Projects

• ACCAN - Australian Communications Consumer Action Network
  • ACCAN - Overview
  • ACCAN - Customer Service Charters (2009)
  • ACCAN - Informed Consent (2009)
• AGIMO - Australian Government Information Management Office
  • AGIMO - Overview
  • AGIMO - Gatekeeper ad hoc advice (2009)
  • AGIMO - Australian Government e-Authentication Framework for Individuals (AGAFI) (May - August 2006)
  • AGIMO - Gatekeeper Public Key Infrastructure Framework (February 2006)
  • AGIMO - Identity Management for Government Employees (IMAGE) Framework (January 2006)
• AGOSP - Australian Government Online Service Point
  • AGOSP - Overview
  • AGOSP - Australian Government Online Service Point (AGOSP) Implementation (2009)
  • AGOSP - Australian Government Online Service Point (AGOSP) Architecture and Design (2008-2009)
• ANTA - Australian National Training Authority
  • ANTA - Legal and Regulatory advice
  • ANTA - National Authentication Workshop (August 2003)
  • ANTA - Strategic Advice
  • ANTA - Broadband Advice
  • ANTA - Interoperability Advice
• ASEAN - Association of South East Asian Nations
  • ASEAN - Overview
  • ASEAN - Special Assistance - Awareness Raising and Technical Assistance - Phase 4 (January 2008)
  • ASEAN - Electronic Commerce project - Phase 3 (Mutual Recognition of Digital Signatures) (April 2007)
  • ASEAN - Electronic Commerce project - Phase 2 (Electronic Contracting and Online Dispute Resolution (ODR)) (February 2006)
  • ASEAN - Survey of Cyberspace Laws (August 2005)
  • ASEAN - Electronic Commerce project - Phase 1 (March 2004)
• ASIC - Australian Securities and Investments Commission
  • ASIC - Security and risk mitigation advice for IT initiatives (2006 - 2007)
• ARCA - Australasian Retail Credit Association
  • ARCA - Review of the proposed Credit Reporting Code of Conduct (2008-2009)
• AUSTROADS
  • AUSTROADS - Overview
  • AUSTROADS - National Exchange of Vehicle and Driver Information System Strategy- Strategic Review (2009)
  • AUSTROADS - National Exchange of Vehicle and Driver Information System Strategy- Phase II (2006)
  • AUSTROADS - National Exchange of Vehicle and Driver Information System Strategy (2005)
• Baker & McKenzie Solicitors
  • Baker & McKenzie Cyberspace Law & Policy Centre - Digital Document Retention Research (April 2004)
  • Baker & McKenzie - ASEAN Electronic Commerce project (March 2004)
  • Baker & McKenzie - Digital Copyright Review advice (2003)
  • Baker & McKenzie - Joint advice on Internet gambling regulation in South-East Asia (2001)
  • Baker & McKenzie - Joint advice on Internet content regulation in South East Asia (2001)
  • Baker & McKenzie - Joint advice on privacy law in South-East Asia (2001)
  • Baker & McKenzie - Joint advice on impact of EU data protection directive (2001)
  • Baker & McKenzie - Expert Witness for e-commerce litigation (2000)
• Biometrics and Privacy
• CALC - Consumer Action Law Centre
  • Reforming the public benefit test in the Trade Practices Act (2007)
• CHOICE
  • CHOICE - Overview
  • CHOICE - Consumer code development processes (2009)
  • CHOICE - Survey of Consumer Protection Measures in the Asia Pacific Region (2009)
  • CHOICE - Electronic Funds Transfer Code of Conduct Review (2008)
  • CHOICE - Consumer Protection in Telecommunications (May 2008)
  • CHOICE - Electronic Funds Transfer Code of Conduct Review (2007)
• CI - Consumers International
  • Survey of Consumer Protection Measures in the Asia Pacific Region (2009)
• CSIRO - Commonwealth Scientific and Industrial Research Organisation
  • CSIRO - Privacy and trust issues in the use of health data in research (2005)
• DBCDE - Department of Broadband, Communications and the Digital Economy (formerly DCITA)
  • DBCDE - Overview
  • DBCDE - Strengthening Spam Legislation, Enforcement and Cooperation Regimes in the Pacific project (2007-2008)
  • DBCDE - Malaysia-Australia E-Commerce Legal Infrastructure Analysis project (2006)
• DCITA - Department of Communications, Information Technology and the Arts
  • DCITA - Strengthening Spam Legislation, Enforcement and Cooperation Regimes in the Pacific project (October 2007)
  • DCITA - Malaysia-Australia E-Commerce Legal Infrastructure Analysis project (2006)
• DEEWR - Department of Education, Employment and Workplace Relations
  • Learning Identity Management Framework (LIMF) (September 2008 - January 2009)
• Defence - Commonwealth Department of Defence
  • Defence Identity Management Project (June 2007)
• DHA - Commonwealth Department of Health and Ageing
  • DHA - National Health Identifier project
• DIIRD - Victorian Department of Innovation, Industry and Regional Development
  • DIIRD - Client data management PIA (2009)
• DITR - Commonwealth Department of Industry, Tourism and Resources
  • DITR - Digital Credentials for the Legal Profession- Phase II (2006)
  • DITR - Digital Credentials for the Legal Profession (2005)
• Domain Name Disputes
  • Research and resources
  • ericbana.com
• Foxtel
  • Foxtel - Access Control Design (2007)
• Fidelity International
  • Fidelity - Offshore Data Transfer in Business Process Outsourcing (March 2007)
  • Fidelity - Electronic Human Resource Records (March 2007)
  • Fidelity - Privacy Compliance Strategy and Statement (January 2007)
  • Fidelity - Privacy Sanctions (December 2006)
  • Fidelity - Regional Privacy Advice (November 2006)
• Major Global Financial Institution
  • Identity Management Strategy and Technology Evaluation (2008)
• IPAA - Institute of Public Affairs Australia
  • IPAA/AGIMO Overview
  • IPAA/AGIMO e-Government Research Papers
• IQPC - International Quality and Productivity Centre
  • IQPC - Workshop: Building privacy into identity management solutions (March 2004)
• Japan PIA Study Tour
• Law Society of New South Wales
  • Law Society of NSW - Digital Credentials for the Legal Profession- Phase II (2006)
  • Law Society of NSW - Digital Credentials for the Legal Profession (2005)
• Level 3 Communications
  • Level 3 - Advice on impact of EU data protection directive (2001)
  • Level 3 - Advice on privacy law in South-East Asia (2001)
  • Level 3 - Advice on Internet content regulation in South East Asia (2001)
  • Level 3 - Advice on Internet gambling regulation in South-East Asia (2001)
• Lexis Australia
  • Lexis - Internet Law Bulletin (1998-2003)
• LIAC - Legal Information Access Centre
  • LIAC - Overview
  • LIAC - Cyberlaws Hot Topic (2009)
• LIV - Law Institute of Victoria
  • LIV - Law Institute of Victoria (1997 - 2009)
• Macquarie Bank
  • Macquarie Bank - Strategic Advice (2005)
• NEHTA - National E-Health Transition Authority
  • Healthcare Provider Identifier (HPI) and Individual Healthcare Identifier (IHI) Preliminary Privacy Impact Assessments (PIAs) (February 2006)
• NOIE - National Office for the Information Economy
  • NOIE - Overview
  • NOIE - ABN-DSC project
  • NOIE - Privacy and Public Key Infrastructure: Consultation Paper on Privacy Issues in the Use of PKI for Individuals and Possible Guidelines for Handling Privacy Issues in the Use of PKI for Individuals by Commonwealth agencies (June 2001)
• NSW RTA - Roads and Traffic Authority
  • NSW RTA - Overview
  • NSW RTA - Facial Recognition System PIA (2009)
  • NSW RTA - Document Verification Service Privacy Impact Assessment (November 2007)
• OFPC - Office of the Federal Privacy Commissioner
  • OFPC - Privacy and Public Key Infrastructure: Consultation Paper on Privacy Issues in the Use of PKI for Individuals and Possible Guidelines for Handling Privacy Issues in the Use of PKI for Individuals by Commonwealth agencies (June 2001)
• QT - Queensland Department of Transport
  • QT - Ongoing strategic advice (2001 - 2005)
  • QT - Privacy Stakeholder Consultations for new Queensland Driver License (2003)
  • QT - Privacy Management Strategy (PMS) for new Queensland Driver License (September 2003)
  • QT - Privacy Impact Assessment (PIA) for new Queensland Driver License
• Qubit Consulting
  • Qubit - Overview
  • Qubit - University of Sydney Identity Systems Upgrade (2009)
  • Qubit - Vodafone Authentication Gateway and Identity Management (2009)
• Queensland Information Brokers
  • QVAS Code of Conduct (2008)
• RP Data
  • RP Data - Privacy and Public Registers Advice
• Sensis
  • Sensis - Identity and Access Management (2007)
• Singapore iDA
  • Singapore iDA - A Study of Singapore’s Certification Authority Scheme
  • Singapore iDA - Singapore National Authentication Framework (NAF)
• South Australia - Office of the Chief Information Officer
  • South Australia - Office of the Chief Information Officer - Review Of Identity And Access Management Position Paper
• Telstra
  • Telstra - Identity Management and Authentication Projects (2006-2008)
    • Telstra BigPond
    • Telstra ‘Transformation’ project
    • Telstra Sentinel
    • Sensis Identity and Access Management
• Thomson Reuters Australia
  • Thomson Reuters - Overview
  • Thomson Reuters - The Laws of Australia (2009)
• Timmins Consulting
  • Timmins - Privacy Management Strategies for Local Government (2005)
• UNCTAD - United Nations Conference on Trade and Development
  • UNCTAD - Information Economy Report 2007
• UNSW - University of NSW
  • UNSW - Faculty of Law - Electronic Commerce Law Materials (2004-2005)
  • UNSW - Faculty of Law - Cyberspace Law Materials (2003 - 2004)
  • UNSW - Baker & McKenzie Cyberspace Law & Policy Centre - Digital Document Retention Research (April 2004)
  • UNSW - Faculty of Law - Online Dispute Resolution Research (May 2004)
• Veda Advantage
  • Credit Reporting Framework - Submission to Australian Law Reform Commission Discussion Paper 72 (December 2007)
• Vodafone Australia
  • Vodafone Australia - Access Controls Project

Galexia undertakes a range of projects for both Government and private sector clients. The scope and location of our projects may be state, national, regional or international. The length of our projects cover short term (1 month) to longer term (4 years) and have ranged in value from $AU 50,000 to $AU 2 mil.

