About Us - Galexia News
- Register of Public Galexia PIAs - 3 September 2019
- Updates to Galexia Website - 4 September 2019
- PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia’s PIA on the proposed Data Sharing and Release legislative framework - 3 September 2019
- Galexia providing privacy advice and an independent public Privacy Impact Assessment (PIA) on 2021 Census for ABS - August 2019
- Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register - June 2019
- Galexia completes privacy advice and an independent PIA for Department of Prime Minister & Cabinet on the proposed Data Sharing & Release Bill and related regulatory framework - June 2019
- Galexia completes Privacy Impact Assessment (PIA) for Victorian Labour Hire Licensing Authority (LHLA) - June 2019
- Galexia completes independent review of Consumer Data Standards - Security Profile (CDS-SP) and process on Open Banking for Data61 - 21 December 2018
- Digital Transformation Agency (DTA) releases 2nd Galexia Privacy Impact Assessment (PIA) on Digital Identity - 13 November 2018
- Galexia completes Privacy Advice and 2-Stage Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on PageUp Services - November 2018
- Iterative privacy advice for Fair Work Commission (FWC) and independent PIA for eCASE - a new cloud-based case management platform - October 2018
- Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on MyTAC enhancement - October 2018
- Galexia completes 2nd PIA and Privacy Checklist for the Victorian Transport Accident Commission (TAC) on cloud-based Data Analytics and Reporting (Phase 2 - Expanded Data Set) - October 2018
- Two-stage independent PIA for myGovID finalised - September 2018
- ABS accepts all recommendations in Galexia independent Privacy Impact Assessment (PIA) on National Health Survey (NHS) Linkage - 28 August 2018
- Galexia completes Privacy Impact Assessment (PIA) for Victorian Agency for Health Information (VAHI) - 28 August 2018
- Galexia completes initial Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on proposed cloud-based Data Analytics and Reporting Pilot - July 2018
- Galexia engaged by Department of Prime Minister & Cabinet to conduct an independent PIA on the proposed Data Sharing & Release Bill - 9 July 2018
- BSA & Galexia Global Cloud Computing Scorecard 2018 (Galexia Analytics Release) - May 2018
- Galexia selected to provide independent and public Privacy Impact Assessment on National Health Survey (NHS) Linkage Project for ABS and Department of Health - April 2018
- ABS accepts recommendations in Galexia Privacy Impact Assessment (PIA) on the Multi-Agency Data Interchange Project (MADIP) - April 2018
- 2018 Global Cloud Computing Readiness Scorecard released - 6 March 2018
- Putting data governance and privacy top of Australian Government Agencies Agenda (KWM Insight) - 6 November 2017
- Galexia assisted The University of Sydney on an Identity and Access Management Strategy - October 2017
- Legal and Ethical Challenges for Driverless Cars and Smart Roads - 20 October 2017
- New De-Identification Decision-Making Framework released - October 2017
- Australian Open Banking Review to consider digital identity issues - October 2017
- King & Wood Mallesons (KWM) and Galexia collaborating on Data Governance Advisory Services - October 2017
- Galexia undertakes Review and Briefing on Identity Management and Customer Initiated Data Sharing for Regional Australia Bank - September 2017
- Galexia completes Privacy Impact Assessment (PIA) for the Australian Health Practitioner Regulation Authority (AHPRA) on Cloud Hosted Platforms - August 2017
- Galexia on panel at ForgeRock Identity Summit - The evolving role of privacy in digital transformation - 15 August 2017
- Galexia providing independent privacy advisory services to Australian Bureau of Statistics (ABS) - August 2017
- Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Point of Sale (PoS) Online Service - June 2017
- Galexia director speaks at Conference on Digital Economy, Trade and Development (Stockholm) - 21 June 2017
- Galexia Associate publishes new book on privacy law in Singapore - June 2017
- Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Phase 1 of Online Client Service - April 2017
- Digital Transformation Agency (DTA) releases 1st Galexia Privacy Impact Assessment (PIA) on Digital Identity - 17 March 2017
- Austroads publishes the first Privacy Impact Assessment (PIA) on data messages for connected cars in Australia - March 2017
