also looked to investigate and report on the legal liability implications of government agencies relying on the evidence of identity and other identity management processes of other agencies and non-government organisations such as banks and financial institutions. Galexia’s work incorporated the examination of best practice governance arrangements for the framework including an examination of current implementations in other national and international jurisdictions.

This project was an extension of previous Galexia work for AGIMO, and the economic modelling component was a joint undertaking with Doll Martin Associates.

AGIMO - Gatekeeper Public Key Infrastructure Framework (February 2006)

Downloads and further reading Read more about the AGIMO Gatekeeper PKI project » AGIMO Gatekeeper PKI Framework website »

Galexia completed a project with the Department of Finance and Administration to undertake consultancy services relating to the Gatekeeper Public Key Infrastructure (PKI) Framework.

The Gatekeeper Strategy governs the use of PKI in government for the authentication of external clients. The strategy provides a whole-of-government framework that delivers integrity, interoperability, authenticity and trust for agencies and their clients. The strategy is underpinned by a standards-based, technology-neutral accreditation program for issuers of digital certificates.

The Framework is aimed at making the application of PKI less complex and more affordable for businesses and government agencies. It better aligns the Gatekeeper Strategy with the way governments and businesses conduct their day-to-day activities. The Framework introduced new categories of digital certificates for Organisations and Individuals.

Galexia worked with the Australian Government Information Management Office (AGIMO), who works across government to maintain Australia's position as a leader in the productive application of information and communications technologies (ICT) to government administration, information and services.

The project included 17 deliverables:

• Output 1: Known Customer
  • Output 1.1: Bronze Guidebook
  • Output 1.2: Silver Guidebook
  • Output 1.3: Bronze Certificate Profile template
• Output 2: Legal
  • Output 2.1: Head Agreement
  • Output 2.2: Community-of-Interest MOU
  • Output 2.3: Template Service Agreement
  • Output 2.4: Core Obligations Policy
• Output 3: Security
  • Output 3.1: Pro Forma Threat Risk Assessment (TRA) template
  • Output 3.2: Provider security requirements
• Output 4: Special Purpose Certificates
  • Output 4.1: Hosted
  • Output 4.2: Corporate Certificate
  • Output 4.3: Digital Credentials
  • Output 4.4: Special Purpose Certificates
• Output 5: Privacy
  • Output 5.1: PIA - Privacy Impact Assessment
  • Output 5.2: PMS - Privacy Management Strategy
  • Output 5.3: PICs - Privacy Implementation Checklists

AGIMO - Identity Management for Government Employees (IMAGE) Framework (January 2006)

External links Identity Management for Australian Government Employees (IMAGE) Guidelines »

Galexia completed a project with AGIMO to conduct a Privacy Impact Assessment (PIA) and develop a Privacy Management Strategy (PMS) for the Identity Management for Government Employees (IMAGE) Framework. The framework provides infrastructure, protocols, policy and work practices that will allow government agencies to efficiently manage the identities of their employees and contractors. It aims to provide a consistent, transparent identity management system across the Australian Government, build trust across agencies and facilitate confidence in the associated identification credential. The framework operates in accordance with the Public Service Act (1999), the Australian Government Protective Security Manual and the Australian Government Authentication Framework (AGAF).

AGOSP - Australian Government Online Service Point

AGOSP - Overview

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more » Identity Management and Authentication - Technical Consulting. Read more »

The Australian Government Online Service Point (AGOSP) project was designed to provide a single-access portal interface for all Australian Government services to citizens at australia.gov.au.

Galexia assisted in the architecture, design and implementation of the AGOSP portal.

AGOSP - Australian Government Online Service Point (AGOSP) Implementation (2009)

Galexia assisted with the design and implementation of the authentication gateway and access management for the Australian Government Online Service Point (AGOSP). This phase of the AGOSP deployment followed on from Galexia’s previous work on the AGOSP architecture and design.

AGOSP - Australian Government Online Service Point (AGOSP) Architecture and Design (2008-2009)

Galexia, with Sun Microsystems and EDS, assisted in the architecture and design of the identity component of the Australian Government Online Service Point (AGOSP) project, which was designed to provide a single-access portal interface for all Australian Government services to citizens.

This work included facilitation in cross-agency requirements workshops, participation in the consortium architecture group and liaison with OASIS and Liberty standards representatives to ensure that the architecture and design meets international best practices and standards - now and into the future.

As part of this work, Galexia ran internal product evaluations to assess the integration capabilities and standards-compliance of key identity and access management components, and their privacy enhancing features. The architecture combines federation, provisioning, single sign-on and web services standards such as SAML 2.0, Liberty ID-FF/ID-WSF, WSS and WS-Trust.

AHPRA - Australian Health Practitioner Regulation Agency

AHPRA - Overview

Related Galexia services and solutions Cloud Computing Strategy and Advice. Read more » Cybersecurity Research and Advice. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

The Australian Health Practitioner Regulation Agency (AHPRA) is the organisation responsible for the implementation of the National Registration and Accreditation Scheme of more than 660,000 registered health practitioners across 14 professions in Australia.

<https://www.ahpra.gov.au>

AHPRA - Privacy Impact Assessment (PIA) for Cloud Hosted Platforms (2017)

Related news about Galexia Privacy Impact Assessments and Cloud Platforms Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register - June 2019 » Galexia completes Privacy Impact Assessment (PIA) for Victorian Labour Hire Licensing Authority (LHLA) - June 2019 » Galexia completes Privacy Advice and 2-Stage Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on PageUp Services - November 2018 » Iterative privacy advice for Fair Work Commission (FWC) and independent PIA for eCASE - a new cloud-based case management platform - October 2018 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on MyTAC enhancement - October 2018 » Galexia completes 2nd PIA and Privacy Checklist for the Victorian Transport Accident Commission (TAC) on cloud-based Data Analytics and Reporting (Phase 2 - Expanded Data Set) - October 2018 » Galexia completes initial Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on proposed cloud-based Data Analytics and Reporting Pilot - July 2018 » Putting data governance and privacy top of Australian Government Agencies Agenda (KWM Insight) - 6 November 2017 » Galexia completes Privacy Impact Assessment (PIA) for the Australian Health Practitioner Regulation Authority (AHPRA) on Cloud Hosted Platforms - August 2017 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Point of Sale (PoS) Online Service - June 2017 »

Galexia was engaged by the Australian Health Practitioner Regulatory Agency to provide independent privacy advice on proposals to migrate significant data assets and processes to a variety of cloud computing platforms.

Galexia completed an initial Privacy Impact Assessment (PIA) on the proposed use of cloud-hosted platforms by the Australian Health Practitioner Regulation Agency (AHPRA).

The purpose of the PIA was to assist in identifying and managing privacy issues raised by the proposed migration of services to cloud computing. It provided a baseline privacy assessment for cloud platforms and API tools and also provided a modular PIA checklist tool for subsequent initiatives.

ANTA - Australian National Training Authority

ANTA - Overview

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

The Australian National Training Authority (ANTA) was a Commonwealth statutory authority established in 1992 to provide a national focus for Vocational Education and Training (VET).

For some ANTA projects Galexia was engaged by The Flexible Learning Advisory Group (FLAG), which was established as the key policy advisory group on national issues related to the directions and priorities for the application of information and communication technology (ICT) and had oversight of the National VET E-learning Strategy 2012-2015.

Initially called the Education Network Australia Vocational Education and Training Advisory Group (EdNA VET Advisory Group or EVAG), its name was changed to Flexible Learning Advisory Group (FLAG) in 2001. In 2014 FLAG’s role was covered by the newly established COAG Industry and Skills Council (CISC).

ANTA - Legal and Regulatory advice

Galexia assisted ANTA’s Flexible Learning Advisory Group assess the legal and regulatory issues that arise from the use of electronic authentication technology in the vocational education and training sector. This included the development of detailed case studies in Australia and the United States and the production of a comprehensive paper. The paper outlines the current legal and regulatory framework for electronic authentication in Australia. It also covers general and specific legal and regulatory issues relevant to education providers and outlines suggested models for electronic authentication in Vocational Education and Training (VET).

Read more »

ANTA - National Authentication Workshop (August 2003)

Galexia conducted a National Authentication Workshop for ANTA in Melbourne in August 2003. The workshop considered strategic issues in the development of electronic authentication solutions in the Vocational Education and Training sector. The workshop brought together government and industry participants from all states to consider the potential business case for electronic authentication, plus a range of practical considerations and technical issues.

Read more »

ANTA - Strategic Advice

Galexia provided strategic advice to ANTA on the development of a national strategy for the use of electronic authentication technology in the vocational education and training sector. This included conducting national stakeholder workshops and designing a communication strategy.

ANTA - Broadband Advice

Galexia provided strategic advice to ANTA on the requirements and availability of broadband for the delivery of online flexible learning solutions. This included attending meetings with Government agencies and reviewing research on broadband issues and ANTA’s draft broadband strategy.

ANTA - Interoperability Advice

Galexia prepared a five year electronic authentication strategy for the Australian National Training Authority, including development of an interoperability framework for VET sector participants.

ARCA - Australasian Retail Credit Association

Related Galexia services and solutions Self-regulation and Codes of Conduct. Read more » Strategic Privacy Consulting. Read more » ARCA Links Australian Retail Credit Association (external site) » Related Galexia news Galexia report on public information on credit reporting - 16 February 2010 » Government releases draft National Consumer Credit Reform Package - 28 April 2009 » Australasian Retail Credit Association Credit Reporting Code - March 2009 » Privacy in consumer credit reporting - November 2008 » Australian Law Reform Commission releases final report on Australian privacy laws - August 2008 » Credit reporting submission to the Australian Law Reform Commission's Privacy Review - December 2007 »

ARCA - Review of the Credit Reporting Code of Conduct (2008-2009)

Galexia was commissioned by the Australasian Retail Credit Association (ARCA) to conduct a review of the proposed Credit Reporting Code of Conduct, aimed at its development and advancement.

The proposed Code was an important part of the complex law reform in the field of credit reporting in Australia, including proposed reform of the Privacy Act and proposed reform of responsible lending laws and regulations.

Galexia's advice on the Code includes advice on Code governance, responsible lending provisions and the use of credit reporting information.

The Australasian Retail Credit Association is a forum for senior credit executives from lending organisations and credit reporting agencies in Australia and New Zealand to discuss and examine retail credit issues.

ASEAN - Association of South East Asian Nations

ASEAN - Overview

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » International, Comparative and Cross-Border Research. Read more » Self-regulation and Codes of Conduct. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Downloads and further reading Galexia’s case study on the ASEAN e-commerce project » Read Galexia’s study on cyberlaw harmonisation in the 2008 UNCTAD Information Economy Report » ASEAN links ASEAN Secretariat home page (external site) » The e-ASEAN Framework Agreement (external site) » Project Workshops First workshop - Singapore - May 2004 Second workshop - Bangkok - October 2004 Third workshop - Cambodia - February 2005 Fourth workshop - Malaysia - July 2005 Fifth workshop - Singapore - September 2005 Sixth workshop - Manila - May 2006 Seventh workshop - Brunei - September 2006 Eighth workshop - Laos - March 2007 Ninth workshop - Cambodia - March 2007 Tenth workshop - Jakarta - March 2008

The Association of South East Asian Nations (ASEAN), established in 1967, is today comprised of ten member countries - Brunei Darussalam, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand, and Vietnam - with a combined population of over 500 million.

The e-ASEAN Framework Agreement of 2000 sets out goals for regional development of information and communication technology legal and technical infrastructure.

From 2004 to 2008 Galexia assisted ASEAN in harmonising its electronic commerce laws, as part of the ASEAN-Australia Development Cooperation Program (AADCP), funded by AusAID.

ASEAN - Special Assistance - Awareness Raising and Technical Assistance - Phase 4 (January 2008)

Related Galexia news Indonesian Parliament passes e-commerce law - March 2008 » Tenth ASEAN E-Commerce workshop held in Jakarta, Indonesia - March 2008 » Galexia provides technical assistance for Indonesian cyberlaw bill - January 2008 » Ninth ASEAN E-Commerce workshop held in Siem Reap, Cambodia - August 2007 » Galexia to assist in further harmonisation of ASEAN electronic commerce - February 2006 » Galexia holds first workshop on ASEAN e-commerce harmonisation in Singapore - May 2004 » Galexia to assist ASEAN harmonise electronic commerce - March 2004 »

Galexia has been assisting ASEAN meet targets set in the Roadmap for Integration of e-ASEAN Sector (the e-ASEAN Roadmap). Measures contained in the e-ASEAN Roadmap for e-commerce include:

• Measure 78: Enact domestic legislation to provide legal recognition of electronic transactions (i.e., cyberlaws) based on common reference frameworks. (Deadline: 31 December 2008)

Galexia’s project on e-commerce legal infrastructure for ASEAN was expanded to include special assistance for Indonesia. This phase ran from January to April 2008.

Indonesia has developed draft legislation to meet this target - the Electronic Information and Transaction Bill. It is an ambitious piece of legislation covering e-government, electronic contracting, privacy, cybercrime, spam, digital copyright and other cyberlaw issues in a single omnibus Bill.

This project is designed to assist Indonesia through:

• The research, preparation and distribution of materials on the benefits, issues and challenges of developing e-commerce legislation in Indonesia; and
• A high-level awareness raising and technical assistance workshop to facilitate the promotion of the Indonesian Electronic Information and Transaction Bill.

The Harmonisation of E-Commerce Legal Infrastructure in ASEAN Project is funded by the ASEAN Australia Development Cooperation Program (AADCP). AADCP is funded by the Australian Government through AusAID, implemented in close collaboration with the ASEAN Secretariat, and managed by Cardno Acil.

ASEAN - Electronic Commerce project - Phase 3 (Mutual Recognition of Digital Signatures) (April 2007)

Related Galexia news Australia to adopt the UN Convention on the use of Electronic Communications in International Contracts - 23 April 2009 » Galexia completes study of cyberlaw harmonization for UNCTAD Information Economy Report - February 2008 » Galexia meets with Secretary of State to the Ministry of Commerce in Cambodia - September 2007 » Galexia's commentary on the UN Convention on Electronic Contracting documents - September 2007 » UN Electronic Communications in International Contracts Convention in Hanover, Germany - August 2007 » Ninth ASEAN E-Commerce workshop held in Siem Reap, Cambodia - August 2007 » Galexia writes chapter in Information Economy Report 2007 for UNCTAD - July 2007 » Eighth ASEAN E-Commerce workshop held in Vientiane, Laos - March 2007 » Galexia undertakes third extension to ASEAN E-Commerce Harmonisation work - April 2007 »

One of the key steps to be fulfilled in the e-ASEAN Framework Agreement is that Member Countries will need to allow the mutual recognition of digital signatures across borders in ASEAN.

The current ASEAN E-Commerce Project (Phase 3) on the Mutual Recognition of Digital Signatures is designed to help ASEAN Member Countries develop a common strategy to meet this objective.

The development of an ASEAN Digital Signature Strategy will assist ASEAN countries in addressing the legal, policy, technical and infrastructure issues needed to develop common methods for mutual recognition of digital signatures. It will assist those countries with legal infrastructures to make necessary adjustments and provide direction for those countries yet to implement an infrastructure.

Five steps have been identified as necessary in the establishment of a harmonised legal framework covering mutual recognition of digital signatures in ASEAN:

• Step 1: Develop recognition clauses for foreign digital signatures;
• Step 2: Develop recognition criteria for foreign digital signatures;
• Step 3: Identify interoperability model;
• Step 4: Establish governance structure or arrangement for accreditation of foreign digital signatures; and
• Step 5: Establish a technical committee/body to monitor the implementation of mutual recognition of digital signatures.

This phase ran from April through December 2007.

ASEAN - Electronic Commerce project - Phase 2 (Electronic Contracting and Online Dispute Resolution (ODR)) (February 2006)

Related Galexia news Galexia hosts 7th ASEAN Workshop on E-Commerce in Brunei - September 2006 » Online Dispute Resolution - August 2006 » Sixth ASEAN E-Commerce workshop in Manila - May 2006 » Galexia to assist in further harmonisation of ASEAN electronic commerce - February 2006 » Galexia publishes plain language guide to cyberlaws - January 2006 » Galexia complete Cyberlaws Survey in ASEAN - January 2006 » Galexia to assist ASEAN harmonise electronic commerce - March 2004 »

In February of 2006, Galexia was commissioned to undertake an extension of the ASEAN Project. This project extension focused on harmonising electronic contracting and Online Dispute Resolution legal infrastructures in the region.

This project extension produced the following outputs:

• A compilation of discussion papers focussing on ASEAN and international developments in electronic contracting, Online Dispute Resolution and jurisdiction of legal frameworks;
• Surveys on the electronic contracting and Online Dispute Resolution legal landscapes in ASEAN member countries;
• The development of a proposed framework for harmonised legal infrastructure for electronic contracting and dispute resolution; and
• The compilation of implementation guides to support the proposed framework.

This project, as well as its extension, is funded by the ASEAN Australia Development Cooperation Program (AADCP) - Program Stream. AADCP is funded by the Australian Government, through AusAID and implemented in close collaboration with the ASEAN Secretariat and is managed by ACIL Australia Pty Ltd.