ACCAN - Australian Communications Consumer Action Network

ACCAN - Overview

Related Galexia services and solutions Self-regulation and Codes of Conduct. Read more » Specialised Legal and Regulatory Consulting. Read more » ACCAN links ACCAN home page (external site) » Telecommunications Consumer Representation Grants Program at the Department of Broadband, Communications and the Digital Economy (DBCDE) (external site) » Minister's speech from the Consumers' Telecommunications Network Conference (20 May 2009) at DBCDE (external site) » Budget 2009-2010: Expense measures for Broadband, Communications and the Digital Economy (external site) »

The Australian Communications Consumer Action Network (ACCAN) is a consumer body representing consumer interests in telecommunications. Its primary activities include disseminating information to consumers through the Internet and publications, engaging and training volunteer consumer advocates, coordinating responses to government-initiated processes, and conducting conferences and workshops. ACCAN operates under the Telecommunications Consumer Representation Grants program.

In the 2009-2010 Federal Budget, ACCAN was allocated an additional $7.5 million funding over the next four years.

ACCAN - Customer Service Charters (2009)

Downloads and further reading View the full research report » Related Galexia news ACCAN releases Galexia research on Customer Service Charters in the Australian Telecommunications Sector - 25 August 2009 ACCAN and customer service charters in the telecommunications sector - 27 May 2009

Galexia prepared an analysis of customer service charters in the telecommunications industry, compared with consumer codes. The analysis covered best practice consumer protection in Australia and internationally.

ACCAN released its final report in August 2009.

ACCAN - Informed Consent (2009)

Downloads and further reading View the full research report » Related Galexia news ACCAN releases Galexia research on Informed Consent in the Australian Telecommunications Sector - 21 August 2009 ACCAN and informed consent in the telecommunications sector - 26 May 2009

Galexia conducted research into informed consent in Australian law. The research explored:

• Current requirements for informed consent in law (including industry codes);
• Methods used to ensure consumers are able to give informed consent - for example, the measures taken in contracts to ensure that consumers understands what they are agreeing to;
• The meaning of ‘informed consent’ for consumers from culturally and linguistically diverse groups, from different age groups, and with accessibility issues;
• Better and fairer selling practices.

Galexia also advised on a best practice framework of informed consent, and mechanisms for putting this framework into place.

ACCAN released its final report in August 2009.

AGIMO - Australian Government Information Management Office

AGIMO - Overview

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more » AGIMO links AGIMO home page at the Department of Finance and Deregulation (external site) » Read about Galexia's previous projects with the NOIE »

Galexia continues to provide trusted strategic advice to AGIMO on authentication, identity management and privacy issues.

Galexia sits on the GateKeeper Policy Committee and has provided input to the national Authentication working group.

AGIMO - Gatekeeper ad hoc advice (2009)

Downloads and further reading Australian Government Standard Business Reporting home page (external site) »

Galexia is providing ongoing ad hoc advice for the Standard Business Reporting (SBR) project. The SBR project promises an easier, faster and simpler business-to-government reporting mechanisms, but introduces a number of technical and privacy issues.

AGIMO - Australian Government e-Authentication Framework for Individuals (AGAFI) (May - August 2006)

Downloads and further reading Australian Government e-Authentication Framework for Individuals (AGAFI) project » Australian Government e-Authentication Framework for Individuals (AGAFI) project website »

Galexia has recently completed work with the Department of Finance and Administration to conduct consultancy services for the Australian Government e-Authentication Framework for Individuals (AGAFI). The project involved the provision of strategic advice, and the provision of a Privacy Impact Assessment (PIA) and Privacy Management Strategy (PMS) documentation for publication.

Galexia also undertook investigation of technical approaches to protecting privacy in online transactions, known as Privacy Enhancing Technologies (PETs). This incorporated assessments of the potential for PETs to enhance the uptake of online services, including their effectiveness, their maturity as protocols, implementation issues such as barriers to implementation, interoperability between these protocols and usability.

In order to delineate and facilitate the large amount of work involved, the reports created by Galexia were associated with nine separate tasks:

• Task 1. PIA and PMS - Conduct a Privacy Impact Assessment and develop a Privacy Management Strategy
• Task 2: PETs - Investigate and report on technical approaches to protecting privacy in online transactions, known as Privacy Enhancing Technologies (PETs).
• Task 3: Website Authentication - Investigate and report on possible means to authenticate and assure the integrity of government websites to users.
• Task 4: Legal Liability - Investigate and report on the legal liability implications of government agencies relying on the evidence of identity and other identity management processes of other agencies and non government organisations
• Task 5: Governance - Investigate and report on best practice governance arrangements for the AGAF for Individuals
• Task 6: Technical Approaches - Investigate and report on technical approaches to authentication and protecting data shared by participating agencies
• Task 7: Options - Investigate and report on options for:

(a) Whole of government and multi-agency transactions, such as change of address/circumstances;

(b) Authentication portals for both individuals and businesses;

(c) Single/simplified sign on for multi agency and whole of government transactions; and

(d) Potential involvement of non government organisations (such as banks and financial institutions) as providers of identity credentials which could be relied on by government.

• Task 8: Economic Model - Rank options for implementation, detailing the rationale for ranking. Such rationale should include economic modelling that estimates the potential costs, savings, efficiencies and benefits.

The documents also looked to investigate and report on the legal liability implications of government agencies relying on the evidence of identity and other identity management processes of other agencies and non-government organisations such as banks and financial institutions. Galexia’s work incorporated the examination of best practice governance arrangements for the framework including an examination of current implementations in other national and international jurisdictions.

This project is an extension of previous Galexia work for AGIMO, and is a joint undertaking with Doll Martin Associates.

AGIMO - Gatekeeper Public Key Infrastructure Framework (February 2006)

Downloads and further reading Read more about the AGIMO Gatekeeper PKI project » AGIMO Gatekeeper PKI Framework website »

Galexia has recent completed a project with the Department of Finance and Administration to undertake consultancy services relating to the Gatekeeper Public Key Infrastructure (PKI) Framework.

The Gatekeeper Strategy governs the use of PKI in government for the authentication of external clients. The strategy provides a whole-of-government framework that delivers integrity, interoperability, authenticity and trust for agencies and their clients. The strategy is underpinned by a standards-based, technology-neutral accreditation program for issuers of digital certificates.

The Framework is aimed at making the application of PKI less complex and more affordable for businesses and government agencies. It better aligns the Gatekeeper Strategy with the way governments and businesses conduct their day-to-day activities. The Framework introduced new categories of digital certificates for Organisations and Individuals.

Galexia worked with the Australian Government Information Management Office (AGIMO), who works across government to maintain Australia's position as a leader in the productive application of information and communications technologies (ICT) to government administration, information and services.

The project included 17 deliverables:

• Output 1: Known Customer
  • Output 1.1: Bronze Guidebook
  • Output 1.2: Silver Guidebook
  • Output 1.3: Bronze Certificate Profile template
• Output 2: Legal
  • Output 2.1: Head Agreement
  • Output 2.2: Community-of-Interest MOU
  • Output 2.3: Template Service Agreement
  • Output 2.4: Core Obligations Policy
• Output 3: Security
  • Output 3.1: Pro Forma Threat Risk Assessment (TRA) template
  • Output 3.2: Provider security requirements
• Output 4: Special Purpose Certificates
  • Output 4.1: Hosted
  • Output 4.2: Corporate Certificate
  • Output 4.3: Digital Credentials
  • Output 4.4: Special Purpose Certificates
• Output 5: Privacy
  • Output 5.1: PIA - Privacy Impact Assessment
  • Output 5.2: PMS - Privacy Management Strategy
  • Output 5.3: PICs - Privacy Implementation Checklists

AGIMO - Identity Management for Government Employees (IMAGE) Framework (January 2006)

Downloads and further reading Read the full text of the Privacy Management Strategy »

Galexia has completed a project with AGIMO to conduct a Privacy Impact Assessment (PIA) and develop a Privacy Management Strategy (PMS) for the Identity Management for Government Employees (IMAGE) Framework. The framework provides infrastructure, protocols, policy and work practices that will allow government agencies to efficiently manage the identities of their employees and contractors. It aims to provide a consistent, transparent identity management system across the Australian Government, build trust across agencies and facilitate confidence in the associated identification credential. The framework operates in accordance with the Public Service Act (1999), the Australian Government Protective Security Manual and the Australian Government Authentication Framework (AGAF).

AGOSP - Australian Government Online Service Point

AGOSP - Overview

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more » Identity Management and Authentication - Technical Consulting. Read more » AGOSP links AGOSP at the Department of Finance and Deregulation (external site) »

The Australian Government Online Service Point (AGOSP) project will provide a single-access portal interface for all Australian Government services to citizens at australia.gov.au.

Galexia is assisting in the architecture, design and implementation of the AGOSP portal.

AGOSP - Australian Government Online Service Point (AGOSP) Implementation (2009)

Galexia is assisting with the design and implementation of the authentication gateway and access management for the Australian Government Online Service Point (AGOSP). This phase of the AGOSP deployment follows on from Galexia’s previous work on the AGOSP architecture and design.

AGOSP - Australian Government Online Service Point (AGOSP) Architecture and Design (2008-2009)

Galexia, with Sun Microsystems and EDS, is assisting in the architecture and design of the identity component of the Australian Government Online Service Point (AGOSP) project, which will provide a single-access portal interface for all Australian Government services to citizens.

This work includes facilitation in cross-agency requirements workshops, participation in the consortium architecture group and liaison with OASIS and Liberty standards representatives to ensure that the architecture and design meets international best practices and standards - now and into the future.