- New Global Cloud Computing Readiness Scorecard being developed - February 2017
- Galexia presenting at CPDP2017 (The Age of Intelligent Machines) Computers, Privacy & Data Protection 10th International Conference, Brussels - 25 January 2017
- Galexia completes initial Privacy Impact Assessment (PIA) for the Australian Government Digital Transformation Agency (DTA) on the proposed Trusted Digital Identity Framework (TDIF) - December 2016
- Galexia presenting at the Annual European Data Protection and Privacy Conference, Brussels - 1 December 2016
- Galexia Micro-site on the 2016 Global Cloud Computing Scorecard with analytics and graphs on trends since 2012 - December 2016
- Article in Data Protection Leader - Regulators fight back against privacy fraud - November 2016
- Galexia completes Privacy Impact Assessment (PIA) for the Australian Government Attorney General’s Department (AGD) on Change of Name Data Sharing - October 2016
- Galexia Director Chris Connolly joins the Editorial Board of Data Protection Leader - October 2016
- Galexia presenting at the International Conference of Data Protection and Privacy Commissioners, Marrakech - October 2016
- Privacy Policy and Privacy Management Framework for Financial Literacy Platform - September 2016
- Galexia completes Privacy Impact Assessment (PIA) for Austroads on Co-operative Intelligent Transport Systems (C-ITS) data messaging - August 2016
- Galexia undertakes Privacy Review on a micro payment system for public transport - July 2016
- Galexia completes Privacy Impact Assessment (PIA) for the NSW Information and Privacy Commission on cloud based Government Access tool - July 2016
- Galexia chapter in 'Enforcing Privacy' book published (Springer) - April 2016
- 3rd Global Cloud Computing Readiness Scorecard released - 27 April 2016
- Galexia helps the United Nations publish major study on data protection and trade - 19 April 2016
- 3rd Global Cloud Computing Readiness Scorecard due for public release - April 2016
- United Nations hosting major E-Commerce event in Geneva - 18 April 2016
- Galexia article about Implementation of the new EU-US Privacy Shield - 21 March 2016
- Advice on market sizing for cross border transfers from Europe - February 2016
- The European Union Network and Information Security (NIS) Directive moves a step closer to implementation - 16 January 2016
- Galexia Director speaking at Privacy Law and Business Conference in Cambridge (UK) - 7 July 2015
- APAC CyberSecurity Dashboard and 10 Country Reports Launched - 1 July 2015
- Vale Claro ‘Lalen’ Parlade - June 2015
- Privacy Review for Diabetes Australia - June 2015
- European CyberSecurity Dashboard and 28 Country Reports Launched - 3 March 2015
- Galexia to present at Expert Meeting on Cyberlaws and Regulations for Enhancing E-Commerce, Geneva - March 2015
- 3rd Global Cloud Computing Readiness Scorecard being developed for mid 2015 launch - August 2014
- Galexia completes Privacy Impact Assessment (PIA) for Victorian Resource Rights Allocation and Management (RRAM) migration to cloud - August 2014
- Galexia developing Asia-Pacific Cybersecurity Comparative Study - July 2014
- Australian Department of Communications Technology Advice Panel - June 2014
- Galexia developing European Cybersecurity Comparative Study - June 2014
- Galexia presents on The Future of the EU-US Safe Harbor at Brussels conference - 1 June 2014
- Galexia completes Privacy Impact Assessment (PIA) for Business Victoria Online - May 2014
- AUSTRAC releases Galexia’s PIA on AML/CTF reforms - May 2014
- Galexia gives evidence about EU/US Safe Harbor privacy framework to the UK House of Lords - 12 March 2014
- Galexia presentation at the Commonwealth Cybersecurity Forum in London - 5 March 2014
- Galexia completes privacy and security advice on cloud applications for 3wks.com.au and Victorian Government - November 2013
- Galexia and Doll Martin Associates announce closer strategic relationship - October 2013
- Galexia invited to provide evidence to the European Parliament LIBE Inquiry on Electronic Mass Surveillance of EU Citizens - 7 October 2013
- UNCTAD Review of E-commerce Legislation Harmonization in ASEAN - 25 September 2013
- UNCTAD Information Economy Report 2013 - Expert Peer Review Meeting (Geneva) - July 2013
- Galexia provides Australian Energy Market Operator (AEMO) advice on cloud based identity - April 2013
- Independent Review of Queensland Personal Identification Information in Property Data (PIIPD) Code of Conduct - March 2013