ASEAN - Survey of Cyberspace Laws (August 2005)

Related Galexia news Fifth ASEAN E-Commerce harmonisation workshop in Singapore - December 2005 » Malaysian Minister announce new E-Commerce Laws at Galexia Workshop - July 2005 » Presentation at Asia PKI Forum in Singapore - July 2005 » Galexia participates in 2005 Australian Mission to the Asian Development Bank - March 2005 » Fourth ASEAN E-Commerce harmonisation workshop in Malaysia - July 2005 » Third ASEAN E-Commerce harmonisation workshop in Cambodia - February 2005 » Galexia to assist ASEAN harmonise electronic commerce - March 2004 »

Galexia was commissioned to conduct a Survey of Cyberlaws in ASEAN and to produce a “gap analysis” which was published as a report for member countries in August 2005.

The following Cyberlaws were included:

• Consumer protection;
• Privacy and data protection;
• Cybercrime;
• Spam;
• Online content regulation;
• Digital copyright;
• Domain name regulation;
• Electronic contracting; and
• Dispute resolution.

This project is funded by the ASEAN Australia Development Cooperation Program (AADCP) - Program Stream. AADCP is funded by the Australian Government, through AusAID and implemented in close collaboration with the ASEAN Secretariat and is managed by ACIL Australia Pty Ltd.

ASEAN - Electronic Commerce project - Phase 1 (March 2004)

Related Galexia news UNCTAD Review of E-commerce Legislation Harmonization in ASEAN - 25 September 2013 » Galexia publishes case study on Harmonisation of E-Commerce Legal Infrastructure in ASEAN project - May 2008 » Third ASEAN E-Commerce harmonisation workshop in Cambodia - February 2005 » ASEAN Prioritises E-Commerce Integration - November 2004 » Second ASEAN E-Commerce harmonisation workshop in Bangkok - October 2004 » Galexia presented at APEC TEL 30 - September 2004 » Galexia holds first workshop on ASEAN e-commerce harmonisation in Singapore - May 2004 » Galexia to assist ASEAN harmonise electronic commerce - March 2004 »

Galexia won a competitive tender for a ground-breaking project to streamline electronic commerce in South East Asian nations.

Galexia partnered with global law firm Baker & McKenzie to develop and implement a harmonised legal infrastructure for electronic commerce in ASEAN (Association of South East Asian Nations: Brunei Darussalam, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam).

The goal of the project was to assist ASEAN to integrate into one market for goods, services and investment by the establishment of a harmonised legal, regulatory and institutional environment for e-commerce. Additionally, there is an opportunity for some of the developing nations within ASEAN to ‘leap-frog’ paper based commerce and develop more efficient electronic transactions for cross-border trade. The project was the first of its kind to be conducted in the Asia Pacific region, and is second only to the European Union in its approach to legislatively facilitate borderless electronic transactions across a group of nations.

ASIC - Australian Securities and Investments Commission

ASIC - Security and risk mitigation advice for IT initiatives (2006 - 2007)

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more » Other Galexia news ASIC has been a stakeholder and sponsor of a number of Galexia consulting projects: New ePayments Code launched in Australia - September 2011 » CHOICE submission on consumer code development processes - 2 June 2009 » 2008 review of the EFT Code of Conduct - January 2009 » Galexia assists CHOICE with a joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC - May 2007 »

Galexia has provided strategic advice to the Technology Strategy and Architecture Operations Directorate of the Australian Securities and Investments Commission (ASIC). Galexia partners with Doll Martin Associates to provide these services to ASIC as a member of their Information Technology Consultancy Services Panel.

In December 2006 Galexia advised ASIC on the requirements for ASIC to adopt IT strategies and systems that comply with whole-of-government IT frameworks (including the Australian Government Authentication Framework and the Reuse IT Framework). Galexia and Doll Martin Associates continue to provide IT strategy, business case and benefits realisation advice to ASIC as they expand their use of IT in the investigation and regulation of corporate conduct.

ATO - Australian Taxation Office

ATO - Overview

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Identity Management and Authentication - Technical Consulting. Read more » Related Galexia news Digital Transformation Agency (DTA) releases 2nd Galexia Privacy Impact Assessment (PIA) on Digital Identity - 13 November 2018 » Two-stage independent PIA for myGovID finalised - September 2018 » Digital Transformation Agency (DTA) releases 1st Galexia Privacy Impact Assessment (PIA) on Digital Identity - 17 March 2017 » Galexia completes initial Privacy Impact Assessment (PIA) for the Australian Government Digital Transformation Agency (DTA) on the proposed Trusted Digital Identity Framework (TDIF) - December 2016 »

.

ATO - 2-stage PIA for myGovID (2018)

Related links myGovID home page » [External site] DTA - The Trusted Digital Identity Framework » [External site - including list of TDIF accredited providers] Home Affairs - Face Verification Service (FVS) » [External link]

In June 2018, Galexia was engaged to provide a 2-stage independent Privacy Impact Assessment (PIA) for the Australian Taxation Office (ATO) on the proposed development of myGovID.

The 2 stages included:

• The replacement of the AusKey credential with myGovID and then
• Privacy compliance with the Australian Government Trusted Digital Identity Framework (TDIF).

The purpose of this PIA was to assist in identifying and managing privacy issues that are raised by the proposed development of the MyGovID identity proofing and credential solution.

TDIF Accreditation

One important part of the PIA on MyGovID is that the ATO are seeking to have their identity solution accredited under the Trusted Digital Identity Framework (TDIF) developed by the Digital Transformation Agency (DTA) <https://www.dta.gov.au/our-projects/digital-identity/trusted-digital-identity-framework>. 

The TDIF 

enables the reuse of credentials and verified identity attributes provided by an Identity Provider across Relying Parties. The verified identity attributes support the registration of an individual at a Relying Party and the credentials enable ongoing access to the digital services provided by the Relying Party.

In August 2018, ATO accepted all of Galexia’s recommendations.

The PIA made a range of recommendations for mediating privacy risks, including changes to the project design, practical privacy compliance steps, consideration of biometrics and the use of the Australian Government Face Verification Service (FVS) and privacy governance arrangements.

ATO - Assistance with Identity Management Platform Upgrade (2008)

Galexia provided identity management consulting services to assist the ATO consolidate their existing identity management investment and migrate to a major new release of their platform. Galexia's advice included:

• Identification of critical problems within their existing platform;
• Planning, execution and communication of a response to alleviate problems;
• Expert advice, technical recommendations and technical fixes to ensure that the migration proceeded smoothly;
• Identifying the responsibilities and directing the activities of multiple vendors, including Sun Microsystems and Oracle, in order to remedy known product defects;
• On-site assistance during migration; and
• Follow-up to ensure successful completion of work.

AUSTRAC - Australian Transaction Reports and Analysis Centre

AUSTRAC - PIA on AML/CTF reforms (2014)

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » AUSTRAC links AUSTRAC home page » [External link] Download PIA View PIA » [Galexia - PDF]

In early 2014 Galexia completed a Privacy Impact Assessment (PIA) for proposed changes to the customer due diligence requirements of Australia’s Anti-Money Laundering and Counter-Terrorism Financing Framework (the Customer Due-Diligence (CDD) project).

The PIA was one of the first public PIAs conducted in accordance with the new Australian Privacy Principles (APPs) that came into force in March 2014.

The PIA was published by AUSTRAC in May 2014.

Galexia was able to advise AUSTRAC on how to incorporate important changes to customer due diligence requirements that form part of international commitments to tackle money laundering, while complying with Australia's revised privacy legislation.

A number of recommendations in the PIA resulted in changes to the final form of the AML/CTF Rules.

Austroads

Austroads - Overview

Related Galexia services and solutions Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » External Links Austroads home page » [External link] Related Galexia news Legal and Ethical Challenges for Driverless Cars and Smart Roads - 20 October 2017 » Austroads publishes the first Privacy Impact Assessment (PIA) on data messages for connected cars in Australia - March 2017 » Galexia completes Privacy Impact Assessment (PIA) for Austroads on Co-operative Intelligent Transport Systems (C-ITS) data messaging - August 2016 » AUSTROADS privacy review - February 2009 » Galexia assists the NSW RTA with their Document Verification System - October 2007 » AUSTROADS engages Galexia for a risk management framework on national vehicle database - January 2006 »

Austroads is the peak organisation of Australasian road transport and traffic agencies.

Austroads members are collectively responsible for the management of over 900,000 kilometres of roads valued at more than $200 billion - representing the single largest community asset in Australia and New Zealand.

Austroads undertakes leading-edge road and transport research which underpins their input to policy development and published guidance on the design, construction and management of the road network and its associated infrastructure.

Austroads also administers National Exchange of Vehicle and Driver Information System (NEVDIS), a unique national system which enables road authorities to interact across state borders and directly supports the transport and automotive industries.

Austroads Members include:

• Roads and Maritime Services New South Wales 
• Roads Corporation Victoria
• Queensland Department of Transport and Main Roads 
• Main Roads Western Australia
• Department of Planning, Transport and Infrastructure South Australia
• Department of State Growth Tasmania
• Department of Infrastructure, Planning and Logistics Northern Territory
• Transport Canberra and City Services Directorate, Australian Capital Territory
• Commonwealth Department of Infrastructure and Regional Development
• Australian Local Government Association
• New Zealand Transport Agency

Austroads - Privacy Impact Assessment (PIA) for Austroads on smart roads and driverless cars infrastructure (2016-2017)

External Links Austroads Connected and Automated Vehicles (CAV) (external site) » PIA Released in March 2017 Title: Privacy Impact Assessment (PIA) for Cooperative Intelligent Transport System (C-ITS) data messages Abstract: This document provides a high level Privacy Impact Assessment for the Cooperative Intelligent Transport System (C-ITS) data messaging system. Keywords: Cooperative Intelligent Transport System, C-ITS, privacy, personal information, cooperative awareness message, de-centralised event notification message, legislation Austroads Project No. NT1785 Austroads Publication No. AP-C100-17 Publication date: March 2017 (Prepared August 2016) Pages 46 Copyright: Austroads and Galexia 2017 Download: <https://austroads.com.au/publications/traffic-management/ap-c100-17>

Galexia conducted a high level Privacy Impact Assessment (PIA) for Austroads on data messages that will be wirelessly broadcast and received by vehicles and roadside units in a Cooperative Intelligent Transport Systems (C-ITS) deployment.

Cooperative ITS (C-ITS) is a vital part of the infrastructure being developed under the broader banner of Intelligent Transport Systems.

Potential communications scenarios include:

• Vehicle to vehicle (V2V);
• Vehicle to infrastructure (V2I, and also I2V); and
• Communications with other devices (V2X), such as personal devices.

The infrastructure is a vital part of the deployment of smart roads and driverless or automated vehicles.

The PIA considered compliance with privacy and security legislation, standards and international developments in this fast moving sector.

Austroads - National Exchange of Vehicle and Driver Information System (NEVDIS) Strategy - Strategic Review (2009)

External Links NEVDIS - National Exchange of Vehicle and Driver Information System (external site) »

Galexia was commissioned by Austroads to assist with a strategic review of the NEVDIS database, and its proposed functions. Galexia’s role included providing expertise in privacy, identifying potential risks and offering effective strategies to manage these.

Galexia completed the project in conjunction with Doll Martin Associates.

Austroads - National Exchange of Vehicle and Driver Information System Strategy - Phase II (2006)

Galexia was commissioned to assist Austroads with a proposed expansion of third-party access to information held in the NEVDIS database. Galexia’s role was to provide strategic privacy advice and a risk management framework. This project was an extension of previous Galexia work for Austroads, and was a joint undertaking with Doll Martin Associates.

Austroads - National Exchange of Vehicle and Driver Information System Strategy (2005)

Galexia was engaged by Austroads to provide independent external advice on the potential opportunities, risks and benefits of providing access to NEVDIS database information to organisations outside the Austroads jurisdictions. This involved an in-depth examination of business, legal, privacy and identity issues and risks. The project was undertaken jointly with Doll Martin Associates.

Baker & McKenzie Solicitors

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more »

Baker & McKenzie Cyberspace Law & Policy Centre - Digital Document Retention Research (April 2004)

Galexia provided research and advice on legal and strategic issues in Digital Document Retention. This included detailed Australian and international research.

Read the final report »

Baker & McKenzie - ASEAN Electronic Commerce project (March 2004)

Galexia and Baker & McKenzie partnered to conduct a ground-breaking multi-year project to streamline electronic commerce in South East Asian nations. The project aimed to develop and implement a harmonised legal infrastructure for electronic commerce in ASEAN (Association of South East Asian Nations: Brunei Darussalam, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam).

Read more »

Download PDF summary »

Baker & McKenzie - Digital Copyright Review advice (2003)

Galexia were commissioned to provide sector specific advice to Baker & McKenzie lawyers preparing a submission for the Vocational Education and Training sector to the Digital Copyright Review

Baker & McKenzie - Joint advice on Internet gambling regulation in South-East Asia (2001)

Galexia and Baker & McKenzie completed an analysis of Internet gambling regulation in Hong Kong SAR, Japan, Korea and Taiwan for a multinational client.

Baker & McKenzie - Joint advice on Internet content regulation in South East Asia (2001)

Galexia and Baker & McKenzie completed an analysis of Internet content regulation in Hong Kong SAR, Japan, Korea and Taiwan for a multinational client.

Baker & McKenzie - Joint advice on privacy law in South-East Asia (2001)

Galexia and Baker & McKenzie completed a major privacy compliance strategy and training module for a major multinational communications company. The strategy included advice and training on compliance with privacy law and regulation in Hong Kong SAR, Japan, Korea and Taiwan.

Baker & McKenzie - Joint advice on impact of EU data protection directive (2001)

Galexia worked with Baker & McKenzie to deliver a Privacy Impact Assessment and develop advice on web site privacy policies, US Safe Harbour arrangements, the implications of the EU Data Protection Directive, and data retention rules

Baker & McKenzie - Expert Witness for e-commerce litigation (2000)

Galexia were commissioned by Baker & McKenzie to provide expert opinion evidence for major electronic commerce litigation, involving substantial analysis of electronic commerce law.

BSA | The Software Alliance (was Business Software Alliance)

Related Galexia services and solutions Cloud Computing Strategy and Advice. Read more » Cybersecurity Research and Advice. Read more » International, Comparative and Cross-Border Research. Read more » Related Galexia news BSA & Galexia Global Cloud Computing Scorecard 2018 (Galexia Analytics Release) - May 2018 » 2018 Global Cloud Computing Readiness Scorecard released - 6 March 2018 » New Global Cloud Computing Readiness Scorecard being developed - February 2017 » Galexia presenting at CPDP2017 (The Age of Intelligent Machines) Computers, Privacy & Data Protection 10th International Conference, Brussels - 25 January 2017 » Galexia Micro-site on the 2016 Global Cloud Computing Scorecard with analytics and graphs on trends since 2012 - December 2016 » Galexia presenting at the International Conference of Data Protection and Privacy Commissioners, Marrakech - October 2016 » 3rd Global Cloud Computing Readiness Scorecard released - 27 April 2016 » 3rd Global Cloud Computing Readiness Scorecard due for public release - April 2016 » The European Union Network and Information Security (NIS) Directive moves a step closer to implementation - 16 January 2016 » APAC CyberSecurity Dashboard and 10 Country Reports Launched - 1 July 2015 » Vale Claro Lalen Parlade - June 2015 » European CyberSecurity Dashboard and 28 Country Reports Launched - 3 March 2015 » Galexia to present at Expert Meeting on Cyberlaws and Regulations for Enhancing E-Commerce, Geneva - March 2015 » 3rd Global Cloud Computing Readiness Scorecard being developed for mid 2015 launch - August 2014 » Galexia developing Asia-Pacific Cybersecurity Comparative Study - July 2014 » Galexia developing European Cybersecurity Comparative Study - June 2014 » Galexia presentation at the Commonwealth Cybersecurity Forum in London - 5 March 2014 » 2nd Global Cloud Computing Readiness Scorecard launched - 7 March 2013 » Asia Cloud Computing Association incorporates Galexia research into its 2nd Cloud Readiness Index - 13 November 2012 » Global Cloud Computing Readiness Scorecard launched - 22 February 2012 »

Galexia has been working with The Software Alliance (BSA) since 2009 and has assisted in the development of an extensive body of cloud research, thought leadership and first to market analysis on key cloud issues.

Galexia has worked extensively with the Brussels, Singapore and Washington BSA offices and has engaged with BSA stakeholders in more than 60 countries.

BSA - Global Cloud Computing Scorecard (2018)

Galexia Microsite Galexia Global Cloud Computing Readiness Scorecard (2018) Micro-site » - Access Galexia’s additional insights and analytics Download the 2018 Scorecard and 24 Country Reports BSA Global Cloud Computing Score Card (2018) micro-site (external site)

Galexia was commissioned to prepare the 4th Global Cloud Computing Readiness Scorecard, following the success of the earlier scorecards.

This report was released in March 2018.