As part of this work, Galexia has run internal product evaluations to assess the integration capabilities and standards-compliance of key identity and access management components, and their privacy enhancing features. The architecture combines federation, provisioning, single sign-on and web services standards such as SAML 2.0, Liberty ID-FF/ID-WSF, WSS and WS-Trust.

ANTA - Australian National Training Authority

ANTA - Legal and Regulatory advice

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

Galexia assisted ANTA’s Flexible Learning Advisory Group assess the legal and regulatory issues that arise from the use of electronic authentication technology in the vocational education and training sector. This included the development of detailed case studies in Australia and the United States and the production of a comprehensive paper. The paper outlines the current legal and regulatory framework for electronic authentication in Australia. It also covers general and specific legal and regulatory issues relevant to education providers and outlines suggested models for electronic authentication in Vocational Education and Training (VET). Download from the Australian National Training Authority (ANTA) Australian Flexible Learning Framework - http://flexiblelearning.net.au.

Read more »

ANTA - National Authentication Workshop (August 2003)

Galexia conducted a National Authentication Workshop for ANTA in Melbourne in August 2003. The workshop considered strategic issues in the development of electronic authentication solutions in the Vocational Education and Training sector. The workshop brought together government and industry participants from all states to consider the potential business case for electronic authentication, plus a range of practical considerations and technical issues.

Read more »

ANTA - Strategic Advice

Galexia provided strategic advice to ANTA on the development of a national strategy for the use of electronic authentication technology in the vocational education and training sector. This included conducting national stakeholder workshops and designing a communication strategy.

ANTA - Broadband Advice

Galexia provided strategic advice to ANTA on the requirements and availability of broadband for the delivery of online flexible learning solutions. This included attending meetings with Government agencies and reviewing research on broadband issues and ANTA’s draft broadband strategy.

ANTA - Interoperability Advice

Galexia prepared a five year electronic authentication strategy for the Australian National Training Authority, including development of an interoperability framework for VET sector participants.

ASEAN - Association of South East Asian Nations

ASEAN - Overview

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Downloads and further reading Galexia’s case study on the ASEAN e-commerce project » Read Galexia’s study on cyberlaw harmonisation in the 2008 UNCTAD Information Economy Report » ASEAN links ASEAN Secretariat home page (external site) » The e-ASEAN Framework Agreement (external site) » Project Workshops First workshop - Singapore - May 2004 Second workshop - Bangkok - October 2004 Third workshop - Cambodia - February 2005 Fourth workshop - Malaysia - July 2005 Fifth workshop - Singapore - September 2005 Sixth workshop - Manila - May 2006 Seventh workshop - Brunei - September 2006 Eighth workshop - Laos - March 2007 Ninth workshop - Cambodia - March 2007 Tenth workshop - Jakarta - March 2008

The Association of South East Asian Nations (ASEAN), established in 1967, is today comprised of ten member countries - Brunei Darussalam, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand, and Vietnam - with a combined population of over 500 million.

The e-ASEAN Framework Agreement of 2000 sets out goals for regional development of information and communication technology legal and technical infrastructure.

From 2004 to 2008 Galexia assisted ASEAN in harmonising its electronic commerce laws, as part of the ASEAN-Australia Development Cooperation Program (AADCP), funded by AusAID.

ASEAN - Special Assistance - Awareness Raising and Technical Assistance - Phase 4 (January 2008)

Related Galexia news Indonesian Parliament passes e-commerce law - March 2008 Tenth ASEAN E-Commerce workshop held in Jakarta, Indonesia - March 2008 Galexia provides technical assistance for Indonesian cyberlaw bill - January 2008 Ninth ASEAN E-Commerce workshop held in Siem Reap, Cambodia - August 2007 Galexia to assist in further harmonisation of ASEAN electronic commerce - February 2006 Galexia holds first workshop on ASEAN e-commerce harmonisation in Singapore - May 2004 Galexia to assist ASEAN harmonise electronic commerce - March 2004

Galexia has been assisting ASEAN meet targets set in the Roadmap for Integration of e-ASEAN Sector (the e-ASEAN Roadmap). Measures contained in the e-ASEAN Roadmap for e-commerce include:

• Measure 78: Enact domestic legislation to provide legal recognition of electronic transactions (i.e., cyber-laws) based on common reference frameworks. (Deadline: 31 December 2008)

Galexia’s project on e-commerce legal infrastructure for ASEAN has been expanded to include special assistance for Indonesia. This phase will run from January to April 2008.

Indonesia has developed draft legislation to meet this target - the Electronic Information and Transaction Bill. It is an ambitious piece of legislation covering e-government, electronic contracting, privacy, cyber-crime, spam, digital copyright and other cyberlaw issues in a single omnibus Bill.

This new project will assist Indonesia through:

• The research, preparation and distribution of materials on the benefits, issues and challenges of developing e-commerce legislation in Indonesia; and
• A high-level awareness raising and technical assistance workshop to facilitate the promotion of the Indonesian Electronic Information and Transaction Bill.

The Harmonisation of E-Commerce Legal Infrastructure in ASEAN Project is funded by the ASEAN Australia Development Cooperation Program (AADCP). AADCP is funded by the Australian Government through AusAID, implemented in close collaboration with the ASEAN Secretariat, and managed by Cardno Acil.

ASEAN - Electronic Commerce project - Phase 3 (Mutual Recognition of Digital Signatures) (April 2007)

Related Galexia news Australia to adopt the UN Convention on the use of Electronic Communications in International Contracts - 23 April 2009 Galexia completes study of cyberlaw harmonization for UNCTAD Information Economy Report - February 2008 Galexia meets with Secretary of State to the Ministry of Commerce in Cambodia - September 2007 Galexia's commentary on the UN Convention on Electronic Contracting documents - September 2007 UN Electronic Communications in International Contracts Convention in Hanover, Germany - August 2007 Ninth ASEAN E-Commerce workshop held in Siem Reap, Cambodia - August 2007 Galexia writes chapter in Information Economy Report 2007 for UNCTAD - July 2007 Eighth ASEAN E-Commerce workshop held in Vientiane, Laos - March 2007 Galexia undertakes third extension to ASEAN E-Commerce Harmonisation work - April 2007

One of the key steps to be fulfilled in the e-ASEAN Framework Agreement is that Member Countries will need to allow the mutual recognition of digital signatures across borders in ASEAN.

The current ASEAN E-Commerce Project (Phase 3) on the Mutual Recognition of Digital Signatures is designed to help ASEAN Member Countries develop a common strategy to meet this objective.

The development of an ASEAN Digital Signature Strategy will assist ASEAN countries in addressing the legal, policy, technical and infrastructure issues needed to develop common methods for mutual recognition of digital signatures. It will assist those countries with legal infrastructures to make necessary adjustments and provide direction for those countries yet to implement an infrastructure.

Five steps have been identified as necessary in the establishment of a harmonised legal framework covering mutual recognition of digital signatures in ASEAN:

• Step 1: Develop recognition clauses for foreign digital signatures;
• Step 2: Develop recognition criteria for foreign digital signatures;
• Step 3: Identify interoperability model;
• Step 4: Establish governance structure or arrangement for accreditation of foreign digital signatures; and
• Step 5: Establish a technical committee/body to monitor the implementation of mutual recognition of digital signatures.

This phase runs from April through December 2007.

ASEAN - Electronic Commerce project - Phase 2 (Electronic Contracting and Online Dispute Resolution (ODR)) (February 2006)

Related Galexia news Galexia hosts 7th ASEAN Workshop on E-Commerce in Brunei - September 2006 Online Dispute Resolution - August 2006 Sixth ASEAN E-Commerce workshop in Manila - May 2006 Galexia to assist in further harmonisation of ASEAN electronic commerce - February 2006 Galexia publishes plain language guide to cyberlaws - January 2006 Galexia complete Cyberlaws Survey in ASEAN - January 2006 Galexia to assist ASEAN harmonise electronic commerce - March 2004

In February of 2006, Galexia was commissioned to undertake an extension of the ASEAN Project. This project extension focused on harmonising electronic contracting and Online Dispute Resolution legal infrastructures in the region.

This project extension produced the following outputs:

• A compilation of discussion papers focussing on ASEAN and international developments in electronic contracting, Online Dispute Resolution and jurisdiction of legal frameworks;
• Surveys on the electronic contracting and Online Dispute Resolution legal landscapes in ASEAN member countries;
• The development of a proposed framework for harmonised legal infrastructure for electronic contracting and dispute resolution; and
• The compilation of implementation guides to support the proposed framework.

This project, as well as its extension, is funded by the ASEAN Australia Development Cooperation Program (AADCP) - Program Stream. AADCP is funded by the Australian Government, through AusAID and implemented in close collaboration with the ASEAN Secretariat and is managed by ACIL Australia Pty Ltd.

ASEAN - Survey of Cyberspace Laws (August 2005)

Related Galexia news Fifth ASEAN E-Commerce harmonisation workshop in Singapore - December 2005 Malaysian Minister announce new E-Commerce Laws at Galexia Workshop - July 2005 Presentation at Asia PKI Forum in Singapore - July 2005 Galexia participates in 2005 Australian Mission to the Asian Development Bank - March 2005 Fourth ASEAN E-Commerce harmonisation workshop in Malaysia - July 2005 Third ASEAN E-Commerce harmonisation workshop in Cambodia - February 2005 Galexia to assist ASEAN harmonise electronic commerce - March 2004

Galexia was also commissioned to conduct a Survey of Cyberlaws in ASEAN and to produce a “gap analysis” which was published as a report for member countries in August 2005.

Potential Cyberlaws to be discussed include:

• Consumer protection;
• Privacy and data protection;
• Cyber-crime;
• Spam;
• Online content regulation;
• Digital copyright;
• Domain name regulation;
• Electronic contracting; and
• Dispute resolution.

This project is funded by the ASEAN Australia Development Cooperation Program (AADCP) - Program Stream. AADCP is funded by the Australian Government, through AusAID and implemented in close collaboration with the ASEAN Secretariat and is managed by ACIL Australia Pty Ltd.