- 2nd Global Cloud Computing Readiness Scorecard launched - 7 March 2013
- Asia Cloud Computing Association incorporates Galexia research into its 2nd Cloud Readiness Index - 13 November 2012
- Galexia develops Identity and Access Management Strategy and Roadmap for Australian Energy Market Operator (AEMO) - March 2012
- Global Cloud Computing Readiness Scorecard launched - 22 February 2012
- Galexia to present the new Global Cloud Readiness Scorecard at the Cloud Connect conference, Santa Clara USA - 14 February 2012
- New ePayments Code launched in Australia - September 2011
- Singapore to introduce privacy legislation and a Do Not Call Register - September 2011
- Asia Cloud Computing Association incorporates Galexia research into its Cloud Readiness Index - September 2011
- Galexia research on privacy and health data published in two prestigious medical journals - July 2011
- ACMA publishes Galexia’s research on international Cybersecurity awareness raising and educational initiatives - May 2011
- Galexia team presents Asia Pacific Digital Economy and Cloud Computing Scorecard at Hong Kong workshop - April 2011
- Galexia completes Asia Pacific Digital Economy and Cloud Computing Scorecard - March 2011
- Treaties Committee recommends Australia sign two important cyberlaw Conventions - March 2011
- Cloud computing advice to the Victorian Department of Innovation, Industry and Regional Development (DIIRD) - November 2010
- Galexia contributes to new research on privacy complaints in the communications sector - September 2010
- Galexia presented at the Privacy Laws & Business 23rd Annual International Conference - 14 April 2010
- Malaysia Parliament passes Personal Data Protection Act - 5 April 2010
- Galexia prepares submission on consumer fairness tests for ACCAN - 5 March 2010
- Galexia director Chris Connolly speaking at Asia-Pacific privacy seminar - 2 March 2010
- Galexia prepares draft interoperability principles for ACCAN - 2 March 2010
- Galexia interviewed by Privacy Laws and Business International Journal on the US Safe Harbor and recent actions by the FTC - 26 February 2010
- Galexia report on public information on credit reporting - 16 February 2010
- Galexia and Qubit Consulting conduct IDM upgrade for the University of Western Sydney - 25 January 2010
- Galexia and CHOICE prepare submission to superannuation review - 18 December 2009
- Galexia contributes to the Oxford Australian Law Dictionary - 17 December 2009
- Legal Information Access Centre publishes Galexia’s Hot Topic on Cyberlaws - 1 December 2009
- Galexia prepares privacy analysis of Salesforce CRM - 17 November 2009
- Galexia and Qubit Consulting conduct IDM upgrade for the University of Sydney - 5 November 2009
- Galexia prepares working draft of Benchmarks for Global Privacy Standards - 3 November 2009
- Galexia publishes submission to the DBCDE Do Not Call Register Statutory Review - 20 October 2009
- Galexia completes PIA for Victorian Department of Innovation, Industry and Regional Development - 1 October 2009
- Galexia develops Victorian Privacy Impact Assessment template - 21 September 2009
- First US Prosecution for false web claim of Safe Harbor status - 11 September 2009
- Galexia publishes international analysis of Do Not Call Registers - 8 September 2009
- ACCAN releases Galexia research on Customer Service Charters in the Australian Telecommunications Sector - 25 August 2009
- ACCAN releases Galexia research on Informed Consent in the Australian Telecommunications Sector - 21 August 2009
- eCrime symposium - 4 August 2009
- Galexia complete facial recognition PIA for NSW Roads and Traffic Authority - 1 August 2009
- CHOICE submission on consumer code development processes - 2 June 2009
- Galexia has published an article on Privacy White Lists - 2 June 2009
- Government to expand the Do Not Call Register - 29 May 2009
- ACCAN and customer service charters in the telecommunications sector - 27 May 2009
- ACCAN and informed consent in the telecommunications sector - 26 May 2009
- Government releases draft National Consumer Credit Reform Package - 28 April 2009
- Galexia news available via RSS - 24 April 2009
- Australia to adopt the UN Convention on the use of Electronic Communications in International Contracts - 23 April 2009
- Department of Broadband, Communications and the Digital Economy (DBCDE) releases issues paper on consumer codes in telecommunications - 31 March 2009
- Australasian Retail Credit Association Credit Reporting Code - March 2009