The 2018 BSA Global Cloud Computing Scorecard — the newest version of the only global report to rank countries’ preparedness for the adoption and growth of cloud computing services — features an updated methodology (from the 3 prior scorecards) to better reflect cloud computing’s exponential growth over the past five years, putting additional emphasis on policy areas, including privacy laws, cybersecurity laws, and broadband infrastructure. Most countries continue to make improvements, the study finds, but some markets are falling further behind.

By examining the legal and regulatory framework of 24 countries, the Scorecard aims to provide a platform for discussion between policymakers and cloud service providers. This dialogue can help develop an internationally harmonized regime of laws and regulations that facilitate cloud computing.

BSA - Global Cloud Computing Scorecard (2016)

Galexia Microsite Galexia Global Cloud Computing Readiness Scorecard (2016) Micro-site » - Browse themes and country summary reports and analytics covering trends over the past 3 reports in one document. Access the 2016 Scorecard, Dashboard and 24 country report, as well as analytics and graphs showing transition and trends in overall scores across themes and 24 countries (from 2012 to 2016) Download the Scorecard and 24 country reports BSA Global Cloud Computing Score Card (2016) micro-site » (external site)

Galexia was commissioned to prepare the 3^rd Global Cloud Computing Readiness Scorecard, following the success of the 2012 and 2013 scorecards.

The report was released in April 2016.

The Galexia / BSA Global Cloud Scorecard analyses the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.

The study includes a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.

BSA - Asia Pacific Cybersecurity Dashboard and 10 country reports (2015)

Download APAC CyberSecurity Maturity Dashboard and 10 Country Studies BSA APAC CyberSecurity Maturity Dashboard (2015) micro-site (external site)

On 30 June 2015 BSA | The Software Alliance released the APAC CyberSecurity Maturity Dashboard (including 10 Country reports and case studies).

The 2015 APAC Cybersecurity Dashboard evaluates cybersecurity laws, rules, policies and institutions in 10 key jurisdictions:

• Australia
• China
• India
• Indonesia
• Japan
• Malaysia
• South Korea
• Singapore
• Taiwan
• Vietnam

The report assesses each country against criteria deemed essential for effective cybersecurity protection.

The full country reports are available for download and give an overview of the cybersecurity landscape, highlighting key cybersecurity legislation and policy, as well as the main entities currently operating within each jurisdiction. Maturity is assessed against criteria grouped across the following key themes:

• Legal foundations for cybersecurity;
• Operational capabilities;
• Public-private partnerships;
• Sector-specific cybersecurity plans; and
• Education.
• Additional Cyberlaw indicators

BSA - European Cybersecurity Dashboard and 28 Country Reports (2015)

Download EU CyberSecurity Maturity Dashboard and 28 Country Studies BSA European CyberSecurity Maturity Dashboard (2015) micro-site (external site)

On 3 March 2015 BSA | The Software Alliance released the EU CyberSecurity Maturity Dashboard (including 28 Country reports and case studies).

The 2015 EU Cybersecurity Dashboard — the first-of-its-kind examination of the relevant policy approaches in the Member States — highlights some fundamental challenges as well as significant opportunities for improving cybersecurity across the EU.

The Report evaluates national laws, rules and policies in all 28 EU Member States against 25 criteria deemed essential for effective cybersecurity protections. It is intended to provide EU Member States with an opportunity to evaluate their countries’ policies against key metrics and maps a way forward by outlining the key building blocks for a strong cybersecurity legal framework.

The full Member State reports give an overview of the cybersecurity landscape, based on the set of criteria outlined below, highlighting key cybersecurity legislation and policy, as well as the main entities currently operating within each jurisdiction. Maturity is assessed against criteria grouped across the following key themes:

• Legal foundations for cybersecurity;
• Operational capabilities;
• Public-private partnerships;
• Sector-specific cybersecurity plans; and
• Education.

BSA - Global Cloud Computing Scorecard (2013)

Download the Scorecard BSA Global Cloud Computing Score Card (2013) micro-site (external site) Galexia Microsite Global Cloud Computing Score Card (2013) summary micro-site - Browse themes and country summary reports in one document.

The 2013 Global Cloud Computing Scorecard — the first-ever report to track year-over-year change in the international policy landscape for cloud computing — shows that cloud readiness is improving, if unevenly.

These findings come against the backdrop of the massive and well-documented movement to cloud services by consumers, businesses, and governments. What hasn’t been documented until now is the less steady improvement in the policy environment to support global cloud computing, with some countries making big strides to improve their cloud readiness while others, including some of the world’s largest technology markets, have stalled or even backtracked.

Methodology

The BSA Global Cloud Scorecard analyzes the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.

The study includes a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.

Each country's score is computed using a 66-item scoring grid and analyses. The scores are derived using a weighted system that allocates different weights to each section/question. A number of basic fact-finding questions are excluded from the scoring system. Each group of questions is weighted to reflect its importance to cloud computing and each individual question is also weighted to reflect its importance within the group. To help with the scoring and usability of the study, the assessments are based on a  series of questions that are framed so that a "yes" response reflects a favorable policy setting for global cloud computing. The weights are shown in the table below and the results are available in the downloadable report.

The 2013 Scorecard follows on from the groundbreaking 2012 Scorecard and contains:

• Updates across 24 countries and 66 criteria, including:
  • 27 significant (positive) changes
  • 34 moderate (positive) changes
  • 6 moderate (negative) changes
  • 108 minor (no effect) changes
  • 432 infrastructure changes
• Tracks changes in score and rank from 2012
• Includes 3 new case studies

Scorecard Themes

The Scorecard examines major laws and regulations relevant to cloud computing in seven policy categories as well as each country’s ICT-related infrastructure and broadband deployment. These policy categories align with the BSA’s Cloud Computing Guiding Principles, which underpin the Scorecard’s analytical framework and its suggestions for providing a workable framework to allow for the growth of cloud computing.

Country Ranking

The first-ever report to track year-over-year change in the international policy landscape for cloud computing shows that cloud readiness is improving, if unevenly.

• 1. Japan - Score: 84.5 - Change from 2012 Score: +0.8 | Rank: same
• 2. Australia - Score: 79.9 - Change from 2012 Score: +0.68 | Rank: same
• 3. US - Score: 79.7 - Change from 2012 Score: +1.17 | Rank: +1
• 4. Germany - Score: 79.17 - Change from 2012 Score: +0.1 | Rank: -1
• 5. Singapore - Score: 78.5 - Change from 2012 Score: +6.38 | Rank: +5
• 6. France - Score: 78.3 - Change from 2012 Score: -0.02 | Rank: -1
• 7. United Kingdom - Score: 76.9 - Change from 2012 Score: +0.38 | Rank: same
• 8. Korea - Score: 76.2 - Change from 2012 Score: +0.15 | Rank: same
• 9. Canada - Score: 75.8 - Change from 2012 Score: +5.42 | Rank: +3
• 10. Italy - Score: 75.5 - Change from 2012 Score: -1.1 | Rank: -4
• 11. Spain - Score: 73.7 - Change from 2012 Score: -0.18 | Rank: -2
• 12. Poland - Score: 72.0 - Change from 2012 Score: +1.35 | Rank: -1
• 13. Malaysia - Score: 69.5 - Change from 2012 Score: +10.3 | Rank: same
• 14. Russia - Score: 59.1 - Change from 2012 Score: 4.76 | Rank: +2
• 15. Mexico - Score: 56.9 - Change from 2012 Score: +0.53 | Rank: -1
• 16. Argentina - Score: 56.5 - Change from 2012 Score: +1.36 | Rank: -1
• 17. India - Score: 53.1 - Change from 2012 Score: +3.11 | Rank: +2
• 18. Turkey - Score: 52.4 - Change from 2012 Score: +0.31 | Rank: -1
• 19. China - Score: 51.5 - Change from 2012 Score: +4.02 | Rank: +2
• 20. South Africa - Score: 51.3 - Change from 2012 Score: +0.82 | Rank: -2
• 21. Indonesia - Score: 48.4 - Change from 2012 Score: -1.25 | Rank: -1
• 22. Brazil - Score: 44.1 - Change from 2012 Score: +9.03 | Rank: +2
• 23. Thailand - Score: 44.0 - Change from 2012 Score: +1.14 | Rank: -1
• 24. Vietnam - Score: 40.1 - Change from 2012 Score: +0.54 | Rank: -1

More information:

• Global Cloud Computing Score Card (2013) summary micro-site - Browse themes and country summary reports

BSA - Global Cloud Computing Scorecard (2012)

Download the Scorecard Global Cloud Computing Score Card (2012) micro-site (external site)

The first-of-its-kind 2012 Scorecard analyses and ranks the legal and regulatory framework and broadband infrastructure of 24 countries based on seven policy categories that measure the countries’ preparedness to support the growth of cloud computing. Together, these countries account for 80% of the global ICT market.

The Scorecard also includes a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable.

Each country's score is computed using a 66-item scoring grid and analyses. The scores are derived using a weighted system that allocates different weights to each section/question. A number of basic fact-finding questions are excluded from the scoring system. Each group of questions is weighted to reflect its importance to cloud computing and each individual question is also weighted to reflect its importance within the group. To help with the scoring and usability of the study, the assessments are based on a series of questions that are framed so that a "yes" response reflects a favourable policy setting for global cloud computing.

External links:

• BSA’s Global Cloud Computing Score Card (2012) micro-site

BSA - Asia Pacific Digital Economy and Cloud Computing Readiness Scorecard (2010)

Galexia has completed a comprehensive review of digital economy laws and infrastructure in 14 Asia Pacific countries - the Asia Pacific Digital Economy and Cloud Computing Scorecard. This important comparative analysis was commissioned by the Business Software Alliance (BSA).

The 14 countries in the study are: Australia, China, Hong Kong, India, Indonesia, Japan, Korea, Malaysia, New Zealand, Philippines, Singapore, Taiwan, Thailand and Vietnam.

The report is presented as a checklist of over 100 issues in 8 categories:

• Security;
• Cybercrime;
• Interoperability;
• Data protection;
• Intellectual property;
• International harmonisation of rules;
• Promoting free trade; and
• Infrastructure.

The full report is available to BSA members.

CALC - Consumer Action Law Centre

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » CALC links CALC home page (external site) » Submission: “Reconnecting the Customer”- ACMA public inquiry consultation paper (external site) » “Consumer Action notes that in October 2008, Choice and Galexia released a report addressing the poor standard of consumer protection in the industry, titled Consumer Protection in the Communications Industry: Moving to best practice. The report made six recommendations including developing a set of core consumer protection principles in the telecommunications legislation, aligning the telecommunications code development processes to industry codes in other sectors, including independent code compliance monitoring, improved dispute resolution mechanisms and more power to independent regulators.”

CALC - Reforming the public benefit test in the Trade Practices Act (2007)

Galexia completed a report for the Consumer Action Law Centre, focussing on defining the ‘public benefit’ in Part VII of the Trade Practices Act 1974 (Cth). It was completed as part of a project to identify weaknesses in the way in which the public benefit test is currently applied under the Act and to propose solutions that will ensure that consumers receive the protections they require when reductions in competition through mergers, acquisitions and collusions are considered. The report has a particular focus on the potential inclusion of social and environmental considerations in the public benefit test.

It has been produced as a result of a grant from the TPA Consumer Trust.

Read the full report » [PDF]

CHOICE

CHOICE - Overview

Related Galexia services and solutions Self-regulation and Codes of Conduct. Read more » Specialised Legal and Regulatory Consulting. Read more » CHOICE links CHOICE home page (external site) »

CHOICE is a leading Australian consumer representative body, addressing issues such as food regulation and labelling, health and financial services to telecommunications and digital technology, standards codes, ecologically sustainable development and the environment.

Galexia has worked with CHOICE on a number of consumer-related projects, including consumer protection in electronic transactions and consumer protection regulation.

CHOICE - Submission to the superannuation review (2009)

On behalf of CHOICE, Galexia prepared a submission to Phase 2 of the Super System Review (the Cooper Review). Phase 2 of the review deals with the operation and efficiency of Australia’s superannuation system.

The CHOICE submission focuses on a small number of key areas where reform is most needed:

• Increasing the amount and quality of comparative data available to consumers;
• Removing the bias that results from sales commissions to advisers when recommending a superannuation fund to consumers;
• Introducing measures to decrease excessive fees and charges, including a new ‘fee target’ of 1%; and
• Introducing measures to reduce the number and impact of inactive and lost accounts.

CHOICE - Consumer code development processes (2009)

Related Galexia news CHOICE submission on consumer code development processes - 2 June 2009 » 2008 review of the EFT Code of Conduct - January 2009 »

CHOICE made a submission to the Australian Government’s review of the consumer-related industry codes development process calling for:

• An articulation of high-level code content principles in legislation;
• Power for regulators to be able to initiate code development (rather than only the industry);
• Requirements for the constitution of code development bodies (including a requirement for consumer representatives, and a mechanism for breaking deadlocks);
• Code monitoring and enforcement requirements;
• Code review requirements; and
• External dispute resolution requirements.

In preparation for the submission, Galexia provided CHOICE with a survey of key consumer code approval processes in use in Australia - those of the Australian Competition and Consumer Commission (ACCC), the Australian Securities and Investments Commission (ASIC), the Office of the Privacy Commissioner, and the Australian Communications and Media Authority (ACMA).

CHOICE - Electronic Funds Transfer Code of Conduct Review (2008)

Downloads and further reading Read the joint consumer submission » Related Galexia news New ePayments Code launched in Australia - September 2011 » 2008 review of the EFT Code of Conduct - January 2009 » Galexia assists CHOICE with a joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC - May 2007 »

Following its 2007 review of the Electronic Funds Transfer (EFT) Code of Conduct, the Australian Securities and Investments Commission (ASIC) released a second consultation paper containing its proposed reforms. Galexia assisted CHOICE, the Consumers’ Federation of Australia, and the Consumer Action Law Centre in preparing a joint consumer response to the proposals, in particular addressing liability of consumers and small businesses and monitoring of Code compliance.

CHOICE - Consumer Protection in Telecommunications (May 2008)

Downloads and further reading Read the issues paper » Related Galexia news Department of Broadband, Communications and the Digital Economy (DBCDE) releases issues paper on consumer codes in telecommunications - 31 March 2009 » CHOICE publishes Galexia report on consumer protection in the telecommunications industry - October 2008 » Galexia assists CHOICE with submission on consumer protection in telecommunications - May 2008 »

Galexia was commission by CHOICE in April 2008 to prepare an issues paper to the 2008 Telecommunications Consumer Representation Stakeholder Forum, held in late April 2008. The paper, entitled Consumer Protection in the Communications Industry: Moving to best practice, provides an overview of consumer concerns with the current co-regulatory consumer protection framework in the telecommunications sector in Australia.

CHOICE - Electronic Funds Transfer Code of Conduct Review (2007)

Downloads and further reading Read the joint consumer submission » Related Galexia news New ePayments Code launched in Australia - September 2011 » 2008 review of the EFT Code of Conduct - January 2009 » Galexia assists CHOICE with a joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC - May 2007 »

Galexia assisted Choice with its submission regarding the 2007 review of the Electronic Funds Transfer (EFT) Code of Conduct, as conducted by the Australian Securities and Investment Commission (ASIC). Among the major issues considered by Galexia were the liability of parties in electronic funds transactions, particularly with regard to Internet banking. The project involved detailed technical advice on authentication techniques for electronic transactions.

The revised code was released in 2008.

CI - Consumers International

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » External Links Consumers International home page »

CI - Survey of Consumer Protection Measures in the Asia Pacific Region (2009)

Galexia was commissioned by Consumers International to conduct a survey of consumer protection and competition laws around the Asia-Pacific region. The results will illustrate the different legal rights of consumers in the various countries surveyed. This basic description of consumer rights will assist consumer organisations in campaigning for effective protection and competition laws, which benefit consumers.

Galexia undertook this survey in partnership with a small Project Steering Committee, composing of different regional consumer representatives.

The survey conducted will establish the status of consumer protection in:

• Australia;
• Fiji;
• India;
• Korea;
• The Philippines;
• Thailand;
• and Vietnam;

by determining the existing laws that deal with:

• Consumer Protection Laws;
• Competition Laws;
• Product Safety;
• Food;
• Consumer Credit;
• Redress Mechanisms; and
• Enforcement.

CreditED

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

CreditEd - Privacy Policy and Privacy Management Framework for CreditED Financial Literacy (2015/16)

Galexia assisted in the strategic realignment of CreditED business around privacy and service strengths. This included the development and implementation of a best practice privacy management framework appropriate to the size and risk profile of the business.

• Stage 1:
  • Development of an up-to-date privacy policy using Galexia’s Privacy Policy Matrix & Questionnaire (APP version)
  • Developing consent processes
  • Access policy
  • Review of 3rd party agreements
  • Consideration of the credit reporting regulations
• Stage 2:
  • Review of identity and authentication privacy issues
  • Complaints Policy
  • Data retention policy
  • Data breach response plan

CSIRO - Commonwealth Scientific and Industrial Research Organisation

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Related Galexia projects Read about Galexia’s projects with DATA61 » Related Galexia news Galexia completes independent review of Consumer Data Standards - Security Profile (CDS-SP) and process on Open Banking for Data61 - 21 December 2018 » New De-Identification Decision-Making Framework released - October 2017 » Galexia research on privacy and health data published in two prestigious medical journals - July 2011 » Galexia presents at CSIRO Science Policy Workshop - November 2005 » CSIRO P-Health Flagship engages Galexia in analysis of privacy and trust issues in the use of health data in research - August 2005 »

CSIRO - Privacy and trust issues in the use of health data in research (2005)

Following a competitive tender, CSIRO engaged Galexia to analyse privacy and trust issues in the use of health data in research and in applications in clinical settings.