ASEAN - Electronic Commerce project - Phase 1 (March 2004)

Related Galexia news Galexia publishes case study on Harmonisation of E-Commerce Legal Infrastructure in ASEAN project - May 2008 Third ASEAN E-Commerce harmonisation workshop in Cambodia - February 2005 ASEAN Prioritises E-Commerce Integration - November 2004 Second ASEAN E-Commerce harmonisation workshop in Bangkok - October 2004 Galexia presented at APEC TEL 30 - September 2004 Galexia holds first workshop on ASEAN e-commerce harmonisation in Singapore - May 2004 Galexia to assist ASEAN harmonise electronic commerce - March 2004

Galexia won a competitive tender for a groundbreaking project that will streamline electronic commerce in South East Asian nations.

Galexia is partnering with global law firm Baker & McKenzie to develop and implement a harmonised legal infrastructure for electronic commerce in ASEAN (Association of South East Asian Nations: Brunei Darussalam, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam).

The goal of the project is to assist ASEAN to integrate into one market for goods, services and investment by the establishment of a harmonised legal, regulatory and institutional environment for e-commerce. Additionally, there is an opportunity for some of the developing nations within ASEAN to ‘leap-frog’ paper based commerce and develop more efficient electronic transactions for cross-border trade. The project is the first of its kind to be conducted in the Asia Pacific region, and is second only to the European Union in its approach to legislatively facilitate borderless electronic transactions across a group of nations.

ASIC - Australian Securities and Investments Commission

ASIC - Security and risk mitigation advice for IT initiatives (2006 - 2007)

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more »

Galexia provides strategic advice to the Technology Strategy and Architecture Operations Directorate of the Australian Securities and Investments Commission (ASIC). Galexia partners with Doll Martin Associates to provide these services to ASIC as a member of their Information Technology Consultancy Services Panel.

In December 2006 Galexia advised ASIC on the requirements for ASIC to adopt IT strategies and systems that comply with whole-of-government IT frameworks (including the Australian Government Authentication Framework and the Reuse IT Framework). Galexia and Doll Martin Associates continue to provide IT strategy and business case advice to ASIC as they expand their use of IT in the investigation and regulation of corporate conduct.

ARCA - Australasian Retail Credit Association

ARCA - Review of the proposed Credit Reporting Code of Conduct (2008-2009)

Related Galexia services and solutions Self-regulation and Codes of Conduct. Read more » Strategic Privacy Consulting. Read more »

Galexia was commissioned by the Australasian Retail Credit Association (ARCA) to conduct a review of the proposed Credit Reporting Code of Conduct, aimed at its development and advancement.

The proposed Code is an important part of the complex law reform in the field of credit reporting in Australia, including proposed reform of the Privacy Act and proposed reform of responsible lending laws and regulations.

Galexia's advice on the Code includes advice on Code governance, responsible lending provisions and the use of credit reporting information.

The Australasian Retail Credit Association is a forum for senior credit executives from lending organisations and credit reporting agencies in Australia and New Zealand to discuss and examine retail credit issues.

Home page of the Australian Retail Credit Association (external site) »

Draft of the Code of Conduct (external site) »

AUSTROADS

AUSTROADS - Overview

Related Galexia services and solutions Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

AUSTROADS - National Exchange of Vehicle and Driver Information System Strategy- Strategic Review (2009)

Galexia has been commissioned by AUSTROADS to assist with a strategic review of the NEVDIS database, and its proposed functions. Galexia will offer expertise in privacy, identifying potential risks and offering effective strategies to manage these.

Galexia is undertaking the project in conjunction with Doll Martin Associates.

Read more about Galexia’s work with Doll Martin Associates »

AUSTROADS - National Exchange of Vehicle and Driver Information System Strategy- Phase II (2006)

Galexia has been commissioned to assist AUSTROADS with a proposed expansion of third-party access to information held in the NEVDIS database. Galexia’s role is to provide strategic privacy advice and a risk management framework. This project was an extension of previous Galexia work for AUSTROADS, and was a joint undertaking with Doll Martin Associates.

AUSTROADS - National Exchange of Vehicle and Driver Information System Strategy (2005)

Galexia was engaged by AUSTROADS to provide independent external advice on the potential opportunities, risks and benefits of providing access to NEVDIS database information to organisations outside the AUSTROADS jurisdictions. This involved an in-depth examination of business, legal, privacy and identity issues and risks. The project was undertaken jointly with Doll Martin Associates.

Baker & McKenzie Solicitors

Baker & McKenzie Cyberspace Law & Policy Centre - Digital Document Retention Research (April 2004)

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more »

Galexia provided research and advice on legal and strategic issues in Digital Document Retention. This included detailed Australian and international research.

Read the final report »

Baker & McKenzie - ASEAN Electronic Commerce project (March 2004)

Galexia and Baker & McKenzie are partnering to conduct a groundbreaking two-year project that will streamline electronic commerce in South East Asian nations. The project will develop and implement a harmonised legal infrastructure for electronic commerce in ASEAN (Association of South East Asian Nations: Brunei Darussalam, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam).

Read more »

Download PDF summary »

Baker & McKenzie - Digital Copyright Review advice (2003)

Galexia were commissioned to provide sector specific advice to Baker & McKenzie lawyers preparing a submission for the Vocational Education and Training sector to the Digital Copyright Review

Baker & McKenzie - Joint advice on Internet gambling regulation in South-East Asia (2001)

Galexia and Baker & McKenzie completed an analysis of Internet gambling regulation in Hong Kong SAR, Japan, Korea and Taiwan for a multinational client.

Baker & McKenzie - Joint advice on Internet content regulation in South East Asia (2001)

Galexia and Baker & McKenzie completed an analysis of Internet content regulation in Hong Kong SAR, Japan, Korea and Taiwan for a multinational client.

Baker & McKenzie - Joint advice on privacy law in South-East Asia (2001)

Galexia and Baker & McKenzie completed a major privacy compliance strategy and training module for a major multinational communications company. The strategy included advice and training on compliance with privacy law and regulation in Hong Kong SAR, Japan, Korea and Taiwan.

Baker & McKenzie - Joint advice on impact of EU data protection directive (2001)

Galexia worked with Baker & McKenzie to deliver a Privacy Impact Assessment and develop advice on web site privacy policies, US Safe Harbour arrangements, the implications of the EU Data Protection Directive, and data retention rules

Baker & McKenzie - Expert Witness for e-commerce litigation (2000)

Galexia were commissioned by Baker & McKenzie to provide expert opinion evidence for major electronic commerce litigation, involving substantial analysis of electronic commerce law.

Biometrics and Privacy

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

Galexia has provided strategic privacy advice to a major government agency on the design and implementation of biometric identity solutions.

This advice included:

• A full Privacy Impact Assessment (PIA) on a proposed biometric solution;
• The development of Privacy Checklists for biometrics projects within the agency; and
• The provision of strategic advice on the regulation of biometrics and privacy.

CALC - Consumer Action Law Centre

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more »

Reforming the public benefit test in the Trade Practices Act (2007)

Galexia has recently completed a report for the Consumer Action Law Centre, focussing on defining the ‘public benefit’ in Part VII of the Trade Practices Act 1974 (Cth). It was completed as part of a project to identify weaknesses in the way in which the public benefit test is currently applied under the Act and to propose solutions that will ensure that consumers receive the protections they require when reductions in competition through mergers, acquisitions and collusions are considered. The report has a particular focus on the potential inclusion of social and environmental considerations in the public benefit test.

It has been produced as a result of a grant from the TPA Consumer Trust.

Read the full report here »

CHOICE

CHOICE - Overview

Related Galexia services and solutions Self-regulation and Codes of Conduct. Read more » Specialised Legal and Regulatory Consulting. Read more » CHOICE links CHOICE home page (external site) »

CHOICE is a leading Australian consumer representative body, addressing issues such as food regulation and labelling, health and financial services to telecommunications and digital technology, standards codes, ecologically sustainable development and the environment.

Galexia has worked with CHOICE on a number of consumer-related projects, including consumer protection in electronic transactions and consumer protection regulation.

CHOICE - Consumer code development processes (2009)

Downloads and further reading Read CHOICE’s submission (external site) » Review of consumer-related industry code processes at DBCDE (external site) » Related Galexia news CHOICE submission on consumer code development processes - 2 June 2009 2008 review of the EFT Code of Conduct - January 2009

CHOICE made a submission to the Australian Government’s review of the consumer-related industry codes development process calling for:

• An articulation of high-level code content principles in legislation;
• Power for regulators to be able to initiate code development (rather than only the industry);
• Requirements for the constitution of code development bodies (including a requirement for consumer representatives, and a mechanism for breaking deadlocks);
• Code monitoring and enforcement requirements;
• Code review requirements; and
• External dispute resolution requirements.

In preparation for the submission, Galexia provided CHOICE with a survey of key consumer code approval processes in use in Australia - those of the Australian Competition and Consumer Commission (ACCC), the Australian Securities and Investments Commission (ASIC), the Office of the Privacy Commissioner, and the Australian Communications and Media Authority (ACMA).

CHOICE - Survey of Consumer Protection Measures in the Asia Pacific Region (2009)

About the Consumers International survey »

CHOICE - Electronic Funds Transfer Code of Conduct Review (2008)

Downloads and further reading Read the joint consumer submission » The 2008 review of the EFT Code at ASIC, including submissions (external site) » Related Galexia news 2008 review of the EFT Code of Conduct - January 2009 Galexia assists CHOICE with a joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC - May 2007

Following its 2007 review of the Electronic Funds Transfer (EFT) Code of Conduct, the Australian Securities and Investments Commission (ASIC) released a second consultation paper containing its proposed reforms. Galexia assisted CHOICE, the Consumers’ Federation of Australia, and the Consumer Action Law Centre in preparing a joint consumer response to the proposals, in particular addressing liability of consumers and small businesses and monitoring of Code compliance.