- ASEAN, Australia, New Zealand sign free trade agreement - February 2009
- First Technical Assistance Seminar on the Implementation of the APEC Data Privacy Pathfinder - February 2009
- Survey on consumer protection laws in Asia-Pacific - February 2009
- AUSTROADS privacy review - February 2009
- Privacy in interstate student transfers - January 2009
- Privacy code for access to Queensland property data - January 2009
- 2008 review of the EFT Code of Conduct - January 2009
- National e-Authentication Framework Website Authentication Guidelines - January 2009
- New Galexia Study: The US Safe Harbor - Fact or Fiction? - December 2008
- Privacy in consumer credit reporting - November 2008
- The ALRC recommendations for Cross Border Transfers - November 2008
- CHOICE publishes Galexia report on consumer protection in the telecommunications industry - October 2008
- Trustmark Schemes Struggle to Protect Privacy - September 2008
- Galexia advises on Identity and Access Management strategy in the financial sector - 15 October 2008
- Privacy issues in e-commerce - October 2008
- Asia-Pacific regional privacy options - August 2008
- Australian Law Reform Commission releases final report on Australian privacy laws - August 2008
- Galexia conducts Pacific spam enforcement workshop - July 2008
- Galexia publishes case study on Harmonisation of E-Commerce Legal Infrastructure in ASEAN project - May 2008
- Galexia assists CHOICE with submission on consumer protection in telecommunications - May 2008
- Recruitment - Legal/IT Research Consultant - April 2008
- Automated business in life insurance and electronic commerce - April 2008
- Tenth ASEAN E-Commerce workshop held in Jakarta, Indonesia - March 2008
- Indonesian Parliament passes e-commerce law - March 2008
- Consumer protection in electronic contracts - March 2008
- Galexia completes study of cyberlaw harmonization for UNCTAD Information Economy Report - February 2008
- Galexia assists Eric Bana in a domain name dispute - February 2008
- Galexia hosts Japanese privacy delegation - February 2008
- The privacy implications of China's outsourcing industry - January 2008
- Developments in digital rights management - January 2008
- Galexia provides technical assistance for Indonesian cyberlaw bill - January 2008
- Developments in Asia-Pacific privacy laws in 2007 - January 2008
- Credit reporting submission to the Australian Law Reform Commission's Privacy Review - December 2007
- Galexia Associate Claro Parlade wins Endeavour Fellowship to study privacy law - November 2007
- Jurisdictional and enforcement issues of internet gambling - October 2007
- Galexia assists the NSW RTA with their Document Verification System - October 2007
- Galexia to help develop spam laws in the Pacific - October 2007
- Five new signatories to the UN Convention on the Use of Electronic Communications in International Contracts - October 2007
- Consumer Action Law Centre publish Galexia's Trade Practices Act Public Benefit Report - September 2007
- Galexia meets with Secretary of State to the Ministry of Commerce in Cambodia - September 2007
- Galexia's commentary on the UN Convention on Electronic Contracting documents - September 2007
- Data retention by search engines and Australian privacy law - August 2007
- Land rights in virtual worlds - August 2007
- UN Electronic Communications in International Contracts Convention in Hanover, Germany - August 2007
- Ninth ASEAN E-Commerce workshop held in Siem Reap, Cambodia - August 2007
- Internet and E-commerce Law - August 2007
- OECD issues new Recommendation on Consumer Dispute Resolution and Redress - August 2007
- Galexia presents final digital signature strategy to Law Society of NSW - July 2007
- Galexia writes chapter in Information Economy Report 2007 for UNCTAD - July 2007
- Galexia completes initial PIA for the Department of Defence - June 2007
- OECD issues Recommendation and Guidance on Electronic Authentication - June 2007
- Galexia attends the second APEC Privacy Seminar in Cairns - June 2007
- Review of the EU Directive on Electronic Commerce - June 2007
- Sarah Andrews joins Galexia - June 2007
- Galexia publishes article on recent developments in internet jurisdiction - May 2007
- The Telecommunications (Interception) Amendment Act 2006 - May 2007
- Galexia assists CHOICE with a joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC - May 2007
- Galexia joins AGIMO Identity Management and Authentication Consultancy Services Panel - May 2007
- Eighth ASEAN E-Commerce workshop held in Vientiane, Laos - March 2007