This analysis considers new technology products in the identity management and authentication space, including strategic advice on the commercialisation of products developed by CSIRO - for example, Privacy Preserving Analytics (PPA).

This work was undertaken for the CSIRO Preventative Health National Research Flagship. This Flagship Programme has recognised that the appropriate collection, linking, interrogation and management of data will play a vital role in facilitating healthier, more productive lives for Australians. However, the analysis of linked population, clinical and genetic health databases raises privacy, confidentiality, and potentially ethical concerns.

CSIRO and Galexia worked to understand and fully address these concerns, in a programme that includes developing new privacy-enhancing technologies where gaps in the current approaches are identified.

Media coverage:

• Computerworld - CSIRO prototype solves data privacy concerns <http://www.computerworld.com.au/index.php?id=1150363451&eid=-180>
• CIO - Privacy Software to Unlock Health Data Goldmine <http://www.cio.com.au/index.php/id;36232083;fp;4;fpid;21>

DATA61

Related Galexia services and solutions Issues Management - Public and Stakeholder Consultations. Read more » Cloud Computing Strategy and Advice. Read more » Cybersecurity Research and Advice. Read more » Identity Management and Authentication - Technical Consulting. Read more » Related Galexia projects Read about Galexia’s projects with CSIRO » Related Galexia news Galexia completes independent review of Consumer Data Standards - Security Profile (CDS-SP) and process on Open Banking for Data61 - 21 December 2018 » New De-Identification Decision-Making Framework released - October 2017 » Galexia research on privacy and health data published in two prestigious medical journals - July 2011 » Galexia presents at CSIRO Science Policy Workshop - November 2005 » CSIRO P-Health Flagship engages Galexia in analysis of privacy and trust issues in the use of health data in research - August 2005 »

DATA61 -  Independent advice and assistance on the development of a key security standard in the Open Banking / Consumer Data Right (CDR) framework (2018)

Galexia completed an independent review of the Consumer Data Standards - Security Profile (CDS-SP) as at December 2018.

Galexia provided CSIRO / Data61 with independent advice and assistance as they worked towards industry consensus on the security profile for Open Banking. This is a key standard that will help to facilitate the implementation of the Consumer Data Right (CDR) in Australia.

Data61 has been appointed technical advisor to the Data Standards Body <https://consumerdatastandards.org.au> by the Australian Government, and is tasked with delivering open technical standards that empower consumers to share their data simply and safely with organisations of their choosing - starting in the banking sector.

Galexia’s provided independent advice identifying and articulating key information security implementation decisions within the design of technical standards.

Galexia also facilitated a working group to develop an information security profile that aligns with the Financial Grade API (FAPI) Working Group <https://openid.net/wg/fapi> Read/Write framework, using OAuth 2.0 and OpenID Connect protocols.

Read the report:

• Consumer Data Standards - Christmas 2018 Woking Draft » [External link]
• Independent review of Information Security Profile progress (Galexia) » [External link - PDF]

<https://consumerdatastandards.org.au>

DBCDE - Australian Government Department of Broadband, Communications and the Digital Economy (formerly DCITA)

DBCDE - Overview

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » International, Comparative and Cross-Border Research. Read more » Issues Management: Public and Stakeholder Consultations. Read more » External links Department of Communications and the Arts home page (external site) » Other Galexia news DBCDE has been a stakeholder and sponsor of a number of Galexia consulting projects: Australian Department of Communications Technology Advice Panel - June 2014 » Galexia publishes submission to the DBCDE Do Not Call Register Statutory Review - 20 October 2009 » CHOICE submission on consumer code development processes - 2 June 2009 » Government to expand the Do Not Call Register - 29 May 2009 » Department of Broadband, Communications and the Digital Economy (DBCDE) releases issues paper on consumer codes in telecommunications - 31 March 2009 » CHOICE publishes Galexia report on consumer protection in the telecommunications industry - October 2008 » Galexia conducts Pacific spam enforcement workshop - July 2008 » Galexia assists CHOICE with submission on consumer protection in telecommunications - May 2008 » Galexia to help develop spam laws in the Pacific - October 2007 » Galexia to conduct analysis of e-commerce legal infrastructure in Malaysia - July 2006 »

The Department of Broadband, Communications, and the Digital Economy (DBCDE), now the Department of Communications and the Arts and formerly the Department of Communications, Information Technology and the Arts (DCITA), is the Commonwealth agency responsible for communications infrastructure, digital economy and online services, and broadcasting and digital media.

Key DBCDE initiatives have included the National Broadband Network, an awareness program for online safety and security, the switch to digital television, the Australian Do-Not-Call register, and ongoing development of online consumer protections.

DBCDE - Strengthening Spam Legislation, Enforcement and Cooperation Regimes in the Pacific project (2007-2008)

Related Galexia news Galexia conducts Pacific spam enforcement workshop - July 2008 » Galexia to help develop spam laws in the Pacific - October 2007 »

After a competitive tender process, Galexia was chosen to assist DBCDE in the development of a spam legislation, enforcement and co-operation regime. This project, funded in part by AusAID’s Pacific Governance Support Program (PGSP), will be applied across the island states of Niue, Samoa and Vanuatu.

As part of the project, Galexia had a central role in developing a package of anti-spam policy and legislation, specifically tailored for the participating Pacific Island countries, modelled on Australia’s Spam Act 2003. Galexia’s role continued through to developing a local enforcement capability, as well as participating in an international network of enforcing agencies.

DBCDE - Malaysia-Australia E-Commerce Legal Infrastructure Analysis project (2006)

Related Galexia news Ninth ASEAN E-Commerce workshop held in Siem Reap, Cambodia - August 2007 » Galexia to conduct analysis of e-commerce legal infrastructure in Malaysia - July 2006 » Galexia to assist in further harmonisation of ASEAN electronic commerce - February 2006 » Malaysian Minister announce new E-Commerce Laws at Galexia Workshop - July 2005 » Fourth ASEAN E-Commerce harmonisation workshop in Malaysia - July 2005 » Galexia holds first workshop on ASEAN e-commerce harmonisation in Singapore - May 2004 » Galexia to assist ASEAN harmonise electronic commerce - March 2004 »

Galexia was commissioned to assist the DBCDE (then DCITA) in preparing Malaysia - Australia E-Commerce Legal Infrastructure Analysis. The report will be of assistance in the development of the relationship between Malaysia and Australia in a number of areas - at a time when Malaysia and Australia are negotiating a Free Trade Agreement (FTA) that contains a chapter on E-Commerce. Malaysia and Australia also have an ongoing interest in the harmonisation of electronic commerce legal infrastructure. Specifically, the document is a coverage analysis of selected areas of E-Commerce Legal Infrastructure in Australia and Malaysia.

The project was jointly managed by the International Branch of DBCDE in Australia and the Communications Division International Relations Unit of the Ministry of Energy, Water and Communications.

Read more about the Strengthening Spam Legislation, Enforcement and Cooperation Regimes in the Pacific project »

DCITA - Australian Government Department of Communications, Information Technology and the Arts

DCITA - Strengthening Spam Legislation, Enforcement and Cooperation Regimes in the Pacific project (October 2007)

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » External links Department of Communications and the Arts home page (external site) » Other Galexia news DBCDE has been a stakeholder and sponsor of a number of Galexia consulting projects: Australian Department of Communications Technology Advice Panel - June 2014 » Galexia publishes submission to the DBCDE Do Not Call Register Statutory Review - 20 October 2009 » CHOICE submission on consumer code development processes - 2 June 2009 » Government to expand the Do Not Call Register - 29 May 2009 » Department of Broadband, Communications and the Digital Economy (DBCDE) releases issues paper on consumer codes in telecommunications - 31 March 2009 » CHOICE publishes Galexia report on consumer protection in the telecommunications industry - October 2008 » Galexia conducts Pacific spam enforcement workshop - July 2008 » Galexia assists CHOICE with submission on consumer protection in telecommunications - May 2008 » Galexia to help develop spam laws in the Pacific - October 2007 » Galexia to conduct analysis of e-commerce legal infrastructure in Malaysia - July 2006 »

After a competitive tender process, Galexia was chosen to assist DCITA in the development of a spam legislation, enforcement and co-operation regime. This project, funded in part by AusAID’s Pacific Governance Support Program (PGSP), will be applied across the island states of Niue, Samoa and Vanuatu.

As part of the project, Galexia played a central role in developing a package of anti-spam policy and legislation, specifically tailored for the participating Pacific Island countries, modelled on Australia’s Spam Act 2003. Galexia’s role will continue through to developing a local enforcement capability, as well as participating in an international network of enforcing agencies.

Read more about the Strengthening Spam Legislation, Enforcement and Cooperation Regimes in the Pacific project »

DCITA - Malaysia-Australia E-Commerce Legal Infrastructure Analysis project (2006)

Related Galexia services and solutions Issues Management: Public and Stakeholder Consultations. Read more »

Galexia was commissioned to assist the Commonwealth Department of Communications, Information Technology and the Arts (DCITA) in preparing Malaysia - Australia E-Commerce Legal Infrastructure Analysis. The report will be of assistance in the development of the relationship between Malaysia and Australia in a number of areas - at a time when Malaysia and Australia are negotiating a Free Trade Agreement (FTA) that contains a chapter on E-Commerce. Malaysia and Australia also have an ongoing interest in the harmonisation of electronic commerce legal infrastructure. Specifically, the document is a coverage analysis of selected areas of E-Commerce Legal Infrastructure in Australia and Malaysia.

The project was jointly managed by the International Branch of DCITA in Australia and the Communications Division International Relations Unit of the Ministry of Energy, Water and Communications.

Read more »

DEEWR - Australian Government Department of Education, Employment and Workplace Relations

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Identity Management and Authentication - Strategic Consulting. Read more »

DEEWR - Learning Identity Management Framework (LIMF) (September 2008 - January 2009)

Galexia, in partnership with Link Affiliates, has conducted research on privacy concerns arising from the implementation of a Learning Identity Management Framework (LIMF). The Framework is aimed at creating an electronic system, which effectively manages the transfer of student data. The existing manual system works so that when students move from one school to another, intra or inter jurisdiction, a Student Data Transfer Note is sent between the two facilities to indicate certain personal information about that student. The Learning Identity Management Framework aims to improve upon this model, through implementing an efficient electronic system.

A committee at the University of Southern Queensland on behalf of the Department of Education, Employment and Workplace Relations sought advice on transferring the existing Student Data Transfer Notes manual system to an electronic one.

Galexia’s research was based on an understanding of the current issues surrounding privacy, business processes and data transfers. Galexia has assisted the committee by identifying key privacy challenges and suggesting possible approaches to overcome these. Galexia produced a report in January 2009, which outlined their findings and presented feasible strategies to manage identifiable risks.

Defence - Australian Government Department of Defence

Related Galexia services and solutions Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Identity Management and Authentication - Technical Consulting. Read more »

Galexia provided privacy advice to the Department of Defence for their Identity Management Project. The aim of the project was to develop processes, procedures and systems to ensure that the identity of all Defence staff and contractors is authenticated using well known methodologies.

Defence - PIA for Identity Management Project (2007)

Galexia completed an initial Privacy Impact Assessment (PIA) for the Australian Department of Defence JP2099 Program - the Identity Management Capability. The broad purpose of this PIA was to provide a description and assessment of the personal information flows that are expected to occur for the JP2099 Identity Management Capability, assess the potential privacy legal issues and privacy perception issues that arise from the identified flows, and the Capability as a whole, and assess the impact these issues may have on the privacy of individual’s personal information. 

The aim of Project CERTE (JP2099) is to establish a common electronic identity across Defence business systems and achieve data integrity using smart cards and public key infrastructure. It includes systems integration and support, middleware development and sourcing of commercial off-the-shelf hardware and software.

Galexia worked closely with the Department of Defence identity management and authentication team. Stakeholder consultations were sensitive and complex in this project because of the security and confidentiality issues involved. Galexia was trusted as an intermediary to liaise with key stakeholders such as the Privacy Commissioner.

In June 2007 Galexia presented strategic recommendations to the internal Defence Security Committee with responsibility for implementing Identity Management across all Defence Agencies and units. The Committee accepted Galexia’s recommendations unanimously.

DHA - Australian Government Department of Health and Ageing

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

DHA - National Health Identifier project

Galexia completed a significant project on identity management in the health sector. The Commonwealth Department of Health and the Ageing commissioned Galexia to produce a strategic issues paper on a "National Health Identifier". The paper was completed in February 2004 and is the subject of consideration by the Australian Health Information Council and the National Health Information Group. The project involved national and international research, consultation with government and non-government stakeholders and the development of findings and recommendations.

Diabetes Australia

Related Galexia services and solutions Privacy Management Lifecycle: Our Privacy Products and Services. Read more » External links Diabetes Australia » NDSS - National Diabetes Services Scheme »

Diabetes Australia - Privacy Review of the National Diabetes Services Scheme (NDSS) (2015)

Galexia assisted Diabetes Australia with a high level privacy review of the National Diabetes Services Scheme (NDSS) - considering the operation of the Australian Privacy Principles (APPs) and new guidance from the Office of the Australian Information Commission (OAIC). The NDSS is one of the largest active health based consent databases in Australia and privacy governance is critical. The data includes specific interactions with pharmacies and the provision of pharmaceutical services in Australia.

Tasks included:

• Identification and prioritisation privacy issues
• Gaps in policies and procedures
• Any potential future issues, and
• Assist Diabetes Australia develop a work plan and priorities for the ongoing governance of privacy issues in the NDSS.

DigEU - DIGITALEUROPE

Related Galexia services and solutions Cloud Computing Strategy and Advice. Read more » Strategic Privacy Consulting. Read more » International, Comparative and Cross-Border Research. Read more » Related Galexia news Galexia presenting at CPDP2017 (The Age of Intelligent Machines) Computers, Privacy & Data Protection 10th International Conference, Brussels - 25 January 2017 » Galexia presenting at the Annual European Data Protection and Privacy Conference, Brussels - 1 December 2016 » Article in Data Protection Leader - Regulators fight back against privacy fraud - November 2016 » Galexia chapter in 'Enforcing Privacy' book published (Springer) - April 2016 » Galexia article about Implementation of the new EU-US Privacy Shield - 21 March 2016 » Galexia Director speaking at Privacy Law and Business Conference in Cambridge (UK) - 7 July 2015 » Galexia presents on The Future of the EU-US Safe Harbor at Brussels conference - 1 June 2014 » Galexia gives evidence about EU/US Safe Harbor privacy framework to the UK House of Lords - 12 March 2014 » Galexia invited to provide evidence to the European Parliament LIBE Inquiry on Electronic Mass Surveillance of EU Citizens - 7 October 2013 » Galexia presented at the Privacy Laws & Business 23rd Annual International Conference - 14 April 2010 » Galexia interviewed by Privacy Laws and Business International Journal on the US Safe Harbor and recent actions by the FTC - 26 February 2010 » First US Prosecution for false web claim of Safe Harbor status - 11 September 2009 » New Galexia Study: The US Safe Harbor - Fact or Fiction? - December 2008 »

DIGITALEUROPE is a European trade organisation representing the digital technology industry. Their members include around 60 major technology companies and 35 national trade associations.

<www.digitaleurope.org>

DigEU - Advice on the market for cross border data transfers (2015/2016)

Galexia advised DIGITALEUROPE on market issues and policy options related to the cross-border transfer of personal data. The study included an analysis of the type and size of organisations making data transfers, the type of data transferred and the regulatory options adopted by hundreds of organisations. The analysis included a breakdown of market segments by sector and business size.

DIBP - Australian Government Department of Immigration and Border Protection

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

DIBP - Privacy Impact Assessment (PIA) on Biometrics and National Identity Management Implementation (2005)

Galexia has provided strategic privacy advice on the design and implementation of biometric identity solutions.

This advice included:

• A full Privacy Impact Assessment (PIA) on a proposed biometric solution;
• The development of Privacy Checklists for biometrics projects within the agency; and
• The provision of strategic advice on the regulation of biometrics and privacy.

DITR - Australian Government Department of Industry, Tourism and Resources

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more »

Now the Australian Government Department of Industry, Innovation and Science.

DITR - Digital Credentials for the Legal Profession - Phase II (2006)

This project is an extension of work completed by Galexia in 2005, and involves the development of policies, procedures and documents for a pilot of the Department’ digital credentials. Galexia’s role is to ensure that policies are compatible with current best practices in PKI and the proposed Gatekeeper reforms.

DITR - Digital Credentials for the Legal Profession (2005)

Galexia won a competitive tender to provide business analysis, research and advice in the development of digital credentials for the legal profession in NSW and Australia.