CHOICE - Consumer Protection in Telecommunications (May 2008)

Downloads and further reading Read the issues paper » Related Galexia news Department of Broadband, Communications and the Digital Economy (DBCDE) releases issues paper on consumer codes in telecommunications - 31 March 2009 CHOICE publishes Galexia report on consumer protection in the telecommunications industry - October 2008 Galexia assists CHOICE with submission on consumer protection in telecommunications - May 2008

Galexia was commission by CHOICE in April 2008 to prepare an issues paper to the 2008 Telecommunications Consumer Representation Stakeholder Forum, held in late April 2008. The paper, entitled Consumer Protection in the Communications Industry: Moving to best practice, provides an overview of consumer concerns with the current co-regulatory consumer protection framework in the telecommunications sector in Australia.

CHOICE - Electronic Funds Transfer Code of Conduct Review (2007)

Downloads and further reading Read the joint consumer submission » Go to ASIC’s Electronic Funds Transfer (EFT) Code of Conduct website (external link) » Related Galexia news 2008 review of the EFT Code of Conduct - January 2009 Galexia assists CHOICE with a joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC - May 2007

Galexia assisted Choice with its submission regarding the 2007 review of the Electronic Funds Transfer (EFT) Code of Conduct, as conducted by the Australian Securities and Investment Commission (ASIC). Among the major issues considered by Galexia were the liability of parties in electronic funds transactions, particularly with regard to Internet banking. The project involved detailed technical advice on authentication techniques for electronic transactions.

The revised code is expected to be released in 2008.

CI - Consumers International

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more »

Survey of Consumer Protection Measures in the Asia Pacific Region (2009)

Galexia has been commissioned by Consumers International to conduct a survey of consumer protection and competition laws around the Asia-Pacific region. The results will illustrate the different legal rights of consumers in the various countries surveyed. This basic description of consumer rights will assist consumer organisations in campaigning for effective protection and competition laws, which benefit consumers.

Galexia is undertaking this survey in partnership with a small Project Steering Committee, composing of different regional consumer representatives.

The survey conducted will establish the status of consumer protection in:

• Australia;
• Fiji;
• India;
• Korea;
• The Philippines;
• Thailand;
• and Vietnam;

by determining the existing laws that deal with:

• Consumer Protection Laws;
• Competition Laws;
• Product Safety;
• Food;
• Consumer Credit;
• Redress Mechanisms; and
• Enforcement.

Galexia will carry out an analysis of the information received and Consumers International (Kuala Lumpur Office) will create a final report to be shared with survey respondents.

Consumers International home page (external site) »

CSIRO - Commonwealth Scientific and Industrial Research Organisation

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Identity Management and Authentication - Strategic Consulting. Read more »

CSIRO - Privacy and trust issues in the use of health data in research (2005)

Following a competitive tender, CSIRO engaged Galexia to analyse privacy and trust issues in the use of health data in research and in applications in clinical settings.

This analysis considers new technology products in the identity management and authentication space, including strategic advice on the commercialisation of products developed by CSIRO -- for example, Privacy Preserving Analytics (PPA).

This work is being undertaken for the CSIRO Preventative Health National Research Flagship. This Flagship Programme has recognised that the appropriate collection, linking, interrogation and management of data will play a vital role in facilitating healthier, more productive lives for Australians. However, the analysis of linked population, clinical and genetic health databases raises privacy, confidentiality, and potentially ethical concerns.

CSIRO is working to understand and fully address these concerns, in a programme that includes developing new privacy-enhancing technologies where gaps in the current approaches are identified.

• Read more about the CSIRO P-Health Flagship »

Recent media coverage:

• Computerworld - CSIRO prototype solves data privacy concerns <http://www.computerworld.com.au/index.php?id=1150363451&eid=-180>
• CIO - Privacy Software to Unlock Health Data Goldmine <http://www.cio.com.au/index.php/id;36232083;fp;4;fpid;21>

Recent Galexia news articles:

• Galexia presents at CSIRO Science Policy Workshop - November 2005 »

DBCDE - Department of Broadband, Communications and the Digital Economy (formerly DCITA)

DBCDE - Overview

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » DBCDE links DBCDE home page (external site) »

The Department of Broadband, Communications, and the Digital Economy (DBCDE), formerly the Department of Communications, Information Technology and the Arts (DCITA), is the Commonwealth agency responsible for communications infrastructure, digital economy and online services, and broadcasting and digital media.

Key DBCDE initiatives have included the National Broadband Network, an awareness program for online safety and security, the switch to digital television, the Australian Do-Not-Call register, and ongoing development of online consumer protections.

DBCDE - Strengthening Spam Legislation, Enforcement and Cooperation Regimes in the Pacific project (2007-2008)

Related Galexia news Galexia conducts Pacific spam enforcement workshop - July 2008 Galexia to help develop spam laws in the Pacific - October 2007

After a competitive tender process, Galexia was been chosen to assist DBCDE in the development of a spam legislation, enforcement and co-operation regime. This project, funded in part by AusAID’s Pacific Governance Support Program (PGSP), will be applied across the island states of Niue, Samoa and Vanuatu.

As part of the project, Galexia had a central role in developing a package of anti-spam policy and legislation, specifically tailored for the participating Pacific Island countries, modelled on Australia’s Spam Act 2003. Galexia’s role continued through to developing a local enforcement capability, as well as participating in an international network of enforcing agencies.

DBCDE - Malaysia-Australia E-Commerce Legal Infrastructure Analysis project (2006)

Related Galexia news Ninth ASEAN E-Commerce workshop held in Siem Reap, Cambodia - August 2007 Galexia to conduct analysis of e-commerce legal infrastructure in Malaysia - July 2006 Galexia to assist in further harmonisation of ASEAN electronic commerce - February 2006 Malaysian Minister announce new E-Commerce Laws at Galexia Workshop - July 2005 Fourth ASEAN E-Commerce harmonisation workshop in Malaysia - July 2005 Galexia holds first workshop on ASEAN e-commerce harmonisation in Singapore - May 2004 Galexia to assist ASEAN harmonise electronic commerce - March 2004

Galexia was commissioned to assist the DBCDE (then DCITA) in preparing Malaysia - Australia E-Commerce Legal Infrastructure Analysis. The report will be of assistance in the development of the relationship between Malaysia and Australia in a number of areas - at a time when Malaysia and Australia are negotiating a Free Trade Agreement (FTA) that contains a chapter on E-Commerce. Malaysia and Australia also have an ongoing interest in the harmonisation of electronic commerce legal infrastructure. Specifically, the document is a coverage analysis of selected areas of E-Commerce Legal Infrastructure in Australia and Malaysia.

The project was jointly managed by the International Branch of DBCDE in Australia and the Communications Division International Relations Unit of the Ministry of Energy, Water and Communications.

DCITA - Department of Communications, Information Technology and the Arts

DCITA - Strengthening Spam Legislation, Enforcement and Cooperation Regimes in the Pacific project (October 2007)

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more »

After a competitive tender process, Galexia has been chosen to assist DCITA in the development of a spam legislation, enforcement and co-operation regime. This project, funded in part by AusAID’s Pacific Governance Support Program (PGSP), will be applied across the island states of Niue, Samoa and Vanuatu.

As part of the project, Galexia will have a central role in developing a package of anti-spam policy and legislation, specifically tailored for the participating Pacific Island countries, modelled on Australia’s Spam Act 2003. Galexia’s role will continue through to developing a local enforcement capability, as well as participating in an international network of enforcing agencies.

Read more about the Strengthening Spam Legislation, Enforcement and Cooperation Regimes in the Pacific project »

DCITA - Malaysia-Australia E-Commerce Legal Infrastructure Analysis project (2006)

Related Galexia services and solutions Issues Management: Public and Stakeholder Consultations. Read more »

Galexia was commissioned to assist the Commonwealth Department of Communications, Information Technology and the Arts (DCITA) in preparing Malaysia - Australia E-Commerce Legal Infrastructure Analysis. The report will be of assistance in the development of the relationship between Malaysia and Australia in a number of areas - at a time when Malaysia and Australia are negotiating a Free Trade Agreement (FTA) that contains a chapter on E-Commerce. Malaysia and Australia also have an ongoing interest in the harmonisation of electronic commerce legal infrastructure. Specifically, the document is a coverage analysis of selected areas of E-Commerce Legal Infrastructure in Australia and Malaysia.

The project was jointly managed by the International Branch of DCITA in Australia and the Communications Division International Relations Unit of the Ministry of Energy, Water and Communications.

Read more »

DEEWR - Department of Education, Employment and Workplace Relations

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Identity Management and Authentication - Strategic Consulting. Read more »

Learning Identity Management Framework (LIMF) (September 2008 - January 2009)

Galexia, in partnership with Link Affiliates, has conducted research on privacy concerns arising from the implementation of a Learning Identity Management Framework (LIMF). The Framework is aimed at creating an electronic system, which effectively manages the transfer of student data. The existing manual system works so that when students move from one school to another, intra or inter jurisdiction, a Student Data Transfer Note is sent between the two facilities to indicate certain personal information about that student. The Learning Identity Management Framework aims to improve upon this model, through implementing an efficient electronic system.

A committee at the University of Southern Queensland on behalf of the Department of Education, Employment and Workplace Relations sought advice on transferring the existing Student Data Transfer Notes manual system to an electronic one.

Galexia’s research was based on an understanding of the current issues surrounding privacy, business processes and data transfers. Galexia has assisted the committee by identifying key privacy challenges and suggesting possible approaches to overcome these. Galexia produced a report in January 2009, which outlined their findings and presented feasible strategies to manage identifiable risks.

Link Affiliates (external link) »

Defence - Commonwealth Department of Defence

Related Galexia services and solutions Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Identity Management and Authentication - Technical Consulting. Read more »

Defence Identity Management Project (June 2007)

Galexia provided initial privacy advice to the Department of Defence for their Identity Management Project. The aim of the project is to develop processes, procedures and systems to ensure that the identity of all Defence staff and contractors is authenticated using well known methodologies.