- Galexia undertakes third extension to ASEAN E-Commerce Harmonisation work - April 2007
- Galexia at the Canberra APEC Data Privacy Seminar - January 2007
- Second edition of 'Cyberspace Law: Commentaries and Materials' - January 2007
- Gatekeeper reforms published - October 2006
- Galexia hosts 7th ASEAN Workshop on E-Commerce in Brunei - September 2006
- Online Dispute Resolution - August 2006
- Galexia to help develop the Singapore National Authentication Framework - August 2006
- Galexia provides privacy compliance advice to Fidelity International - August 2006
- Galexia examines best practice privacy management for public registers in Australia - July 2006
- Galexia reviews identity management paper for South Australian Chief Information Officer - July 2006
- Galexia to conduct analysis of e-commerce legal infrastructure in Malaysia - July 2006
- UN Convention on the Use of Electronic Communications in International Contracts comes into force - July 2006
- Sixth ASEAN E-Commerce workshop in Manila - May 2006
- Galexia to help develop the Australian Government e-Authentication Framework for Individuals (AGAFI) - April 2006
- Galexia to help complete the Gatekeeper Public Key Infrastructure Framework for AGIMO - April 2006
- The UN Convention on Electronic Contracting - March 2006
- Galexia conducting Preliminary Privacy Impact Assessments (PIAs) on Healthcare Provider Identifier (HPI) and Individual Healthcare Identifier (IHI) for National E-Health Transition Authority (NEHTA) - February 2006
- Galexia to assist in further harmonisation of ASEAN electronic commerce - February 2006
- Galexia publishes case note on WL v La Trobe University case - February 2006
- Galexia publishes plain language guide to cyberlaws - January 2006
- Galexia expands work with Law Society of NSW and Commonwealth Department of Industy, Tourism and Resources (DITR) - January 2006
- Galexia to develop Privacy Impact Assessment (PIA) for Government employees in Australia - January 2006
- AUSTROADS engages Galexia for a risk management framework on national vehicle database - January 2006
- Galexia complete Cyberlaws Survey in ASEAN - January 2006
- Fifth ASEAN E-Commerce harmonisation workshop in Singapore - December 2005
- AGIMO develops out e-Authentication Framework to individuals - December 2005
- Galexia presents at CSIRO Science Policy Workshop - November 2005
- Galexia publishes article on the Montreux Declaration - November 2005
- Galexia to publish article on the UNCITRAL Convention on Electronic Contracting - November 2005
- CSIRO P-Health Flagship engages Galexia in analysis of privacy and trust issues in the use of health data in research - August 2005
- Galexia commissioned to conduct a survey of ASEAN Cyberlaws - August 2005
- Malaysian Minister announce new E-Commerce Laws at Galexia Workshop - July 2005
- Fourth ASEAN E-Commerce harmonisation workshop in Malaysia - July 2005
- Digital credentials for the legal profession - July 2005
- Presentation at Asia PKI Forum in Singapore - July 2005
- Workshop on 'Privacy Management Strategies for Local Government' - July 2005
- Galexia publishes article on the US Real ID Act - June 2005
- Patient privacy and security - June 2005
- Galexia participates in 2005 Australian Mission to the Asian Development Bank - March 2005
- Biometrics and Privacy - March 2005
- Remaining legal barriers to the use of digital signatures in Australia - March 2005
- Galexia publishes article on PKI Interoperability - February 2005
- Third ASEAN E-Commerce harmonisation workshop in Cambodia - February 2005
- The UN Convention on Electronic Contracting - January 2005
- ASEAN Prioritises E-Commerce Integration - November 2004
- Overview of E-Commerce Legal Infrastructure - October 2004
- Second ASEAN E-Commerce harmonisation workshop in Bangkok - October 2004
- Galexia presented at APEC TEL 30 - September 2004
- Exemptions in the Australian Electronic Transactions Act - September 2004
- Galexia's Commonwealth Endorsed Supplier Arrangement extended to 2007 - August 2004
- Galexia develops and hosts course materials for Electronic Commerce Law - August 2004
- Galexia publishes article on Managing Consent in a Multidisciplinary Team Environment - June 2004
- Galexia at the inaugural Asian Law Institute (ASLI) conference - May 2004
- Galexia presents on Legal and Privacy Issues in e-Government - May 2004
- Galexia holds first workshop on ASEAN e-commerce harmonisation in Singapore - May 2004