The Law Society of NSW and the Commonwealth Department of Industry, Tourism and Resources (DITR) have commissioned the development and documentation of a high level business case, including identification of requirements, options, costs and impact.

The project is a timely consideration of digital identity for lawyers and considers:

• Digital signature certificates and Electronic Signatures
• Public Key Infrastructure (PKI)
• Smart Cards
• Impact of GateKeeper reforms
• Electronic conveyancing
• Electronic Court Lodgement

DMA - Doll Martin Associates

<www.dollmartin.com.au>

Doll Martin Associates and Galexia have collaborated on a number of projects since 2006, especially in the areas of privacy, eHealth, public registers, data sharing and cloud architecture.

In October 2013 Galexia and Doll Martin Associates strengthened their existing partnership and announced a closer strategic alliance to leverage their particular strengths and synergies and combining Galexia’s advisory expertise and experience in privacy, cybersecurity, cloud and identity and innovative cloud-based tools and client engagement with the strategic and information management consulting services Doll Martin Associates provides in the areas of strategic information planning and management, and the implementation of systems for business benefit.

Galexia has collaborated on a number of Doll Martin Associate projects - contributing key intellectual property, assisting with bid preparation and taking key oversight, leadership and advisory roles in a number of engagements.

Galexia has worked with Doll Martin assisting a range of organisations, including:

• Australian Securities & Investments Commission (ASIC)
• Austroads
• Barangaroo Delivery Authority
• eHealth NSW
• Healthshare NSW
• King & Wood Mallesons (KWM)
• Legal Aid NSW
• NSW Ambulance Service
• NSW Department of Education
• NSW Department of Family & Community Services (FACS)
• NSW Department of Finance, Services and Innovation (DFSI)
• NSW Department of Industry
• NSW Department of Justice
• NSW Fire Service (RFS)
• NSW Information and Privacy Commission (IPC)
• NSW Local Health Districts
• NSW Ministry of Health
• NSW Office of Liquor Gaming and Racing (OLGR) - now Liquor & Gaming NSW
• NSW Roads & Maritime Services (RMS)
• Power Health Solutions
• ServiceNSW
• Sydney Water Corporation
• TAFE NSW
• Western Sydney University

DPMC - Australian Government Department of Prime Minister and Cabinet

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Specialised Legal and Regulatory Consulting. Read more » Related Galexia news about DPMC PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia s PIA on the proposed Data Sharing and Release legislative framework - 3 September 2019 » Galexia completes privacy advice and an independent PIA for Department of Prime Minister & Cabinet on the proposed Data Sharing & Release Bill and related regulatory framework - June 2019 » Galexia engaged by Department of Prime Minister & Cabinet to conduct an independent PIA on the proposed Data Sharing & Release Bill - 9 July 2018 » ABS accepts recommendations in Galexia Privacy Impact Assessment (PIA) on the Multi-Agency Data Interchange Project (MADIP) - April 2018 » Galexia undertakes Review and Briefing on Identity Management and Customer Initiated Data Sharing for Regional Australia Bank - September 2017 »

.

Galexia has worked with The Department of Prime Minister & Cabinet as both a stakeholder and project owner/client on nationally significant engagements.

Privacy advice and independent public PIA on the proposed Data Sharing & Release Bill and related regulatory framework (2018/19)

External links ONDC - Office of the National Data Commissioner » DPMC - Data Sharing & Release Reforms » The Privacy Impact Assessment and Discussion Paper are available from the following links: Minister for Government Services Media Release » [External link - 3 September 2019] National Data Commissioner - Embedding a privacy-by-design approach in how we develop legislation » [External link - 3 September 2019] Discussion Paper and Privacy Impact Assessment on Data Sharing and Release legislative reforms is open for public consultation until 15 October 2019 » [External link - 3 September 2019] View PIA and DPMC/ONDC response to recommendations » [Galexia - PDF]

In July 2018 Galexia was engaged to provide privacy advice and an independent and public Privacy Impact Assessment (PIA) on the proposed policy settings and related legislative reforms surrounding the Data Sharing & Release Framework.

The PIA was prepared prior to the finalisation of the Data Sharing & Release Bill and Galexia’s engagement process facilitated the Department of the Prime Minister & Cabinet <www.pmc.gov.au> and Office of the National Data Commissioner (ONDC) <www.datacommissioner.gov.au> to adopt an iterative approach to the development of the policy settings and to the Data Sharing & Release Framework. 

The purpose of the PIA is to assist in identifying and managing privacy issues that are raised by the proposed framework for the sharing and release of data that will be facilitated by the Data Sharing & Release Bill. The key proposals are:

• To enable a range of data sharing and data release activities for permitted purposes; and
• To create an effective governance framework for the proposed data sharing and the release of public sector data.
  

In September 2019 this PIA was publicly released with an accompanying discussion paper - all Galexia’s recommendations have been accepted.

DTA - Australian Government Digital Transformation Agency

DTA - Overview

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Related Galexia projects Galexia has a history of providing independent advice on privacy and identity to the Australian Government and agencies. Read about Galexia's previous projects with the NOIE » Read about Galexia’s previous projects with AGIMO » Related Galexia news Digital Transformation Agency (DTA) releases 2nd Galexia Privacy Impact Assessment (PIA) on Digital Identity - 13 November 2018 » Two-stage independent PIA for myGovID finalised - September 2018 » Galexia undertakes Review and Briefing on Identity Management and Customer Initiated Data Sharing for Regional Australia Bank - September 2017 » Digital Transformation Agency (DTA) releases 1st Galexia Privacy Impact Assessment (PIA) on Digital Identity - 17 March 2017 » Galexia completes initial Privacy Impact Assessment (PIA) for the Australian Government Digital Transformation Agency (DTA) on the proposed Trusted Digital Identity Framework (TDIF) - December 2016 » National e-Authentication Framework Website Authentication Guidelines - January 2009 » Galexia joins AGIMO Identity Management and Authentication Consultancy Services Panel - May 2007 » Gatekeeper reforms published - October 2006 » Galexia to help develop the Australian Government e-Authentication Framework for Individuals (AGAFI) - April 2006 » Galexia to help complete the Gatekeeper Public Key Infrastructure Framework for AGIMO - April 2006 » ... more » DTA links DTA home page » [external site]

.

The Digital Transformation Agency (DTA) has been established to guide, oversee and drive the Australian Government’s Digital and ICT agendas.

DTA - Second Privacy Impact Assessment (PIA) on the Trusted Digital Identity Framework and GovPass identity platform (2018)

Related DTA links DTA - Digital Identity » [External link] Second PIA published by DTA on 13 November 2018 Read the DTA blog post releasing the second PIA » [External link - 13 November 2019] Download the second PIA from the DTA website » [PDF - External link] Download the second PIA and DTA Response » [PDF - Galexia]

In 2018 Galexia completed the second Privacy Impact Assessment (PIA) on the Trusted Digital Identity Framework (TDIF) and identity platform (GovPass) being developed by the DTA.

This second assessment reviewed updated Framework documentation and the design of core system components. This second PIA made several new Recommendations and also provided an update on progress against the Recommendations contained in the first PIA.

The DTA published the PIA and their formal response in November 2018. Read more »

DTA - Initial Privacy Impact Assessment (PIA) on the proposed Trusted Digital Identity Framework and GovPass identity platform (2016/2017)

Related DTA links DTA - Digital Identity » [External link] DTA - Digital Service Standard » [External link] Initial PIA published by DTA on 17 March 2017 Read the blog post about GovPASS on the DTA website » [External link - 17 March 2017] Download the initial PIA from the DTA website » [External link - PDF] Download the initial PIA » [PDF - Galexia]

In October 2016 Galexia was engaged to conduct a preliminary Privacy Impact Assessment (PIA) on the proposed draft Trusted Digital Identity Framework (TDIF) and GovPass identity platform being developed by the DTA. The TDIF and platform will support a federated digital identity system.

The initial PIA examined impacts based on the draft framework and platform architecture as at the completion of the Alpha phase of the Digital Identity Initiative, as defined by the Digital Service Standard.

This PIA included extensive analysis of the role of the States and Territories and the application of local privacy legislation, including key differences between Commonwealth privacy legislation and local privacy legislation.

This PIA is the first stage of an independent and multi-phase PIA process.

The PIA was completed in December 2016 and was published in March 2017

On 17 March 2017, the DTA has published this PIA. Read more »

Foxtel

Related Galexia services and solutions Identity Management and Authentication - Technical Consulting. Read more »

Foxtel - Access Control Design (2007)

Galexia re-designed, deployed and tested a critical component of a customer-facing access controls platform.

Fidelity International

Related Galexia services and solutions International, Comparative and Cross-Border Research. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Specialised Legal and Regulatory Consulting. Read more »

Fidelity - Offshore Data Transfer in Business Process Outsourcing (March 2007)

Galexia provided research, analysis and advice on offshore data transfer requirements in the Asia-Pacific for Fidelity International. This included analysis of the transborder data flow laws of Australia, Hong Kong, Japan, Korea, Singapore and Taiwan, as well as the treatment of data received from offshore in Australia, China, Hong Kong, India, Japan, Korea, Singapore and Taiwan, the United Kingdom and the United States.

Fidelity - Electronic Human Resource Records (March 2007)

Galexia prepared research, analysis and advice to Fidelity International on the use of electronic human resources records in its Asia-Pacific offices. Guidance on meeting the following requirements under the laws of Australia, Hong Kong, Japan, Korea, Singapore and Taiwan:

• Legal recognition of electronic human resources records;
• Use of electronic records as evidence in court;
• Human resources record-keeping requirements; and
• Privacy and security requirements.

Fidelity - Privacy Compliance Strategy and Statement (January 2007)

Galexia provided strategic guidance to Fidelity International on meeting the requirements of the privacy laws of Australia, Hong Kong, Korea, Japan, Singapore and Taiwan.

Fidelity - Privacy Sanctions (December 2006)

Galexia prepared detailed analysis and strategy associated with sanctions in the privacy laws of Australia, Hong Kong, Japan, Korea, Singapore and Taiwan;

Fidelity - Regional Privacy Advice (November 2006)

Galexia provided privacy management advice to the Risk, Security and Business Continuity division of Fidelity International, including advice to their Hong Kong, Japan, Korea, Singapore, Sydney and Taiwan offices. This advice addressed the client and employee data protection requirements in each location, as well as the restrictions on the flow of personal information between each location. This included:

• Analysis of compliance with local privacy requirements;
• Development of implementation tasks for each office, including proposed compliance steps, implementation timetable, chains of responsibility and suggested tools and sources of assistance; and
• Development of a Regional Privacy Strategy.

FWC - Australian Government Fair Work Commission

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Cloud Computing Strategy and Advice. Read more » Cybersecurity Research and Advice. Read more »

.

FWC - Iterative privacy advice and independent PIA for eCASE - a new cloud-based case management platform (2018/19)

During 2018/19, Galexia was conducted an independent Privacy Impact Assessment (PIA) for the Fair Work Commission (FWC) - examining the privacy considerations around the Commission’s introduction of a new case management platform - eCASE.

Electronic case management is a fundamental business capability for the Fair Work Commission (FWC) - processing 35,000 cases per annum.

The new eCASE solution is built on a ‘business process centric, low-code platform’ that has been procured from Appian Corporation. It has been provisioned on a multi-Platform-as-a-Service (PaaS) model and the application is hosted at Amazon Web Service (AWS) and the databases and data-analytics hosted on Microsoft Azure.

The overall eCASE solution is comprised of a multi-cloud / multi-platform / multi-vendor solution that provides overall case management capabilities for the Fair Work Commission - and this design has evolved over the period of this PIA and PIA has considered distinct platforms and cloud architectures, including:

• Amazon Web Services (AWS)
• Azure Platform Services
• On-Premises VMWare

The FWC has commissioned this PIA as a proactive step during the design and implementation phase to iteratively identify and address privacy risks and to strengthen privacy protections.

Major Global Financial Institution

Identity Management Strategy and Technology Evaluation (2008)

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more » Identity Management and Authentication - Technical Consulting. Read more »

Galexia was approached by a large financial institution to advise on the development of an identity management strategy, and provide assistance in evaluating available solutions.

The project involved a detailed analysis of business drivers including an assessment of governance, risk, and compliance issues (GRC). Business requirements were established through extensive stakeholder interviews, and these were elaborated into a comprehensive set of functional and non-functional identity and access management requirements. Based on these requirements, Galexia developed a custom identity strategy taking into account the relevant structural and cultural features of the organisation, identified the short- and long-term aims and metrics for implementing identity management, and outlined the necessary governance and operational structures required.

Galexia also conducted a rigorous technology evaluation, identifying relevant products and inviting a shortlist of vendors to present their solutions. This was used to create a detailed product assessment based on the client’s specific needs, examining the candidate products across over 80 custom metric points.

Galexia provided the client with a governance structure, a path forward towards implementation, and independent assessment of market features and trends. Galexia’s analysis enabled the project to proceed with confidence, understanding and ownership in their identity management solution.

Japan PIA Study Tour

Related Galexia services and solutions Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more »

Galexia hosted a delegation of Japanese privacy experts, including academics and professionals from the legal and technology fields. The delegation met with Australian privacy experts from within government, industry and academia, discussing a broad range of privacy issues, with a particular focus on privacy impact assessments (PIAs) and biometrics. The meetings were conducted in Sydney and Canberra.

Galexia has provided privacy compliance advice to a number of international companies with operations in Japan following the introduction of the Japanese Act on the Protection of Personal Information.

KWM - King & Wood Mallesons

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Cloud Computing Strategy and Advice. Read more » Cybersecurity Research and Advice. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Related news about Galexia and King & Wood Mallesons Putting data governance and privacy top of Australian Government Agencies Agenda (KWM Insight) - 6 November 2017 » King & Wood Mallesons (KWM) and Galexia collaborating on Data Governance Advisory Services - October 2017 »

<http://www.kwm.com>

KWM - King & Wood Mallesons + Galexia and Data Governance (2017)

KWM and Galexia bring together a multi-disciplinary data governance practice to give clients a joint service offering that covers the legal and privacy aspects of cloud platforms, data sharing and use, data linkage and digital identity.

This collaboration gives clients access to a leading provider of Privacy Impact Assessments (PIAs) and privacy management strategies, as well as market-leading strategic advice and legal expertise in respect of data and privacy.

Our services are designed to give clients confidence to engage with the new open data economy.

Law Society of New South Wales

Law Society of NSW - Digital Credentials for the Legal Profession - Phase II (2006)

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more »

This project is an extension of work completed by Galexia in 2005, and involves the development of policies, procedures and documents for a pilot of the Law Society’s digital credentials. Galexia’s role is to ensure that policies are compatible with current best practices in PKI and the proposed Gatekeeper reforms.

Law Society of NSW - Digital Credentials for the Legal Profession (2005)

Galexia won a competitive tender to provide business analysis, research and advice in the development of digital credentials for the legal profession in NSW and Australia.

The Law Society of NSW and the Commonwealth Department of Industry, Tourism and Resources (DITR) have commissioned this.

This project consists of a number of phases delivered from June to October 2005.

• Initial Phase
  Development and documentation of a high level business case, including identification of requirements, options, costs and impact.
• The second phase
  Development of a methodology - including further development of the recommended option, including required policies and procedures, technical specifications and revalidation of the business case.

The project is a timely consideration of digital identity for lawyers and considers:

• Digital signature certificates and Electronic Signatures
• Public Key Infrastructure (PKI)
• Smart Cards
• Impact of GateKeeper reforms
• Electronic conveyancing
• Electronic Court Lodgement

Level 3 Communications

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

Level 3 - Advice on impact of EU data protection directive

Galexia worked with Baker & McKenzie to deliver a Privacy Impact Assessment and develop advice on web site privacy policies, US Safe Harbour arrangements, the implications of the EU Data Protection Directive, and data retention rules

Level 3 - Advice on privacy law in South-East Asia

Galexia and Baker & McKenzie completed a major privacy compliance strategy and training module for a major multinational communications company. The strategy included advice and training on compliance with privacy law and regulation in Hong Kong SAR, Japan, Korea and Taiwan.

Level 3 - Advice on Internet content regulation in South East Asia

Galexia and Baker & McKenzie completed an analysis of Internet content regulation in Hong Kong SAR, Japan, Korea and Taiwan for a multinational client.

Level 3 - Advice on Internet gambling regulation in South-East Asia

Galexia and Baker & McKenzie completed an analysis of Internet gambling regulation in Hong Kong SAR, Japan, Korea and Taiwan for a multinational client.

Lexis Australia

Lexis - Internet Law Bulletin (1998-2003)

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Downloads and further reading Galexia's Internet Law Bulletin (ILB) index pages »

Galexia authored the Internet Law Bulletin (ISSN 1035 2155) on a monthly basis for the first five volumes (1998-2003). The Internet Law Bulletin was one of the first publications of its type, and continues (in its seventh year) to deliver up to date coverage of developments in Internet law. Chris Connolly and Peter van Dijk were co-General Editors for Volumes 1 to 5. For Volume 6 onwards Galexia has remained an active contributor and Chris Connolly is a member of the Editorial Board. Other Galexia staff and associates are regular contributors to the Internet Law Bulletin.