Go to the Defence Identity Management Project website »

DHA - Commonwealth Department of Health and Ageing

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

DHA - National Health Identifier project

Galexia completed a significant project on identity management in the health sector. The Commonwealth Department of Health and the Ageing commissioned Galexia to produce a strategic issues paper on a "National Health Identifier". The paper was completed in February 2004 and is the subject of consideration by the Australian Health Information Council and the National Health Information Group. The project involved national and international research, consultation with government and non-government stakeholders and the development of findings and recommendations.

DIIRD - Victorian Department of Innovation, Industry and Regional Development

Related Galexia services and solutions Strategic Privacy Consulting. Read more »

DIIRD - Client data management PIA (2009)

Galexia completed a Privacy Impact Assessment for a proposed client data management solution for the Department of Innovation, Industry and Regional Development. The PIA considered issues of data security and transborder data flow under Victoria’s privacy laws, as well as public perception and system governance.

DITR - Commonwealth Department of Industry, Tourism and Resources

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more »

DITR - Digital Credentials for the Legal Profession- Phase II (2006)

This project is an extension of work completed by Galexia in 2005, and involves the development of policies, procedures and documents for a pilot of the Department’ digital credentials. Galexia’s role is to ensure that policies are compatible with current best practices in PKI and the proposed Gatekeeper reforms.

DITR - Digital Credentials for the Legal Profession (2005)

Galexia won a competitive tender to provide business analysis, research and advice in the development of digital credentials for the legal profession in NSW and Australia.

The Law Society of NSW and the Commonwealth Department of Industry, Tourism and Resources (DITR) have commissioned the development and documentation of a high level business case, including identification of requirements, options, costs and impact.

The project is a timely consideration of digital identity for lawyers and considers:

• Digital signature certificates and Electronic Signatures
• Public Key Infrastucture (PKI)
• Smart Cards
• Impact of GateKeeper reforms
• Electronic conveyancing
• Electronic Court Lodgement

Domain Name Disputes

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more »

Research and resources

The Uniform Domain Name Dispute Resolution Policy (UDRP) is the domain name dispute resolution policy of the Internet Corporation for Assigned Names and Numbers (ICANN). It is used by registrars of top level domain names (e.g. .com, .org, .net) for resolving disputes arising over those names. Galexia has written a number of articles on the UDRP and domain name disputes:

• Complaint site emerges victorious in Domain Name dispute (January 2003)
• Court to test property status of Domain Names (May 2002)
• Test of ‘bad faith’ in domain name arbitration (October 2001)

ericbana.com

Galexia assisted actor Eric Bana in a domain name dispute against a cyber squatter before a panel of the World Intellectual Property Organisation (WIPO) in late 2007. Under the Uniform Domain Name Dispute Resolution Policy (UDRP), the panel ordered that the domain name be transferred to Eric Bana.

The domain name ericbana.com had been registered by the cyber squatter in 2004 and used to display information about how the domain name had been acquired, to offer to sell the domain name, to ridicule Eric Bana for not paying for the domain name, and to display pornographic material.

The WIPO panel agreed that Bana had acquired a reputation through his film career sufficient to give rise to a common law right to his name, and that the domain name was identical to this trademark. The panel also agreed that the cyber squatter had no rights or legitimate interests in the name, and that the domain name had been registered and used in bad faith.

Read the decision at the WIPO database »

Foxtel

Related Galexia services and solutions Identity Management and Authentication - Technical Consulting. Read more »

Foxtel - Access Control Design (2007)

Galexia re-designed, deployed and tested a critical component of a customer-facing access controls platform.

Fidelity International

Fidelity - Offshore Data Transfer in Business Process Outsourcing (March 2007)

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Specialised Legal and Regulatory Consulting. Read more »

Galexia provided research, analysis and advice on offshore data transfer requirements in the Asia-Pacific for Fidelity International. This included analysis of the transborder data flow laws of Australia, Hong Kong, Japan, Korea, Singapore and Taiwan, as well as the treatment of data received from offshore in Australia, China, Hong Kong, India, Japan, Korea, Singapore and Taiwan, the United Kingdom and the United States.

Fidelity - Electronic Human Resource Records (March 2007)

Galexia prepared research, analysis and advice to Fidelity International on the use of electronic human resources records in its Asia-Pacific offices. Guidance on meeting the following requirements under the laws of Australia, Hong Kong, Japan, Korea, Singapore and Taiwan:

• Legal recognition of electronic human resources records;
• Use of electronic records as evidence in court;
• Human resources record-keeping requirements; and
• Privacy and security requirements.

Fidelity - Privacy Compliance Strategy and Statement (January 2007)

Galexia provided strategic guidance to Fidelity International on meeting the requirements of the privacy laws of Australia, Hong Kong, Korea, Japan, Singapore and Taiwan.

Fidelity - Privacy Sanctions (December 2006)

Galexia prepared detailed analysis and strategy associated with sanctions in the privacy laws of Australia, Hong Kong, Japan, Korea, Singapore and Taiwan;

Fidelity - Regional Privacy Advice (November 2006)

Galexia provided privacy management advice to the Risk, Security and Business Continuity division of Fidelity International, including advice to their Hong Kong, Japan, Korea, Singapore, Sydney and Taiwan offices. This advice addressed the client and employee data protection requirements in each location, as well as the restrictions on the flow of personal information between each location. This included:

• Analysis of compliance with local privacy requirements;
• Development of implementation tasks for each office, including proposed compliance steps, implementation timetable, chains of responsibility and suggested tools and sources of assistance; and
• Development of a Regional Privacy Strategy.

Major Global Financial Institution

Identity Management Strategy and Technology Evaluation (2008)

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more » Identity Management and Authentication - Technical Consulting. Read more »

Galexia was approached by a large financial institution to advise on the development of an identity management strategy, and provide assistance in evaluating available solutions.

The project involved a detailed analysis of business drivers including an assessment of governance, risk, and compliance issues (GRC). Business requirements were established through extensive stakeholder interviews, and these were elaborated into a comprehensive set of functional and non-functional identity and access management requirements. Based on these requirements, Galexia developed a custom identity strategy taking into account the relevant structural and cultural features of the organisation, identified the short- and long-term aims and metrics for implementing identity management, and outlined the necessary governance and operational structures required.

Galexia also conducted a rigorous technology evaluation, identifying relevant products and inviting a shortlist of vendors to present their solutions. This was used to create a detailed product assessment based on the client’s specific needs, examining the candidate products across over 80 custom metric points.

Galexia provided the client with a governance structure, a path forward towards implementation, and independent assessment of market features and trends. Galexia’s analysis enabled the project to proceed with confidence, understanding and ownership in their identity management solution.

IPAA - Institute of Public Affairs Australia

IPAA/AGIMO Overview

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more » Strategic Privacy Consulting. Read more »

Galexia continues to provide trusted strategic advice to AGIMO on authentication, identity management and privacy issues.

Galexia sits on the GateKeeper Policy Committee and has provided input to the national Authentication working group.

Read more about projects Galexia has worked on with AGIMO - the Australian Government Information Management Office »

Go to the AGIMO website »

IPAA/AGIMO e-Government Research Papers

IPAA commissioned Galexia to produce a report on “Managing privacy in identity management - the way forward”. This report asks how privacy risks can be understood and managed within large-scale identity management systems, and includes consideration of competing models of identity management, such as federated identity (with case studies of Liberty Alliances and WS-Federation) and brokered identity (including a case study on the Reach development in Ireland). This paper is published in the IPAA/AGIMO e-Government Research Papers, which were launched in May 2004.

Read more »

IQPC - International Quality and Productivity Centre

IQPC - Workshop: Building privacy into identity management solutions (March 2004)

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more »

Galexia ran a workshop on Building privacy into identity management solutions. This workshop covered how to ensure that privacy compliance and privacy expectations are managed within an identity management strategy, including an overview of Federated Identity solutions.

Part 1 - Recognising the importance of privacy issues within identity management strategies

Part 2 - Privacy design issues in identity management

Read more »

Japan PIA Study Tour

Related Galexia services and solutions Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more »

Galexia recently hosted a delegation of Japanese privacy experts, including academics and professionals from the legal and technology fields. The delegation met with Australian privacy experts from within government, industry and academia, discussing a broad range of privacy issues, with a particular focus on privacy impact assessments (PIAs) and biometrics. The meetings were conducted in Sydney and Canberra.

Galexia has provided privacy compliance advice to a number of international companies with operations in Japan following the introduction of the Japanese Act on the Protection of Personal Information 2003.

Law Society of New South Wales

Law Society of NSW - Digital Credentials for the Legal Profession- Phase II (2006)

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more »

This project is an extension of work completed by Galexia in 2005, and involves the development of policies, procedures and documents for a pilot of the Law Society’s digital credentials. Galexia’s role is to ensure that policies are compatible with current best practices in PKI and the proposed Gatekeeper reforms.

Law Society of NSW - Digital Credentials for the Legal Profession (2005)

Galexia won a competitive tender to provide business analysis, research and advice in the development of digital credentials for the legal profession in NSW and Australia.

The Law Society of NSW and the Commonwealth Department of Industry, Tourism and Resources (DITR) have commissioned this.

This project consists of a number of phases delivered from June to October 2005.

• This initial phase
  Development and documentation of a high level business case, including identification of requirements, options, costs and impact.
• The second phase
  Development of a methodology -- including further development of the recommended option, including required policies and procedures, technical specifications and revalidation of the business case.

The project is a timely consideration of digital identity for lawyers and considers:

• Digital signature certificates and Electronic Signatures
• Public Key Infrastructure (PKI)
• Smart Cards
• Impact of GateKeeper reforms
• Electronic conveyancing
• Electronic Court Lodgement

Level 3 Communications

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

Level 3 - Advice on impact of EU data protection directive (2001)

Galexia worked with Baker & McKenzie to deliver a Privacy Impact Assessment and develop advice on web site privacy policies, US Safe Harbour arrangements, the implications of the EU Data Protection Directive, and data retention rules

Level 3 - Advice on privacy law in South-East Asia (2001)

Galexia and Baker & McKenzie completed a major privacy compliance strategy and training module for a major multinational communications company. The strategy included advice and training on compliance with privacy law and regulation in Hong Kong SAR, Japan, Korea and Taiwan.