- Federal Court injunction obtained under Privacy Act - May 2004
- Committee for Economic Development of Australia (CEDA) - E-Commerce - Pausing for Breath, Maximising Financial Returns & Managing Risks - April 2004
- Galexia to assist ASEAN harmonise electronic commerce - March 2004
- Enhanced data security and customer understanding through identity and access management - March 2004
- Galexia completes a strategic consultancy on a national health identifier for the Commonwealth Department of Health and Ageing - February 2004
- Galexia conference presentation on health identity management - March 2004
- Galexia's Representative Complaints paper to appear in Privacy Law & Policy Review - February 2004
- Baker and McKenzie Cyberspace Law and Policy Centre (CLE Series 2003) - Online contracts: Banking, finance and insurance - December 2003
- Baker and McKenzie Cyberspace Law and Policy Centre (CLE Series 2003) - Privacy Complaints: How to Get a Win for Your Client (Making Privacy Laws Work) - December 2003
- Australian Telecommunications Industry Ombudsman (TIO) Conference - Convergence: Redrawing the Boundaries - December 2003
- Galexia's Privacy Management Strategy (PMS) for New Queensland Smart Card Driver Licence released - September 2003
- Case studies on distributed identity - September 2003
- Privacy class actions - Galexia has published a survey of Australian and international privacy laws that allow class actions and representative complaints to be made - September 2003
- Galexia presents paper at national Electronic Authentication Stakeholder workshop for the Vocational Education and Training sector - August 2003
- Galexia delivers report on ABN-DSC interoperability - April 2003
- Ian Booth joins Galexia as an Associate - March 2003
- Galexia completes research paper on Electronic Authentication for Flexible Learning for Australian National Training Authority - February 2003
- Galexia updates Intelligence Report on privacy law in Asia - January 2003
- Galexia wins tender to deliver research paper on Electronic Authentication for Flexible Learning for Australian National Training Authority - September 2002
- Galexia Intelligence Report #6 - Privacy Codes of Conduct (Process and Content Issues) - August 2002
- Galexia focuses on E-Commerce law: The Law and Policy of Consumer Protection in Electronic Commerce in Australia (Updated) - October 2001
- Galexia commissioned to write a consultation paper on privacy issues in the use of PKI for individuals - June 2001
- Galexia completes a new Intelligence Report: An Introduction to e-Commerce Law - May 2001
- Galexia's first Intelligence Report: Privacy Impact Assessments (PIAs) - February 2001
- Paper on Electronic Lodgment in the Land and Environment Court - February 2001
Register of Public Galexia PIAs - 3 September 2019
|
|
Updates to Galexia Website - 4 September 2019
We are updating our website to include more than 2 years of projects, independent reviews and assessments, presentations, research papers and partnerships.
Check back here for the latest updates.
|
PM&C / Office of the National Data Commissioner (ONDC) releases Discussion Paper and accepts recommendations from Galexia’s PIA on the proposed Data Sharing and Release legislative framework - 3 September 2019
|
In July 2018 Galexia was engaged to provide privacy advice and an independent and public Privacy Impact Assessment (PIA) on the proposed policy settings and related legislative reforms surrounding the Data Sharing & Release (DS&R) Framework.
The PIA was prepared prior to the finalisation of the Data Sharing & Release Bill and Galexia’s engagement process facilitated the Australian Government Department of the Prime Minister & Cabinet (DPMC) <www.pmc.gov.au> and Office of the National Data Commissioner (ONDC) <www.datacommissioner.gov.au> to adopt an iterative approach to the development of the policy settings and to the Data Sharing & Release Framework.
The purpose of the PIA is to assist in identifying and managing privacy issues that are raised by the proposed framework for the sharing and release of data that will be facilitated by the Data Sharing & Release Bill. The key proposals are:
- To enable a range of data sharing and data release activities for permitted purposes; and
- To create an effective governance framework for the proposed data sharing and the release of public sector data.
In September 2019 this PIA was publicly released with an accompanying discussion paper - all Galexia’s recommendations have been accepted.