LIAC - Legal Information Access Centre

LIAC - Overview

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » LIAC links LIAC home page (external site) »

The Legal Access Information Centre (LIAC) is an information service operated by the State Library of New South Wales. LIAC provides legal research tools and resources for use by the general public.

LIAC - Cyberlaws Hot Topic (2009)

Galexia prepared a ‘Hot Topic’ entry for LIAC discussing key legal issues relevant to the Internet and electronic commerce. The Hot Topic covers key international and Australian laws and developments, with topics including:

• Accessibility;
• Domain Names;
• Copyright;
• Contracts;
• Defamation;
• Content Regulation;
• Privacy and Spam;
• Social Network Sites;
• Consumer Protection; and
• Cybercrime.

LittlePay

Related Galexia services and solutions International, Comparative and Cross-Border Research. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » External Links LittlePay » Perimeter Payments »

LittlePay - Privacy Impact Assessment (PIA) on a micropayment system for public transport (United Kingdom and Australia, 2016)

Galexia completed a Privacy Impact Assessment (PIA) for a payments consortium consisting of LittlePay (Australia) and Perimeter Payments (UK) regarding their roll-out of a micro-payments system for public transport.

The PIA considered privacy compliance issues in situations where data flowed across a variety of jurisdictions. This included an examination of Australian, British and European requirements for protecting privacy during the cross-border transfer of personal data. Galexia has a long history of providing advice on privacy issues related to both electronic payment systems and to transport related platforms.

LIV - Law Institute of Victoria

LIV - Law Institute of Victoria (1997-2009)

Galexia provided strategic IT advice and services to the Law Institute of Victoria for over eight years. This included the development of a membership and content driven website, critical internet infrastructure, internet applications and content management systems to meet the needs of the Institute’s members.

Macquarie Bank

Related Galexia services and solutions International, Comparative and Cross-Border Research. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more »

Macquarie Bank - Strategic Advice (2005)

Galexia provided strategic advice regarding privacy compliance issues for large-scale information broking services provided by Macquarie Bank clients. This task included strategic advice on privacy issues that can arise from the commercialisation of large data sets.

NEHTA - National E-Health Transition Authority

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

From 1 July 2016 NeHTA is the Australian Digital Health Agency »

NEHTA - Healthcare Provider Identifier (HPI) and Individual Healthcare Identifier (IHI) Preliminary Privacy Impact Assessments (PIAs) (2006)

External Links Australian Digital Health Agency »

Following a competitive tender, the National E-Health Transition Authority (NEHTA) asked Galexia to contribute the development of a secure, interoperable e-health environment in Australia.

The project involved the development of two different types of healthcare identifiers. Galexia’s primary role was the development of two preliminary Privacy Impact Assessments (PIAs) to examine and document potential privacy concerns.

• The first, the Healthcare Provider Identifier (HPI), is required so that individual providers can communicate with their colleagues, and jurisdictions can improve connectivity between their clinical systems within and across borders. Nationally, unique provider identification is recognised as a foundation for the broader e-health agenda and the implementation of Shared Electronic Health Records (Shared EHRs).
• The second, the Individual Healthcare Identifier (IHI), is required to ensure the correct identification of an individual and to make sure that the right information is attached to the right person.

NOIE - National Office for the Information Economy

Related Galexia services and solutions International, Comparative and Cross-Border Research. Read more » Specialised Legal and Regulatory Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Related Galexia projects Read about Galexia’s projects with the Digital Transformation Office (DTA) » Read about Galexia's previous projects with AGIMO » Related Galexia news Digital Transformation Agency (DTA) releases 2nd Galexia Privacy Impact Assessment (PIA) on Digital Identity - 13 November 2018 » Two-stage independent PIA for myGovID finalised - September 2018 » Galexia undertakes Review and Briefing on Identity Management and Customer Initiated Data Sharing for Regional Australia Bank - September 2017 » Digital Transformation Agency (DTA) releases 1st Galexia Privacy Impact Assessment (PIA) on Digital Identity - 17 March 2017 » Galexia completes initial Privacy Impact Assessment (PIA) for the Australian Government Digital Transformation Agency (DTA) on the proposed Trusted Digital Identity Framework (TDIF) - December 2016 » National e-Authentication Framework Website Authentication Guidelines - January 2009 » Galexia joins AGIMO Identity Management and Authentication Consultancy Services Panel - May 2007 » Gatekeeper reforms published - October 2006 » Galexia to help develop the Australian Government e-Authentication Framework for Individuals (AGAFI) - April 2006 » Galexia to help complete the Gatekeeper Public Key Infrastructure Framework for AGIMO - April 2006 »

NOIE - Overview

Galexia provided trusted strategic advice to NOIE (now AGIMO) on authentication, identity management and privacy issues.

Galexia sat on the GateKeeper Policy Committee and has provided input to the national Authentication working group.

NOIE - ABN-DSC project

Galexia prepared a comprehensive report for NOIE on issues in the use and cross recognition of ABN Digital Signature Certificates. It involved direct consultation with multiple Government agencies, vendors and industry bodies and the preparation of a report for the IMSC CIO Committee (April 2003). This project displayed Galexia’s ability to deliver quality outcomes to Commonwealth Agencies under the Cth Endorsed Supplier Arrangement (ESA), including a high level of service and support to a Canberra based client, total confidentiality, delivery on-time and on budget and compliance with all project criteria.

NOIE - Privacy and Public Key Infrastructure: Consultation Paper on Privacy Issues in the Use of PKI for Individuals and Possible Guidelines for Handling Privacy Issues in the Use of PKI for Individuals by Commonwealth agencies (2001)

Galexia was commissioned, by the National Office for the Information Economy (NOIE) and the (then) Office of the Federal Privacy Commissioner (OFPC) to produce a research and discussion paper on privacy guidelines for the use of digital certificates. In 2001 we delivered a research and discussion paper on privacy guidelines for the use of digital certificates, including Privacy Impact Assessment research and checklist. This included the development of a plain language description of PKI, and draft guidelines which eventually became formal Guidelines under the Privacy Act 1988 for the use of PKI by Commonwealth agencies

Available from the Office of the Australian Information Commissioner (OAIC) - <https://oaic.gov.au/>

Read more »

NSC - Naval Shipbuilding College

NSC - Overview

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Cloud Computing Strategy and Advice. Read more » Cybersecurity Research and Advice. Read more » Related Galexia news Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register - June 2019 » Galexia completes initial PIA for the Department of Defence - June 2007 »

.

<www.navalshipbuildingcollege.com.au>

The Naval Shipbuilding College (NSC) is an Australian Government initiative which is managed for the Department of Defence on behalf of the Australian Government by the Naval Shipbuilding Institute (NSI) joint venture. Headquartered in Osborne, South Australia, the College commenced operations on 3rd April 2018.

NSC - 2-stage privacy advice and independent PIA for the Naval Shipbuilding College Workforce Register (2018/19)

During 2018/19, Galexia was engaged to provide 2-stage privacy advice for the Naval Shipbuilding College (NSC) on the implementation of the Workforce Register - culminating in a Privacy Impact Assessment (PIA).

This Workforce Register includes a cloud-based employment registry that is being developed and managed in collaboration with a series of third party providers. Galexia assessed compliance with national privacy laws in addition to compliance with a central contract and delivery through cloud platforms and application of best practice privacy governance. 

The Workforce Register operates in the defence / national security sector, so the best practice management of privacy and security issues is considered to be a high priority. The NSC has commissioned this PIA as a proactive step in identifying privacy issues and strengthening privacy protections.

This PIA assessed the Workforce Register against the APPs in the Commonwealth Privacy Act (1988) and the Privacy (Australian Government Agencies — Governance) APP Code 2017.

The completion of this PIA included extensive engagement with the Workforce Register implementation team and their partners.

NSW-IPC - NSW Information and Privacy Commission

Related Galexia services and solutions Privacy Management Lifecycle: Our Privacy Products and Services. Read more » External Links Information and Privacy Commission (IPC) New South Wales »

NSW-IPC - Privacy Impact Assessment on Government Access Tool (2016)

Galexia, in conjunction with Doll Martin Associates, completed a high level Privacy Impact Assessment (PIA) for the Information and Privacy Commission NSW on the IPC GIPA Tool. (GIPA is the Government Information (Public Access) Act 2009).

The Government Information Privacy Act 2009 (GIPA) requires the Information and Privacy Commission (IPC) to provide a resource to assist agencies in processing GIPA applications and to report annually on the operation of GIPA. In order to facilitate these requirements the IPC has developed and implemented a case management and reporting system called the ‘GIPA Tool’.

The PIA considered compliance with the NSW Privacy and Personal Information Protection Act 1998 (PPIP Act) and privacy issues associated with storing data in the cloud.

NSW-RMS - Roads and Maritime Service (was RTA - Roads and Traffic Authority)

NSW-RMS - Overview

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » International, Comparative and Cross-Border Research. Read more »

The NSW Roads and Maritime Service (RMS) (previously the NSW Roads and Traffic Authority (RTA)) is responsible for road safety, vehicle registration and driver licensing in NSW, and is responsible for over 4 million drivers and over 5 million vehicles. The agency’s management of state drivers’ licenses makes it a key agency in government-operated identification systems.

NSW-RMS / RTA - Facial Recognition System PIA (2009)

Galexia prepared a Privacy Impact Assessment (PIA) for a Facial Recognition System to be used by the (then) NSW Roads and Traffic Authority for proof of identity and related functions, including as a tool for combating criminal activities such as money laundering and drug trafficking.

NSW-RMS / RTA - Document Verification Service Privacy Impact Assessment (November 2007)

Galexia conducted a Privacy Impact Assessment (PIA) for the (then) NSW Roads and Traffic Authority (RTA). The PIA covered the agency’s potential participation in the national Document Verification Service (DVS).

The DVS has been developed as part of the National Identity Security Strategy. The DVS will be a secure, electronic, on-line system accessible by certain Australian Government, state and territory agencies to check the validity of an identity document. The verification of driver licences will be completed via the National Exchange of Vehicle and Driver Information System (NEVDIS) database, operated by Austroads.

OAIC - Office of the Australian Information Commissioner

Related Galexia services and solutions International, Comparative and Cross-Border Research. Read more » Specialised Legal and Regulatory Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » External Links Office of the Australian Information Commissioner »

OAIC - Joint Sponsor with Galexia for Endeavour Fellowship from The Philippines to study privacy law in Australia (November 2007)

Related links Australian Government Endeavour Scholarships and Fellowships (external link) » Australian Government Australia Global Alumni! (external link) »

Claro Parlade, Galexia’s associate from The Philippines, won an Endeavour Fellowship to be funded to visit Australia in 2008 for 3 months to study privacy law.

Claro was the Executive Director of the Cyberspace Policy Centre for Asia-Pacific (CPCAP), a leading source of expertise on electronic commerce, privacy and online dispute resolution issues in the Asian region.

Galexia and the Office of the Privacy Commissioner are Claro’s joint sponsors for the programme, and Galexia co-hosted Claro along with the OPC. In Australia, Claro interviewed key business, government and consumer stakeholders about privacy issues.

Claro has considerable experience in policy work in the Philippines, having been Chairman of the Legal and Regulatory Committee of the IT and E-Commerce Council (‘ITECC’) of the Philippines from 2000 to 2004. He has been involved in the drafting of the Philippines E-Commerce law, and has worked on numerous draft bills and regulations on matters such as the creation of a department of ICT, telecommunications reform, cybercrime and Internet governance.

The Endeavour Programme brings leading researchers, executives and students to Australia to undertake short or long term study, research and professional development in a broad range of disciplines and enables Australians to do the same abroad.

Read more »

OAIC - Consultation Paper on Privacy Issues in the Use of Public Key Infrastructure (PKI) for Individuals (June 2001)

Consultation Paper on Privacy Issues in the Use of PKI for Individuals and Possible Guidelines for Handling Privacy Issues in the Use of PKI for Individuals by Commonwealth agencies.

Galexia was commissioned, by the National Office for the Information Economy (NOIE) and the (then) Office of the Federal Privacy Commissioner (OFPC) to produce a research and discussion paper on privacy guidelines for the use of digital certificates. In 2001 we delivered a research and discussion paper on privacy guidelines for the use of digital certificates, including Privacy Impact Assessment research and checklist. This included the development of a plain language description of PKI, and draft guidelines which eventually became formal Guidelines under the Privacy Act 1988 for the use of PKI by Commonwealth agencies

Available from the Office of the Australian Information Commissioner - https://oaic.gov.au/

Read more »

ONDC - Office of the National Data Commissioner

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Specialised Legal and Regulatory Consulting. Read more » Related Galexia news PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia s PIA on the proposed Data Sharing and Release legislative framework - 3 September 2019 » Galexia completes privacy advice and an independent PIA for Department of Prime Minister & Cabinet on the proposed Data Sharing & Release Bill and related regulatory framework - June 2019 » Galexia engaged by Department of Prime Minister & Cabinet to conduct an independent PIA on the proposed Data Sharing & Release Bill - 9 July 2018 » ABS accepts recommendations in Galexia Privacy Impact Assessment (PIA) on the Multi-Agency Data Interchange Project (MADIP) - April 2018 » Galexia undertakes Review and Briefing on Identity Management and Customer Initiated Data Sharing for Regional Australia Bank - September 2017 » Galexia completes Privacy Impact Assessment (PIA) for the Australian Government Attorney General s Department (AGD) on Change of Name Data Sharing - October 2016 »

.

Privacy advice and independent public PIA on the proposed Data Sharing & Release Bill and related regulatory framework (2018/19)

External links ONDC - Office of the National Data Commissioner » DPMC - Data Sharing & Release Reforms » The Privacy Impact Assessment and Discussion Paper are available from the following links: Minister for Government Services Media Release » [External link - 3 September 2019] National Data Commissioner - Embedding a privacy-by-design approach in how we develop legislation » [External link - 3 September 2019] Discussion Paper and Privacy Impact Assessment on Data Sharing and Release legislative reforms is open for public consultation until 15 October 2019 » [External link - 3 September 2019] View PIA and DPMC/ONDC response to recommendations » [Galexia - PDF]

.

In July 2018 Galexia was engaged to provide privacy advice and an independent and public Privacy Impact Assessment (PIA) on the proposed policy settings and related legislative reforms surrounding the Data Sharing & Release Framework.

The PIA was prepared prior to the finalisation of the Data Sharing & Release Bill and Galexia’s engagement process facilitated the Department of the Prime Minister & Cabinet <www.pmc.gov.au> and Office of the National Data Commissioner (ONDC) <www.datacommissioner.gov.au> to adopt an iterative approach to the development of the policy settings and to the Data Sharing & Release Framework. 

The purpose of the PIA is to assist in identifying and managing privacy issues that are raised by the proposed framework for the sharing and release of data that will be facilitated by the Data Sharing & Release Bill. The key proposals are:

• To enable a range of data sharing and data release activities for permitted purposes; and
• To create an effective governance framework for the proposed data sharing and the release of public sector data.
  

In September 2019 this PIA was publicly released with an accompanying discussion paper - all Galexia’s recommendations have been accepted.

<www.datacommissioner.gov.au>

QT - Queensland Department of Transport

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

QT - Strategic advice (2001-2005)

Galexia assisted Queensland Transport with a range of advice on the New Queensland Driver Licence between 2001 and 2005. This included the production of numerous briefing notes on specific issues and attendance at a range of meetings and workshops. Galexia continued to provide ongoing advice as the project progressed to the public tender stage.

QT - Privacy Stakeholder Consultations for new Queensland Driver License (2003)

Galexia assisted Queensland Transport conduct public consultations in late 2003 and early 2004 on the New Queensland Driver Licence. This included advice on the communications strategy and attendance at stakeholder meetings and workshops.

QT - Privacy Management Strategy (PMS) for new Queensland Driver License (September 2003)

In March 2003 Galexia completed the Privacy Management Strategy (PMS) for Queensland Transport on the proposed Queensland Smart Card Driver Licence. In September 2003 this was released to the public as part of a formal consultation process. This Privacy Management Strategy (PMS) covers a wide range of technical and legal issues and proposes short, medium and long-term measures for ensuring that privacy issues are managed in the proposed roll-out of the new licence.

Read more »

QT - Privacy Impact Assessment (PIA) for new Queensland Driver License

Galexia conducted a Privacy Impact Assessment (PIA) of new technology being considered by Queensland Transport, including ongoing advice to the Department on smart cards, electronic authentication, digital certificates, evidence of identity, and PKI. Galexia’s PIA and the subsequent Privacy Management Strategy received formal sign off from the Queensland Crown Solicitor and approval from a Cabinet sub-committee.

Qubit Consulting

Qubit - Overview

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more » Identity Management and Authentication - Technical Consulting. Read more »

Qubit Consulting specialises in enterprise IT consulting, including:

• Service Oriented Architecture (SOA);
• Identity Management and Application Security; and
• Application Development.

Galexia has partnered with Qubit Consulting in developing and implementing a number of large identity and access management systems.

Qubit Consulting joined Deloitte’s Cyber Risk Services practice in October 2015.