Level 3 - Advice on Internet content regulation in South East Asia (2001)

Galexia and Baker & McKenzie completed an analysis of Internet content regulation in Hong Kong SAR, Japan, Korea and Taiwan for a multinational client.

Level 3 - Advice on Internet gambling regulation in South-East Asia (2001)

Galexia and Baker & McKenzie completed an analysis of Internet gambling regulation in Hong Kong SAR, Japan, Korea and Taiwan for a multinational client.

Lexis Australia

Lexis - Internet Law Bulletin (1998-2003)

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more »

Galexia authored the Internet Law Bulletin (ISSN 1035 2155) on a monthly basis for the first five volumes (1998-3003). The Internet Law Bulletin was one of the first publications of its type, and continues (in its seventh year) to deliver up to date coverage of developments in Internet law. Chris Connolly and Peter van Dijk were co-General Editors for Volumes 1 to 5. For Volume 6 onwards Galexia has remained an active contributor and Chris Connolly is a member of the Editorial Board. Other Galexia staff and associates are regular contributors to the Internet Law Bulletin.

Read more »

LIAC - Legal Information Access Centre

LIAC - Overview

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » LIAC links LIAC home page (external site) »

The Legal Access Information Centre (LIAC) is an information service operated by the State Library of New South Wales. LIAC provides legal research tools and resources for use by the general public.

LIAC - Cyberlaws Hot Topic (2009)

Galexia has prepared a ‘Hot Topic’ entry for LIAC discussing key legal issues relevant to the Internet and electronic commerce. The Hot Topic covers key international and Australian laws and developments, with topics including:

• Accessibility;
• Domain Names;
• Copyright;
• Contracts;
• Defamation;
• Content Regulation;
• Privacy and Spam;
• Social Network Sites;
• Consumer Protection; and
• Cybercrime.

LIV - Law Institute of Victoria

LIV - Law Institute of Victoria (1997 - 2009)

Galexia has been providing strategic IT advice and services to the Law Institute of Victoria for over eight years. This has included the development of critical infrastructure, Internet applications and content management systems to meet the needs of the Institute’s members.

Macquarie Bank

Related Galexia services and solutions Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more »

Macquarie Bank - Strategic Advice (2005)

Galexia provided strategic advice regarding privacy compliance issues for large-scale information broking services provided by Macquarie Bank clients. This task included strategic advice on privacy issues that can arise from the commercialisation of large data sets.

NEHTA - National E-Health Transition Authority

Healthcare Provider Identifier (HPI) and Individual Healthcare Identifier (IHI) Preliminary Privacy Impact Assessments (PIAs) (February 2006)

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

Following a competitive tender, the National E-Health Transition Authority (NEHTA) has asked Galexia to contribute the development of a secure, interoperable e-health environment in Australia. The project involves the development of two different types of healthcare identifiers. As such, Galexia’s primary role is the development of two preliminary Privacy Impact Assessments (PIAs) to examine and document potential privacy concerns.

• The first, the Healthcare Provider Identifier (HPI), is required so that individual providers can communicate with their colleagues, and jurisdictions can improve connectivity between their clinical systems within and across borders. Nationally, unique provider identification is recognised as a foundation for the broader e-health agenda and the implementation of Shared Electronic Health Records (Shared EHRs).
• The second, the Individual Healthcare Identifier (IHI), is required to ensure the correct identification of an individual and to make sure that the right information is attached to the right person.

Go to the NEHTA website »

NOIE - National Office for the Information Economy

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

NOIE - Overview

Galexia continues to provide trusted strategic advice to NOIE (now AGIMO) on authentication, identity management and privacy issues.

Galexia sits on the GateKeeper Policy Committee and has provided input to the national Authentication working group.

Read more about projects Galexia has worked on with AGIMO - the Australian Government Information Management Office »

Go to the AGIMO website »

NOIE - ABN-DSC project

Galexia prepared a comprehensive report for NOIE on issues in the use and cross recognition of ABN Digital Signature Certificates. It involved direct consultation with multiple Government agencies, vendors and industry bodies and the preparation of a report for the IMSC CIO Committee (April 2003). This project displayed Galexia’s ability to deliver quality outcomes to Commonwealth Agencies under the Cth Endorsed Supplier Arrangement (ESA), including a high level of service and support to a Canberra based client, total confidentiality, delivery on-time and on budget and compliance with all project criteria.

NOIE - Privacy and Public Key Infrastructure: Consultation Paper on Privacy Issues in the Use of PKI for Individuals and Possible Guidelines for Handling Privacy Issues in the Use of PKI for Individuals by Commonwealth agencies (June 2001)

Galexia was commissioned, by the National Office for the Information Economy (NOIE) and the Office of the Federal Privacy Commissioner (OFPC) to produce a research and discussion paper on privacy guidelines for the use of digital certificates. In 2001 we delivered a research and discussion paper on privacy guidelines for the use of digital certificates, including Privacy Impact Assessment research and checklist. This included the development of a plain language description of PKI, and draft guidelines which eventually became formal Guidelines under the Privacy Act 1988 for the use of PKI by Commonwealth agencies

Available from the Office of the Federal Privacy Commissioner - http://www.privacy.gov.au

Read more »

NSW RTA - Roads and Traffic Authority

NSW RTA - Overview

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more » NSW RTA links NSW Roads and Traffic Authority home page (external site) »

The NSW Roads and Traffic Authority (RTA) is responsible for road safety, vehicle registration and driver licensing in NSW, and is responsible for over 4 million drivers and over 5 million vehicles. The RTA’s management of state drivers’ licenses makes it a key agency in government-operated identification systems.

NSW RTA - Facial Recognition System PIA (2009)

Downloads and further reading Minister's press release (26 April 2009): ‘Facial recognition to combat fraud’ (external site) »

Galexia prepared a Privacy Impact Assessment (PIA) for a Facial Recognition System to be used by the NSW Roads and Traffic Authority for proof of identity and related functions, including as a tool for combating criminal activities such as money laundering and drug trafficking.

NSW RTA - Document Verification Service Privacy Impact Assessment (November 2007)

Galexia conducted a Privacy Impact Assessment (PIA) for the NSW Roads and Traffic Authority (RTA). The PIA covered the RTA’s potential participation in the national Document Verification Service (DVS).

The DVS has been developed as part of the National Identity Security Strategy. The DVS will be a secure, electronic, on-line system accessible by certain Australian Government, state and territory agencies to check the validity of an identity document. The verification of driver licences will be completed via the National Exchange of Vehicle and Driver Information System (NEVDIS) database, operated by Austroads.

OFPC - Office of the Federal Privacy Commissioner

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Identity Management and Authentication - Strategic Consulting. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

OFPC - Privacy and Public Key Infrastructure: Consultation Paper on Privacy Issues in the Use of PKI for Individuals and Possible Guidelines for Handling Privacy Issues in the Use of PKI for Individuals by Commonwealth agencies (June 2001)

Galexia was commissioned, by the National Office for the Information Economy (NOIE) and the Office of the Federal Privacy Commissioner (OFPC) to produce a research and discussion paper on privacy guidelines for the use of digital certificates. In 2001 we delivered a research and discussion paper on privacy guidelines for the use of digital certificates, including Privacy Impact Assessment research and checklist. This included the development of a plain language description of PKI, and draft guidelines which eventually became formal Guidelines under the Privacy Act 1988 for the use of PKI by Commonwealth agencies

Available from the Office of the Federal Privacy Commissioner - http://www.privacy.gov.au

Read more »

QT - Queensland Department of Transport

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more » Strategic Privacy Consulting. Read more » Privacy Management Lifecycle: Our Privacy Products and Services. Read more »

QT - Ongoing strategic advice (2001 - 2005)

Galexia has been assisting Queensland Transport with a range of advice on the New Queensland Driver Licence since 2001. This has included the production of numerous briefing notes on specific issues and attendance at a range of meetings and workshops. Galexia is continuing to provide ongoing advice as the project progresses to the public tender stage.

QT - Privacy Stakeholder Consultations for new Queensland Driver License (2003)

Galexia assisted Queensland Transport conduct public consultations in late 2003 and early 2004 on the New Queensland Driver Licence. This included advice on the communications strategy and attendance at stakeholder meetings and workshops.

QT - Privacy Management Strategy (PMS) for new Queensland Driver License (September 2003)

In March 2003 Galexia completed the Privacy Management Strategy (PMS) for Queensland Transport on the proposed Queensland Smart Card Driver Licence. In September 2003 this was released to the public as part of a formal consultation process. This Privacy Management Strategy (PMS) covers a wide range of technical and legal issues and proposes short, medium and long-term measures for ensuring that privacy issues are managed in the proposed roll-out of the new licence.

Read more »

QT - Privacy Impact Assessment (PIA) for new Queensland Driver License

We have conducted a Privacy Impact Assessment (PIA) of new technology being considered by Queensland Transport, including ongoing advice to the Department on smart cards, electronic authentication, digital certificates, evidence of identity, and PKI. Galexia’s PIA and the subsequent Privacy Management Strategy received formal sign off from the Queensland Crown Solicitor and approval from a Cabinet sub-committee.

Qubit Consulting

Qubit - Overview

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more » Identity Management and Authentication - Technical Consulting. Read more » Qubit links Qubit Consulting home page (external site) »

Qubit Consulting specialises in enterprise IT consulting, including:

• Service Oriented Architecture (SOA);
• Identity Management and Application Security; and
• Application Development.

Galexia has partnered with Qubit Consulting in developing and implementing a number of large identity and access management systems.

Qubit - University of Sydney Identity Systems Upgrade (2009)

Qubit Consulting has conducted a major upgrade of identity systems for the University of Sydney. Galexia assisted with the development and implementation of a security and provisioning solution for University staff and students.

Qubit - Vodafone Authentication Gateway and Identity Management (2009)

Galexia assisted with Qubit’s significant redevelopment of Vodafone’s identity and access management systems, which serves over 4 million users. Galexia provided implementation services for identity management and directory services.