The Privacy Impact Assessment and Discussion Paper are available from the following links:
- Minister for Government Services Media Release » [External link - 3 September 2019]
- National Data Commissioner - Embedding a privacy-by-design approach in how we develop legislation » [External link - 3 September 2019]
- Discussion Paper and Privacy Impact Assessment on Data Sharing and Release legislative reforms is open for public consultation until 15 October 2019 » [External link - 3 September 2019]
- View PIA and DPMC/ONDC response to recommendations » [Galexia - PDF]
Read more about Galexia’s work with the Department of Prime Minister & Cabinet »
Galexia providing privacy advice and an independent public Privacy Impact Assessment (PIA) on 2021 Census for ABS - August 2019
|
Galexia has been engaged by the Australian Bureau of Statistics (ABS) to provide independent privacy advisory services, including an Independent and Public Privacy Impact Assessment (PIA) examining the privacy considerations around the conduct of the 2021 Australian Census of Population and Housing.
The Privacy Impact Assessment will be publicly available in mid 2020.
ABS Media Release (23 August 2019) » [External Link]Read more about Galexia’s work with ABS »
Galexia completes privacy advice and an independent Privacy Impact Assessment (PIA) on the Naval Shipbuilding College Workforce Register - June 2019
|
During 2018/19, Galexia was engaged by to provide 2-stage privacy advice for the Naval Shipbuilding College (NSC) on the implementation of the Workforce Register - culminating in a Privacy Impact Assessment (PIA).
This project includes a cloud-based employment registry that is being developed and managed in collaboration with a series of third party providers. Galexia assessed compliance with national privacy laws in addition to compliance with a central contract and delivery through cloud platforms and application of best practice privacy governance.
The Workforce Register operates in the defence / national security sector, so the best practice management of privacy and security issues is considered to be a high priority. The NSC has commissioned this PIA as a proactive step in identifying privacy issues and strengthening privacy protections.
This PIA assessed the Workforce Register against the APPs in the Commonwealth Privacy Act (1988) and the Privacy (Australian Government Agencies — Governance) APP Code 2017.
The completion of this PIA included extensive engagement with the Workforce Register implementation team and their partners.
Go to the Naval Shipbuilding College website »
Galexia completes privacy advice and an independent PIA for Department of Prime Minister & Cabinet on the proposed Data Sharing & Release Bill and related regulatory framework - June 2019
|
In July 2018 Galexia was engaged to provide privacy advice and an independent and public Privacy Impact Assessment (PIA) on the proposed policy settings and related legislative reforms surrounding the Data Sharing & Release (DS&R) Framework.
The PIA was prepared prior to the finalisation of the Data Sharing & Release Bill and Galexia’s engagement process facilitated the Australian Government Department of the Prime Minister & Cabinet <www.pmc.gov.au> and Office of the National Data Commissioner (ONDC) <www.datacommissioner.gov.au> to adopt an iterative approach to the development of the policy settings and to the Data Sharing & Release Framework.
The purpose of the PIA is to assist in identifying and managing privacy issues that are raised by the proposed framework for the sharing and release of data that will be facilitated by the Data Sharing & Release Bill. The key proposals are:
- To enable a range of data sharing and data release activities for permitted purposes; and
- To create an effective governance framework for the proposed data sharing and the release of public sector data.
Galexia completed the PIA in mid 2019 and the Department of Prime Minister & Cabinet and Office of the National Data Commissioner will be making a public release soon after.
Read more about Galexia’s work with the Department of Prime Minister & Cabinet »
Galexia completes Privacy Impact Assessment (PIA) for Victorian Labour Hire Licensing Authority (LHLA) - June 2019
|
In August 2018, Galexia was engaged by Industrial Relations Victoria (IRV) - a division of Victorian Department of Premier & Cabinet (DPC).
Galexia conducted a 2-stage Privacy Impact Assessment (PIA) to assist in identifying and managing key privacy issues that are raised by the design and implementation of the Labour Hire Licensing ICT Solution and cloud-based online registry solution that is being operated by the Labour Hire Licensing Authority (LHLA).
The PIA was finalised in June 2019.
Read more about Galexia’s work with the Victorian Labour Hire Licensing Authority »
Galexia completes independent review of Consumer Data Standards - Security Profile (CDS-SP) and process on Open Banking for Data61 - 21 December 2018
|
Galexia completed an independent review of the Consumer Data Standards - Security Profile (CDS-SP) as at December 2018.
Galexia provided CSIRO / Data61 with independent advice and assistance as they worked towards industry consensus on the security profile for Open Banking. This is a key standard that will help to facilitate the implementation of the Consumer Data Right (CDR) in Australia.