Qubit - University of Western Sydney Identity Systems Upgrade (2010)

Galexia and Qubit Consulting have implemented a major new identity management solution for the University of Western Sydney. Galexia assisted with the design, development and implementation of automated provisioning, password synchronisation and data cleansing for University staff and students.

Qubit - University of Sydney Identity Systems Upgrade (2009)

Qubit Consulting has conducted a major upgrade of identity systems for the University of Sydney. Galexia assisted with the development and implementation of a security and provisioning solution for University staff and students.

Qubit - Vodafone Authentication Gateway and Identity Management (2009)

Galexia assisted with Qubit’s significant redevelopment of Vodafone’s identity and access management systems, which serves over 4 million users. Galexia provided implementation services for identity management and directory services.

QVAS - Queensland Valuation and Sales System (QVAS)

QVAS - Overview

Related Galexia services and solutions Self-regulation and Codes of Conduct. Read more » Strategic Privacy Consulting. Read more » Related links Personal Identification Information in Property Data (PIIPD) Code of Conduct (external link) »

Galexia has played an ongoing role in the development, implementation and review of a code-of-conduct for QVAS - Queensland Valuation and Sales System.

This code-of-conduct is an excellent example of successful privacy self-regulation in the information broking sector.

QVAS - Review of Queensland Personal Identification Information in Property Data (PIIPD) Code of Conduct (2013)

Galexia was engaged to undertake an independent review on the operations and effectiveness of the Queensland Personal Identification Information in Property Data (PIIPD) Code. The review considered the operation of the Code and encompass accountability, effectiveness, efficiency, accessibility, independence and fairness.

QVAS - Development of the Code of Conduct (2008)

Galexia developed a Code of Conduct for bulk data access to identified information in the Queensland Valuation and Sales System (QVAS) database - the short title is the QVAS Code of Conduct.

Galexia assisted the Queensland Department of Natural Resources and Water and a working group of information broker industry representatives to develop this Code. The project included research on privacy issues, stakeholder workshops, multiple drafts and the development of an explanatory memorandum.

The Code covers privacy protections and complaints mechanisms for access to information about real property transactions in Queensland. The Code was submitted to the QLD Cabinet in late 2008 was subject to public consultations in 2009.

Galexia advised the following information brokers during the project:

• Australian Property Monitors/Fairfax (APM);
• CITEC;
• Enhance;
• PDS Live;
• Residex;
• RP Data;
• Trivett Property Group; and
• Veda Advantage.

RAB - Regional Australia Bank

Related Galexia services and solutions Identity Management and Authentication - Technical Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Strategic Privacy Consulting. Read more »

Regional Australia Bank <www.regionalaustraliabank.com.au> is a regional customer owned bank (one of approximately 20 mutual banks in Australia).

RAB - Review and Briefing on Identity Management and Customer Initiated Data Sharing (2017)

The Regional Australia Bank approached Galexia (as independent IAM and privacy consultants) to consider options, issues and trends surrounding Regional Australia Bank (RAB) providing customers with an enhanced Identity and Access Management (IAM) platform that incorporates Customer Initiated Data Sharing with selected third parties.

This included a consideration of technical standards to API Authorisation (and Authentication) and financial sector APIs.

Galexia reviewed both local and international regulatory and policy landscape, including:

• Financial System Inquiry (The Murray Report), 2015
  • Inquiry Recommendation 15 — Digital identity
• New Payment Platform (NPP) 2017-2018
  • The NPP includes an optional identity component (or overlay) known as PayID
• Australian Government Digital Transformation Agency (DTA)
  • Trusted Digital Identity Framework (2016-2017)
• Australian Government Productivity Commission
  • Inquiry on Data Availability and Use (8 May 2017)
• Australian Government Department of Prime Minister & Cabinet (PM&C)
  • Data Availability and Use Taskforce
• Parliament of Australia, House of Representatives Standing Committee
  • Review of the Four Major Banks (Second Report) (21 April 2017)
• Data 61
  • Blockchain Reports (8 June 2017)
• Australian Government Treasury
  • Review of Open Banking in Australia (August 2017)
• Australia Post
  • Digital iD (2017)
• UK Competition and Market Authority (CMA)
  • Open Banking remedies
• www.openbanking.org.uk

RP Data (now CoreLogic Australia)

RP Data - Privacy and Public Registers Advice

Related Galexia services and solutions International, Comparative and Cross-Border Research. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Strategic Privacy Consulting. Read more »

Galexia assisted RP Data to complete a report to examine the best practice privacy management for public registers in Australia.

Galexia advised on:

• A detailed description of how privacy is managed in Australian jurisdiction for public register information (land registry data, electoral roll data, etc.);
• A detailed description of best practice approaches to managing privacy in public registers (codes of conduct, published papers etc.);
• Analysis of legislative approaches to managing privacy in public registers (Commonwealth and State legislation); and
• Insight into trends in privacy regulation of privacy in public registers (Australian Law Reform Commission review etc.).

The paper reflects Galexia’s expertise on relevant, cogent and commercially aware strategic advice on privacy.

Read more »

Sensis

Related Galexia services and solutions Identity Management and Authentication - Technical Consulting. Read more »

Sensis - Identity and Access Management (2007)

Galexia provided senior technical assistance in the development of a distributed cross-domain single-sign on and access management platform.

Singapore iDA (Infocomm Development Authority of Singapore)

Related Galexia services and solutions International, Comparative and Cross-Border Research. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Identity Management and Authentication - Technical Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more »

In October 2016 The Info-communications Development Authority of Singapore (IDA) and the Media Development Authority of Singapore (MDA) have been restructured to form the Info-communications Media Development Authority of Singapore (IMDA) and the Government Technology Agency (GovTech).

Singapore iDA - A Study of Singapore’s Certification Authority Scheme

Galexia successfully joined a consortium to review the compliance auditing framework for Certification Authority (CA) candidates for the Singapore Infocomm Development Authority (iDA).

The existing framework consists of audit standards and updated security management best practice guidelines. The objective was to update the guidelines to align them with international best practices, and to provide clarity for CAs and auditors on security audit requirements for CAs. The project also provided a ‘gap analysis’ of the present set of guidelines and audit requirements concerning internationally recognised security standards and best practices.

Singapore iDA - Singapore National Authentication Framework (NAF)

The Infocomm Development Authority of Singapore (iDA) developed a National Authentication Framework (NAF) programme under their 10 year Intelligent Nation Masterplan. NAF aims to implement a nationwide infrastructure for strong authentication through the development of appropriate business, technical and operational frameworks. A NAF steering committee and four NAF sub-committees (Finance, Telecommunications, Government and Technical) comprising of industry captains and government will provide sponsorship and inputs to the developmental works under NAF.

Galexia was chosen as part of a consortium (also including KPMG, Baker & McKenzie, Wong & Leow) to drive and guide the establishment of the NAF. Galexia’s work included the proposal of a model to deploy the NAF, and the development of supporting components needed to realise the deployments:

• Governance Framework and Regulatory Requirements;
• Accreditation Audit Criteria for Authentication Operators (‘AOs’);
• Reference Business Agreement; and
• Reference Technical Standards and Protocols.

South Australia - Office of the Chief Information Officer

South Australia - Office of the Chief Information Officer - Review of Identity and Access Management Position Paper

Related Galexia services and solutions International, Comparative and Cross-Border Research. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more »

Galexia conducted a review of a position paper developed by the South Australian Office of the Chief Information Officer. The paper, on Identity and Access Management (IAM) for the South Australian Government, is a pre-cursor for the planned development of an IAM Framework for all of South Australia.

Read more »

Telstra

Related Galexia services and solutions Identity Management and Authentication - Technical Consulting. Read more »

Telstra - Identity Management and Authentication Projects (2006-2008)

Galexia (through Sun Microsystems, with partners including Accenture and EDS) assisted in the design of identity management, access control and authentication solutions for Telstra in Australia. Galexia provided expert consulting services, including analysis, lead architecture, high-performance software design and advice on performance/load/stress testing. The largest single implementation will provide identity management and single sign on authentication services to 20 million customer accounts - one of the most significant and advanced deployments worldwide. Galexia’s work for Telstra has included:

Telstra BigPond

This included advice on identity management and cross domain authentication for Telstra’s BigPond customers and content partners. It also included advice on next generation wireless services and applications.

Telstra ‘Transformation’ project

The Transformation project was Telstra's multi-billion dollar program of consolidation and new service rollout. Galexia’s involvement included advice on Telstra’s proposed integration and consolidation of all client services under a unified, consistent approach to identity management, single sign on and authentication.

Telstra Sentinel

This is Telstra’s system for the management of identity and access for internal staff and contractors. Galexia has advised on architecture and on performance, including a complete review and redesign of the system. The design incorporates next generation bi-level role based access control techniques.

Sensis Identity and Access Management

Sensis was developing a cross-domain single-sign on and access management platform that links customer accounts across its ‘Properties’ (Trading Post, Yellow Pages, White Pages etc). Galexia provided senior consulting advice in this project.

Thomson Reuters Australia

Thomson Reuters - Overview

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Thomson Reuters Australia links Thomson Reuters Australian home page (external site) »

Thomson Reuters Australia is a major publisher for the legal, tax and accounting, and business sectors, providing many of the most widely used print and electronic resources in business and academia.

Thomson Reuters - The Laws of Australia (2009)

Galexia edited the ‘Electronic Contracts’ chapter of Thomson Reuter’s The Laws of Australia. The chapter provides an encyclopaedic analysis of Australian law on the use of electronic communications and contracts, including electronic contract formation, identity and security, electronic signatures, evidence, and consumer protection. Galexia’s work on this chapter builds on our expertise in Australian and international electronic contract law.

UNCTAD - United Nations Conference on Trade and Development

UNCTAD - Overview

Related Galexia services and solutions International, Comparative and Cross-Border Research. Read more » Specialised Legal and Regulatory Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Cloud Computing and Digital Economy Strategy and Advice. Read more » Related Galexia news about UNCTAD Galexia director speaks at Conference on Digital Economy, Trade and Development (Stockholm) - 21 June 2017 » Galexia presenting at the International Conference of Data Protection and Privacy Commissioners, Marrakech - October 2016 » Galexia helps the United Nations publish major study on data protection and trade - 19 April 2016 » United Nations hosting major E-Commerce event in Geneva - 18 April 2016 » Galexia to present at Expert Meeting on Cyberlaws and Regulations for Enhancing E-Commerce, Geneva - March 2015 » Galexia presentation at the Commonwealth Cybersecurity Forum in London - 5 March 2014 » UNCTAD Review of E-commerce Legislation Harmonization in ASEAN - 25 September 2013 » UNCTAD Information Economy Report 2013 - Expert Peer Review Meeting (Geneva) - July 2013 » Australia to adopt the UN Convention on the use of Electronic Communications in International Contracts - 23 April 2009 » Galexia completes study of cyberlaw harmonization for UNCTAD Information Economy Report - February 2008 »

<http://unctad.org>

UNCTAD - Major study on data protection and trade (2016)

External links and Downloads Download the report »

Galexia assisted the United Nations Conference on Trade and Development (UNCTAD) publish a major study: Data protection regulations and international data flows: Implications for trade and development.

Galexia Director Chris Connolly was the lead author / consultant for the study.

This major report (170 pages) examines the relationship between data protection and trade, with a strong focus on the issues faced by developing nations. The study also includes detailed contributions from national governments, regulators and businesses.

The study identified numerous challenges in the development and implementation of data protection laws, including:

1. Addressing gaps in coverage

2. Addressing new technologies

3. Managing cross-border data transfers

4. Balancing surveillance and data protection

5. Strengthening enforcement

6. Determining jurisdiction

7. Managing the compliance burden

The study includes numerous practical policy options and suggestions for global, regional and national stakeholders.

The full report is available at: http://unctad.org/en/pages/PublicationWebflyer.aspx?publicationid=1468

UNCTAD - Review of E-commerce Legislation Harmonization in ASEAN (2013)

Galexia Microsite Browse Galexia's micro-site of the Research Report Download the Research Report as a PDF Browse the Full Contents of the Research Report Related Links Read more about Galexia's ASEAN E-Commerce project » Read UNCTAD's Information Economy Report series (external link) »

Galexia and the United Nations Conference on Trade and Development (UNCTAD) have released a major report, entitled Review of E-commerce Legislation Harmonization in the Association of Southeast Asian Nations (2013).

The report is a follow-up to Galexia's previous AusAID funded project to harmonise e-commerce legal infrastructure in ASEAN (2004-2009) and Galexia’s earlier study for the UNCTAD Information Economy Report on ASEAN cyberlaw harmonisation in 2008.

This 2013 review documents the significant advances made by ASEAN countries in the area of e-commerce laws. It also makes proposals for accelerating the process of regional integration and harmonization as outlined in the ASEAN ICT Masterplan 2015.

Galexia’s extensive and detailed work with ASEAN has assisted ASEAN be the first region in the developing world to adopt a harmonized legal framework for e-commerce and it is the most advanced developing region in terms of implementing harmonized e-commerce laws.

The review includes detailed regional and national analysis of e-commerce laws, privacy, cybercrime and cloud computing.

UNCTAD - Information Economy Report (2007-2008) - Harmonising Cyber Legislation at the Regional Level: The case of ASEAN

Download Report Download Chapter 8 - Harmonising Cyber Legislation at the Regional Level: The case of ASEAN » (PDF) Read UNCTAD's Information Economy Report series (external link) »

Galexia was commissioned by the United Nations Conference on Trade and Development (UNCTAD) to contribute a chapter to the Information Economy Report 2007-2008. Galexia’s chapter presents a case study on the ASEAN E-Commerce Project - a major 4-year project to assist the ten Member Countries of the Association of South East Asian Nations develop and implement a harmonised e-commerce legal infrastructure. The E-Commerce Project is funded by the ASEAN Australia Development Cooperation Program (AADCP).

The experience of the ASEAN Member Countries in the E-Commerce Project is helpful for developing countries formulating their own e-commerce legislation and beyond this, developing a comprehensive legal infrastructure, including regulations, standards, training and education.

UNSW - University of NSW

UNSW - Faculty of Law - Overview

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more »

UNSW - Faculty of Law - Electronic Commerce Law Materials (2004-2005)

Galexia developed materials for the University of NSW course on Electronic Commerce Law (2004)..

Read more »

UNSW - Faculty of Law - Cyberspace Law Materials (2003-2004)

Galexia has developed and hosts materials for the University of NSW course on Cyberspace Law.

Read more »

UNSW - Baker & McKenzie Cyberspace Law & Policy Centre - Digital Document Retention Research (April 2004)

Galexia provided research and advice on legal and strategic issues in Digital Document Retention. This included detailed Australian and international research.

Read the final report »

UNSW - Faculty of Law - Online Dispute Resolution Research (May 2004)

Galexia provided research and advice on legal and strategic issues in Online Dispute Resolution. This included detailed Australian and international research.

USYD - The University of Sydney

Related Galexia services and solutions Identity Management and Authentication - Technical Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more »

USYD - Identity and Access Management (IdAM) Strategy and Roadmap (2017)

Galexia was successful in a competitive tender and has assisted The University of Sydney with an Identity and Access Management (IdAM) Strategy and Roadmap based on Galexia's proven IdAM methodology.

The IdAM Strategy includes:

• Current State, Issues and Impacts
  • Policy, Oversight, Delivery Model, Operations and Communication
  • User Experience
  • Identity Types and Lifecycles
  • Access Management, Privileged Access Management, Entitlements Management, Credential Management, Federation
  • Directory Services
  • Identity Platform
• Key Trends
• Vision
• Enhanced Capabilities and Benefits
• Gap Analysis
• IdAM Program
• Reference Architecture
• Governance Structure
  • Policy, Standards and Procedures
  • Teams and Functions
  • Roles and Responsibilities
  • Communication

The IdAM Roadmap includes:

• Target State Capabilities and Maturity
• Streams and Activities
• Dependencies
• Timeline
• Governance Structure
• Best Practices

Veda Advantage

Veda Advantage - Overview

Related Galexia services and solutions International, Comparative and Cross-Border Research. Read more » Self-regulation and Codes of Conduct. Read more » Strategic Privacy Consulting. Read more » Specialised Legal and Regulatory Consulting. Read more » Related links Veda Advantage home page (external site) »

Veda Advantage provides credit reporting services to individuals and businesses in Australia and New Zealand. Veda’s data. Veda Advantage’s data covers over 16.5 million individuals and over 4.4 million companies and businesses.

Galexia worked closely with Veda Advantage during the reform of Australia’s privacy and credit reporting laws since late 2007.

In 2013 Veda listed on the Australian stock exchange and in February 2016 it was acquired by Equifax Inc.

Veda Advantage - Credit reporting and consumer information (2010)

Galexia prepared a report on the main sources of consumer information on credit reporting. The report recommends key consumer education requirements in the lead-up to the reform of Australia’s credit reporting and privacy laws (expected in 2011).

The most significant change to Australia’s credit reporting laws will be the introduction of more comprehensive credit reporting - the collection and sharing of information about individuals’ credit repayment histories.

Galexia’s report assesses the consumer information, education and awareness needs that should be addressed in the lead up to this reform, and recommends a two-stage consumer education campaign.