Queensland Information Brokers

QVAS Code of Conduct (2008)

Related Galexia services and solutions Self-regulation and Codes of Conduct. Read more » Strategic Privacy Consulting. Read more »

Galexia developed a Code of Conduct for bulk data access to identified information in the Queensland Valuation and Sales System (QVAS) database - the short title is the QVAS Code of Conduct.

Galexia assisted the Queensland Department of Natural Resources and Water and a working group of information broker industry representatives to develop this Code. The project included research on privacy issues, stakeholder workshops, multiple drafts and the development of an explanatory memorandum.

The Code covers privacy protections and complaints mechanisms for access to information about real property transactions in Queensland. The Code was submitted to the QLD Cabinet in late 2008 was subject to public consultations in 2009.

Galexia advised the following information brokers during the project:

• Australian Property Monitors/Fairfax (APM);
• CITEC;
• Enhance;
• PDS Live;
• Residex;
• RP Data;
• Trivett Property Group; and
• Veda Advantage.

RP Data

RP Data - Privacy and Public Registers Advice

Related Galexia services and solutions Privacy Management Lifecycle: Our Privacy Products and Services. Read more » Strategic Privacy Consulting. Read more »

Galexia assisted RP Data to complete a report to examine the best practice privacy management for public registers in Australia.

Galexia advised on:

• A detailed description of how privacy is managed in Australian jurisdiction for public register information (land registry data, electoral roll data, etc.);
• A detailed description of best practice approaches to managing privacy in public registers (codes of conduct, published papers etc.);
• Analysis of legislative approaches to managing privacy in public registers (Commonwealth and State legislation); and
• Insight into trends in privacy regulation of privacy in public registers (Australian Law Reform Commission review etc.).

The paper reflects Galexia’s expertise on relevant, cogent and commercially aware strategic advice on privacy.

Read more »

Sensis

Related Galexia services and solutions Identity Management and Authentication - Technical Consulting. Read more »

Sensis - Identity and Access Management (2007)

Galexia is providing senior technical assistance in the development of a distributed cross-domain single-sign on and access management platform.

Singapore iDA

Singapore iDA - A Study of Singapore’s Certification Authority Scheme

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more » Identity Management and Authentication - Technical Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more »

Galexia successfully joined a consortium to review the compliance auditing framework for Certification Authority (CA) candidates for the Singapore Infocomm Development Authority (iDA).

The existing framework consists of audit standards and updated security management best practice guidelines. The objective was to update the guidelines to align them with international best practices, and to provide clarity for CAs and auditors on security audit requirements for CAs. The project also provided a ‘gap analysis’ of the present set of guidelines and audit requirements concerning internationally recognised security standards and best practices.

The proposed changes are currently the subject of consideration by Singapore iDA.

Singapore iDA - Singapore National Authentication Framework (NAF)

The Infocomm Development Authority of Singapore (iDA) is also spearheading a National Authentication Framework (NAF) programme under their 10 year Intelligent Nation Masterplan. NAF aims to implement a nationwide infrastructure for strong authentication through the development of appropriate business, technical and operational frameworks. A NAF steering committee and four NAF sub-committees (Finance, Telecommunications, Government and Technical) comprising of industry captains and government will provide sponsorship and inputs to the developmental works under NAF.

Galexia has been chosen as part of a consortium (also including KPMG, Baker & McKenzie, Wong & Leow and Biometix) to drive and guide the establishment of the NAF. As such Galexia’s work entails the proposal of a model to deploy the NAF, and to develop 4 supporting components that are needed to realise the deployments:

• Governance Framework and Regulatory Requirements;
• Accreditation Audit Criteria for Authentication Operators (‘AOs’);
• Reference Business Agreement; and
• Reference Technical Standards and Protocols.

South Australia - Office of the Chief Information Officer

South Australia - Office of the Chief Information Officer - Review Of Identity And Access Management Position Paper

Related Galexia services and solutions Identity Management and Authentication - Strategic Consulting. Read more » Issues Management: Public and Stakeholder Consultations. Read more »

Galexia has conducted a review of a position paper developed by the South Australian Office of the Chief Information Officer. The paper, on Identity and Access Management (IAM) for the South Australian Government, is a pre-cursor for the planned development of an IAM Framework for all of South Australia.

Read more »

Telstra

Related Galexia services and solutions Identity Management and Authentication - Technical Consulting. Read more »

Telstra - Identity Management and Authentication Projects (2006-2008)

Galexia (through Sun Microsystems, with partners including Accenture and EDS) has assisted in the design of identity management, access control and authentication solutions for Telstra in Australia. Galexia provided expert consulting services, including analysis, lead architecture, high-performance software design and advice on performance/load/stress testing. The largest single implementation will provide identity management and single sign on authentication services to 20 million customer accounts - one of the most significant and advanced deployments worldwide. These projects are ongoing. Galexia’s work for Telstra has included:

Telstra BigPond

This has included advice on identity management and cross domain authentication for Telstra’s BigPond customers and content partners. It also includes advice on next generation wireless services and applications.

Telstra ‘Transformation’ project

The Transformation project is Telstra's multi-billion dollar program of consolidation and new service rollout. Galexia’s involvement has included advice on Telstra’s proposed integration and consolidation of all client services under a unified, consistent approach to identity management, single sign on and authentication.

Telstra Sentinel

This is Telstra’s system for the management of identity and access for internal staff and contractors. Galexia has advised on architecture and on performance, including a complete review and redesign of the system. The design incorporates next generation bi-level role based access control techniques.

Sensis Identity and Access Management

Sensis is developing a cross-domain single-sign on and access management platform that links customer accounts across its ‘Properties’ (Trading Post, Yellow Pages, White Pages etc). Galexia is providing senior consulting advice in this project.

Thomson Reuters Australia

Thomson Reuters - Overview

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more » Thomson Reuters Australia links Thomson Reuters Australian home page (external site) »

Thomson Reuters Australia is a major publisher for the legal, tax and accounting, and business sectors, providing many of the most widely used print and electronic resources in business and academia.

Thomson Reuters - The Laws of Australia (2009)

Galexia is editing the ‘Electronic Contracts’ chapter of Thomson Reuter’s The Laws of Australia. The chapter provides an encyclopaedic analysis of Australian law on the use of electronic communications and contracts, including electronic contract formation, identity and security, electronic signatures, evidence, and consumer protection. Galexia’s work on this chapter builds on our expertise in Australian and international electronic contract law.

Timmins Consulting

Related Galexia services and solutions Strategic Privacy Consulting. Read more » Specialised Legal and Regulatory Consulting. Read more »

Timmins - Privacy Management Strategies for Local Government (2005)

In July of 2005, Galexia director Chris Connolly delivered a presentation at the advanced workshop 'Privacy Management Strategies for Local Government'. The presentation Managing Privacy Responsibilities: Privacy Impact Assessments outlined a number of issues and challenges in handling new technology from a privacy management standpoint. The presentation also delved into the management of privacy by looking closely at Privacy Impact Assessments (PIAs) and Privacy Management Strategy (PMS).

UNCTAD - United Nations Conference on Trade and Development

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more »

UNCTAD - Information Economy Report 2007

Galexia was commissioned by the United Nations Conference on Trade and Development (UNCTAD) to contribute a chapter to the Information Economy Report 2007-2008. Galexia’s chapter presents a case study on the ASEAN E-Commerce Project - a major 4-year project to assist the ten Member Countries of the Association of South East Asian Nations develop and implement a harmonised e-commerce legal infrastructure. The E-Commerce Project is funded by the ASEAN Australia Development Cooperation Program (AADCP).

The experience of the ASEAN Member Countries in the E-Commerce Project may be helpful for developing countries formulating their own e-commerce legislation and beyond this, developing a comprehensive legal infrastructure, including regulations, standards, training and education.

Read UNCTAD's Information Economy Report series (external link) »

Read more about Galexia's ASEAN E-Commerce project »

UNSW - University of NSW

Related Galexia services and solutions Specialised Legal and Regulatory Consulting. Read more »

UNSW - Faculty of Law - Electronic Commerce Law Materials (2004-2005)

Galexia has developed materials for the University of NSW course on Electronic Commerce Law (2004). This is available as an updated extranet for course participants.

Read more »

UNSW - Faculty of Law - Cyberspace Law Materials (2003 - 2004)

Galexia has developed and hosts materials for the University of NSW course on Cyberspace Law. This is available as an updated extranet for course participants.

Read more »

UNSW - Baker & McKenzie Cyberspace Law & Policy Centre - Digital Document Retention Research (April 2004)

Galexia provided research and advice on legal and strategic issues in Digital Document Retention. This included detailed Australian and international research.

Read the final report »

UNSW - Faculty of Law - Online Dispute Resolution Research (May 2004)

Galexia provided research and advice on legal and strategic issues in Online Dispute Resolution. This included detailed Australian and international research.

Veda Advantage

Credit Reporting Framework - Submission to Australian Law Reform Commission Discussion Paper 72 (December 2007)

Related Galexia services and solutions Self-regulation and Codes of Conduct. Read more » Strategic Privacy Consulting. Read more » Specialised Legal and Regulatory Consulting. Read more »

Galexia has been commissioned to independently research and develop options for a framework for stronger, more effective and more efficient consumer protection in credit reporting in Australia. This task has been initiated in response to the Australian Law Reform Commission (ALRC) review of privacy legislation.

Consumer protection in the regulation of credit reporting is a very complex territory and Veda Advantage wanted to assist the ALRC and stakeholders with a cogent expert’s report to guide understanding of the major issues.

ALRC’s Discussion Paper 72: Review of Australian Privacy Law »

Galexia’s submission »

Vodafone Australia

Vodafone Australia - Access Controls Project

Related Galexia services and solutions Identity Management and Authentication - Technical Consulting. Read more »

Galexia (with partners, including Sun Microsystems) assisted in the design and delivery of a telco-grade identity management and access control solution for Vodafone Australia.

Galexia provided expert consulting services that covered the entire project lifecycle, including analysis, lead architecture, high-performance software design, multi-site high-availability hardware sizing, network and monitoring design, security design, automated provisioning and advice on performance/load/stress testing.

[up to projects]