Veda Advantage - Credit Reporting Framework - Submission to Australian Law Reform Commission Discussion Paper 72 (2007)

Downloads and further reading ALRC’s Discussion Paper 72: Review of Australian Privacy Law (external site) » Galexia’s response to DP72 » Submission by Veda Advantage to the Productivity Commission Review of Australia’s Consumer Policy Framework (external site) » (PDF)

Galexia was commissioned to independently research and develop options for a framework for stronger, more effective and more efficient consumer protection in credit reporting in Australia. This task was initiated in response to the Australian Law Reform Commission (ALRC) review of privacy legislation.

Consumer protection in the regulation of credit reporting is a very complex territory and Veda Advantage wanted to assist the ALRC and stakeholders with a cogent expert’s report to guide understanding of the major issues.

VIC-DIIRD - Victorian Department of Innovation, Industry and Regional Development (DIIRD)

Related Galexia services and solutions Cloud Computing Strategy and Advice. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Related news about Galexia Privacy Impact Assessments in Victoria Galexia completes Privacy Impact Assessment (PIA) for Victorian Labour Hire Licensing Authority (LHLA) - June 2019 » Galexia completes Privacy Advice and 2-Stage Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on PageUp Services - November 2018 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on MyTAC enhancement - October 2018 » Galexia completes 2nd PIA and Privacy Checklist for the Victorian Transport Accident Commission (TAC) on cloud-based Data Analytics and Reporting (Phase 2 - Expanded Data Set) - October 2018 » Galexia completes Privacy Impact Assessment (PIA) for Victorian Agency for Health Information (VAHI) - 28 August 2018 » Galexia completes initial Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on proposed cloud-based Data Analytics and Reporting Pilot - July 2018 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Point of Sale (PoS) Online Service - June 2017 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Phase 1 of Online Client Service - April 2017 » Galexia completes Privacy Impact Assessment (PIA) for Victorian Resource Rights Allocation and Management (RRAM) migration to cloud - August 2014 » Galexia completes Privacy Impact Assessment (PIA) for Business Victoria Online - May 2014 » ... more »

The Department of Innovation, Industry and Regional Development (DIIRD) was created on 5 March 2002 by the renaming of the Department of State and Regional Development.

The Department of Economic Development, Jobs, Transport and Resources was established by the Victorian Government on 1 January 2015.

VIC-DIIRD - Client data management PIAs (2009 and 2010)

Galexia completed a series of Privacy Impact Assessments for a proposed client data management solution for the Department of Innovation, Industry and Regional Development (DIIRD) as they moved some of their key services to a cloud computing platform. The PIAs considered issues of data security and transborder data flow under Victoria’s privacy laws, as well as public perception and system governance.

VIC-DSDBI - Victorian Department of State Development, Business and Innovation (DSDBI)

Related Galexia services and solutions Cloud Computing Strategy and Advice. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Related news about Galexia Privacy Impact Assessments in Victoria Galexia completes Privacy Impact Assessment (PIA) for Victorian Labour Hire Licensing Authority (LHLA) - June 2019 » Galexia completes Privacy Advice and 2-Stage Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on PageUp Services - November 2018 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on MyTAC enhancement - October 2018 » Galexia completes 2nd PIA and Privacy Checklist for the Victorian Transport Accident Commission (TAC) on cloud-based Data Analytics and Reporting (Phase 2 - Expanded Data Set) - October 2018 » Galexia completes Privacy Impact Assessment (PIA) for Victorian Agency for Health Information (VAHI) - 28 August 2018 » Galexia completes initial Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on proposed cloud-based Data Analytics and Reporting Pilot - July 2018 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Point of Sale (PoS) Online Service - June 2017 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Phase 1 of Online Client Service - April 2017 » Galexia completes Privacy Impact Assessment (PIA) for Victorian Resource Rights Allocation and Management (RRAM) migration to cloud - August 2014 » Galexia completes Privacy Impact Assessment (PIA) for Business Victoria Online - May 2014 » ... more »

VIC-DSDBI - PIA for migration of Victorian Resource Rights Allocation and Management (RRAM) services to the cloud (2014)

Galexia completed a Privacy Impact Assessment for the Victorian Department of State Development, Business and Innovation (DSDBI) on the proposed migration of Victorian Resource Rights Allocation and Management (RRAM) services to a cloud services provider (SalesForce). The PIA considered issues of data security and transborder data flow under Victoria’s privacy laws, as well as public perception and system governance.

Galexia has particular experience in advising Government agencies in their successful migration to cloud and externally hosted services. We have assisted in the development of a staged privacy and security assessments and compliance framework for prior migrations.

VIC-DSDBI - PIA for migration of Business Victoria to the cloud (2014)

Galexia completed a Privacy Impact Assessment for the Victorian Department of State Development, Business and Innovation (DSDBI) on the proposed migration of Business Victoria to a cloud services provider (Telstra). The PIA considered issues of data security and transborder data flow under Victoria’s privacy laws, as well as public perception and system governance.

VIC-DTPLI - Victorian Department of Transport Planning and Local Infrastructure (DTPLI)

Related Galexia services and solutions Cloud Computing Strategy and Advice. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Related news about Galexia Privacy Impact Assessments in Victoria Galexia completes Privacy Impact Assessment (PIA) for Victorian Labour Hire Licensing Authority (LHLA) - June 2019 » Galexia completes Privacy Advice and 2-Stage Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on PageUp Services - November 2018 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on MyTAC enhancement - October 2018 » Galexia completes 2nd PIA and Privacy Checklist for the Victorian Transport Accident Commission (TAC) on cloud-based Data Analytics and Reporting (Phase 2 - Expanded Data Set) - October 2018 » Galexia completes Privacy Impact Assessment (PIA) for Victorian Agency for Health Information (VAHI) - 28 August 2018 » Galexia completes initial Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on proposed cloud-based Data Analytics and Reporting Pilot - July 2018 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Point of Sale (PoS) Online Service - June 2017 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Phase 1 of Online Client Service - April 2017 » Galexia completes Privacy Impact Assessment (PIA) for Victorian Resource Rights Allocation and Management (RRAM) migration to cloud - August 2014 » Galexia completes Privacy Impact Assessment (PIA) for Business Victoria Online - May 2014 » ... more »

VIC-DTPLI - PIA for migration of grant management services to the cloud (2014)

Galexia completed a Privacy Impact Assessment for the Victorian Department of Transport Planning and Local Infrastructure (DTLPI) on the proposed migration of grants management services to a cloud services provider. The PIA considered issues of data security and transborder data flow under Victoria’s privacy laws, as well as public perception and system governance.

VIC-LHLA - Victorian Labour Hire Licensing Authority (LHLA)

Related Galexia services and solutions Cloud Computing Strategy and Advice. Read more » Cybersecurity Research and Advice. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Related news about Galexia Privacy Impact Assessments in Victoria Galexia completes Privacy Impact Assessment (PIA) for Victorian Labour Hire Licensing Authority (LHLA) - June 2019 » Galexia completes Privacy Advice and 2-Stage Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on PageUp Services - November 2018 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on MyTAC enhancement - October 2018 » Galexia completes 2nd PIA and Privacy Checklist for the Victorian Transport Accident Commission (TAC) on cloud-based Data Analytics and Reporting (Phase 2 - Expanded Data Set) - October 2018 » Galexia completes Privacy Impact Assessment (PIA) for Victorian Agency for Health Information (VAHI) - 28 August 2018 » Galexia completes initial Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on proposed cloud-based Data Analytics and Reporting Pilot - July 2018 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Point of Sale (PoS) Online Service - June 2017 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Phase 1 of Online Client Service - April 2017 » Galexia completes Privacy Impact Assessment (PIA) for Victorian Resource Rights Allocation and Management (RRAM) migration to cloud - August 2014 » Galexia completes Privacy Impact Assessment (PIA) for Business Victoria Online - May 2014 » ... more »

The Labour Hire Licensing Authority is responsible for implementing the Labour Hire Licensing Act 2018, which introduced a licensing scheme for providers of labour hire across all industry sectors in Victoria.

The key elements of the licensing scheme includes:

• labour hire providers must be licensed to operate in Victoria
• those who use labour hire providers must only engage licensed providers
• labour hire providers must report annually on their labour hire activities.

<https://labourhireauthority.vic.gov.au/>

VIC-LHLA - 2-stage PIA for Cloud-based Registry System (2018/19)

In August 2018, Galexia was engaged by Industrial Relations Victoria (IRV) - a division of Victorian Department of Premier & Cabinet (DPC).

Galexia conducted a 2-stage Privacy Impact Assessment (PIA) to assist in identifying and managing key privacy issues that are raised by the design and implementation of the Labour Hire Licensing ICT Solution and cloud-based online registry solution that is being operated by the Labour Hire Licensing Authority (LHLA).

The PIA was finalised in June 2019.

VIC-TAC - Victorian Transport Accident Commission (TAC)

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Cloud Computing Strategy and Advice. Read more » Cybersecurity Research and Advice. Read more » Related news about Galexia Privacy Impact Assessments in Victoria Galexia completes Privacy Impact Assessment (PIA) for Victorian Labour Hire Licensing Authority (LHLA) - June 2019 » Galexia completes Privacy Advice and 2-Stage Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on PageUp Services - November 2018 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on MyTAC enhancement - October 2018 » Galexia completes 2nd PIA and Privacy Checklist for the Victorian Transport Accident Commission (TAC) on cloud-based Data Analytics and Reporting (Phase 2 - Expanded Data Set) - October 2018 » Galexia completes Privacy Impact Assessment (PIA) for Victorian Agency for Health Information (VAHI) - 28 August 2018 » Galexia completes initial Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on proposed cloud-based Data Analytics and Reporting Pilot - July 2018 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Point of Sale (PoS) Online Service - June 2017 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Phase 1 of Online Client Service - April 2017 » Galexia completes Privacy Impact Assessment (PIA) for Victorian Resource Rights Allocation and Management (RRAM) migration to cloud - August 2014 » Galexia completes Privacy Impact Assessment (PIA) for Business Victoria Online - May 2014 » ... more »

The TAC is a Victorian Government-owned organisation set up to pay for treatment and benefits for people injured in transport accidents, promote road safety and improve Victoria's trauma system.

<https://www.tac.vic.gov.au>

VIC-TAC - Privacy Advice and 2-stage PIA of PageUp services to TAC (2018)

Galexia undertook a privacy review, developed initial issues guidance and then a subsequent independent Privacy Impact Assessment (PIA) considering the June 2018 PageUp data breach issue and provided broader advice on the potential use of additional PageUp services.

Whilst the PageUp data breach issue did not have a direct impact on TAC data, it was important to undertake an independent strategic review.

VIC-TAC - PIA for MyTAC enhancement - Supported Needs Identification (2018)

Galexia provided an Independent Privacy Impact Assessment (PIA) for TAC on the design and proposed implementation of the Needs Identification Questionnaire via the MyTAC App and web portal.

This PIA examined issues around the cloud hosting services (Microsoft Azure), system design and the user interface.

Galexia’s advice examined compliance with Victorian privacy and health privacy legislation.

VIC-TAC - 2nd PIA for proposed cloud-based Data, Analytics and Reporting (DAR) Platform and Development of a Data Release Privacy Checklist (Phase 2 - Expanded Data Set) (2018)

Galexia was engaged to develop an independent Privacy Impact Assessment (PIA) - examining the privacy consideration of the complete data analytics program, examining privacy issues on the use of cloud hosting services (Microsoft Azure), system design (including the ‘Data Vault Model’), and the risk profile of the underlying information assets - building on the Data, Analytics and Reporting (DAR)Working Model PIA (July 2018).

This PIA was the second for the program and is intended to provide recommendations and identify the risks for the DAR Program as it progresses into the design phase. Subsequent assessments will then provide assurance that the design and built solution have taken into consideration the independent PIA recommendations.

Using the prior developed DAR PIAs (Phase 1 Working Model and then Phase 2 Expanded Data Set) as a baseline, Galexia developed a Data Release Privacy Checklist for the TAC Data, Analytics and Reporting (DAR) Program.

VIC-TAC - Initial PIA for proposed cloud-based Data, Analytics and Reporting (DAR) Program (Phase 1 - Working Model) (2018)

Galexia has completed a Privacy Impact Assessment (PIA) for the Transport Accident Commission (TAC) on Phase 1 of their proposed Data Analytics and Reporting (DAR) Program. Phase 1 includes the development of a limited working model, based upon a slice of data.

The PIA considers privacy issues surrounding the proposed implementation of a new Data Analytics and Reporting (DAR) system based on cloud infrastructure. Galexia’s advice examines compliance with Victorian privacy and health privacy legislation.

The purpose of the PIA is to assist identifying and managing privacy issues that are raised by the design and proposed implementation of the DAR Program.

This initial PIA was limited to consideration of the first phase of the DAR Project, consisting of:

• 1. Establishing a Working Model for the DAR Project utilising a limited data set;
• 2. Working with sub-contractors and cloud service providers to develop the underlying infrastructure required for the DAR Program; and
• 3. Evaluating the Working Model before proceeding with the further development and implementation of the DAR Project across a broader set of data

VIC-TAC - PIA for Point of Sale (PoS) online service (2017)

Find out more about TAC’s cloud based digital payment solution using Lantern Pay >

Galexia completed a Privacy Impact Assessment (PIA) for the Transport Accident Commission (TAC) on the proposal to develop and implement a Point of Sale (POS) application using Lantern Pay <http://www.lanternpay.com> (in association with Westpac). The application will be hosted, in part, on a cloud-computing platform.

The purpose of the PIA was to assist in identifying and managing privacy issues raised by the design and proposed implementation of the Point of Sale (POS) application - the Lantern Pay service.

The PIA considered compliance with privacy legislation, user acceptance and public perception issues. The PIA made a broad range of recommendations for mediating privacy risks, including changes to the design, practical privacy compliance steps, further research and privacy governance arrangements.

VIC-TAC - PIA for Phase 1 of proposed Online Client Service (2017)

Find out more about using myTAC >

Galexia was successful in a competitive tender to undertake a PIA examining privacy issues arising from the design and implementation of a new Online Client Service (including an online portal for self-managing clients and a mobile app).

Galexia’s advice covered compliance with Victorian privacy and health privacy legislation, and advice on best practice in moving existing processes to a cloud based service. The PIA was completed in April 2017 and included:

• Galexia PIA Matrix (Victoria)
• ‘Urgent Issues’ guidance in the first 2 weeks of the engagement - ensuring a no surprises approach and working closely with multi-disciplinary and agile teams.
• 3 staged briefing notes and vendor and internal team updates incorporated into an agile delivery process.
• Draft and Final PIAs
• Follow-up briefing to executive and privacy teams

VIC-VAHI - Victorian Agency for Health Information (VAHI)

Related Galexia services and solutions Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Related news about Galexia Privacy Impact Assessments in Victoria Galexia completes Privacy Impact Assessment (PIA) for Victorian Labour Hire Licensing Authority (LHLA) - June 2019 » Galexia completes Privacy Advice and 2-Stage Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on PageUp Services - November 2018 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on MyTAC enhancement - October 2018 » Galexia completes 2nd PIA and Privacy Checklist for the Victorian Transport Accident Commission (TAC) on cloud-based Data Analytics and Reporting (Phase 2 - Expanded Data Set) - October 2018 » Galexia completes Privacy Impact Assessment (PIA) for Victorian Agency for Health Information (VAHI) - 28 August 2018 » Galexia completes initial Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on proposed cloud-based Data Analytics and Reporting Pilot - July 2018 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Point of Sale (PoS) Online Service - June 2017 » Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Phase 1 of Online Client Service - April 2017 » Galexia completes Privacy Impact Assessment (PIA) for Victorian Resource Rights Allocation and Management (RRAM) migration to cloud - August 2014 » Galexia completes Privacy Impact Assessment (PIA) for Business Victoria Online - May 2014 » ... more »

The Victorian Agency for Health Information (VAHI) was created in 2017 as part of Victorian Government reforms to overhaul quality and safety across Victoria’s healthcare system.

VAHI functions independently to the Victorian Department of Health & Human Services.

<https://www.bettersafercare.vic.gov.au/about-us/about-vahi>

VIC-VAHI - PIA for  Victorian Health Incident Management System (VHIMS) (2018)

In June 2018, Galexia was engaged by Victorian Agency for Health Information (VAHI) to conduct and independent Privacy Impact Assessment (PIA) on the Victorian Health Incident Management System (VHIMS) Central Solution.

This PIA examined privacy issues in the phased roll-out of a new Incident Management System and associated infrastructure. Galexia’s advice examined compliance with Victorian privacy and health privacy legislation.

The PIA was finalised in August 2018.

Vodafone Australia

Vodafone Australia - Access Controls Project

Related Galexia services and solutions Identity Management and Authentication - Technical Consulting. Read more »

Galexia (with partners, including Sun Microsystems) assisted in the design and delivery of a telco-grade identity management and access control solution for Vodafone Australia.

Galexia provided expert consulting services that covered the entire project lifecycle, including analysis, lead architecture, high-performance software design, multi-site high-availability hardware sizing, network and monitoring design, security design, automated provisioning and advice on performance/load/stress testing.

[up to projects]