Data61 has been appointed technical advisor to the Data Standards Body <https://consumerdatastandards.org.au> by the Australian Government, and is tasked with delivering open technical standards that empower consumers to share their data simply and safely with organisations of their choosing - starting in the banking sector.
Galexia’s provided independent advice identifying and articulating key information security implementation decisions within the design of technical standards.
Galexia also facilitated a working group to develop an information security profile that aligns with the Financial Grade API (FAPI) Working Group <https://openid.net/wg/fapi> Read/Write framework, using OAuth 2.0 and OpenID Connect protocols.
Read the report:
- Consumer Data Standards - Christmas 2018 Woking Draft » [External link]
- Independent review of Information Security Profile progress (Galexia) » [External link - PDF]
<https://consumerdatastandards.org.au>
Read more about Galexia’s work with DATA61 »
Digital Transformation Agency (DTA) releases 2nd Galexia Privacy Impact Assessment (PIA) on Digital Identity - 13 November 2018
|
On 13 November 2018, the Australian Government Digital Transformation Agency (DTA) released the second independent and public Privacy Impact Assessment (PIA) on the Trusted Digital Identity Framework (TDIF) and identity platform (GovPass).
Galexia completed the PIA as independent consultants to the agency. This second PIA was a subsequent stage of an independent and multi-phase PIA process.
This second assessment reviewed updated Framework documentation and the design of core system components. This second PIA made several new Recommendations and also provided an update on progress against the Recommendations contained in the first PIA.
The DTA published the PIA and their formal response in November 2018.
To accompany the PIA the DTA also issued an update on the overall progress of the project:
- Read the DTA blog post releasing the second PIA » [External Link - 13 November 2019]
- Download the PIA from the DTA website » [PDF - External Link]
- Download the PIA and DTA Response » [PDF - Galexia]
Read more about Galexia’s work with the Australian Government and DTA on identity »
Galexia completes Privacy Advice and 2-Stage Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on PageUp Services - November 2018
|
Galexia undertook a privacy review, developed initial issues guidance and then a subsequent independent Privacy Impact Assessment (PIA) considering the June 2018 PageUp data breach issue and provided broader advice on the potential use of additional PageUp services.
Whilst the PageUp data breach issue did not have a direct impact on TAC data, it was important to undertake an independent strategic review.
Read more about Galexia’s work with TAC »
Iterative privacy advice for Fair Work Commission (FWC) and independent PIA for eCASE - a new cloud-based case management platform - October 2018
|
Galexia has been selected by the Fair Work Commission (FWC) to provide iterative privacy advice to the implementation team and to conduct an independent Privacy Impact Assessment (PIA) examining the privacy considerations around the Commission’s introduction of a new cloud-based case management platform - eCASE.
Electronic case management is a fundamental business capability for the Fair Work Commission (FWC) - processing 35,000 cases per annum.
Read more about Galexia’s work with FWC »
Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on MyTAC enhancement - October 2018
|
Galexia provided an Independent Privacy Impact Assessment (PIA) for TAC on the design and proposed implementation of the Needs Identification Questionnaire via the MyTAC App and web portal.
This PIA examined issues around the cloud hosting services (Microsoft Azure), system design and the user interface.
Galexia’s advice examined compliance with Victorian privacy legislation, health privacy legislation and the Victorian Protective Data Security Framework.
Read more about Galexia’s work with TAC »
Galexia completes 2nd PIA and Privacy Checklist for the Victorian Transport Accident Commission (TAC) on cloud-based Data Analytics and Reporting (Phase 2 - Expanded Data Set) - October 2018
|
Galexia was engaged by Victorian Transport Accident Commission (TAC) to develop an independent Privacy Impact Assessment (PIA) - examining the privacy consideration of the complete data analytics program, examining privacy issues on the use of cloud hosting services (Microsoft Azure), system design (including the ‘Data Vault Model’), and the risk profile of the underlying information assets - building on the Data, Analytics and Reporting (DAR) Working Model PIA (July 2018).
This PIA was the second for the program and is intended to provide recommendations and identify the risks for the DAR Program as it progresses into the design phase. Subsequent assessments will then provide assurance that the design and built solution have taken into consideration the independent PIA recommendations.
Using the prior developed DAR PIAs (Phase 1 Working Model and then Phase 2 Expanded Data Set) as a baseline, Galexia developed a Data Release Privacy Checklist for the TAC Data, Analytics and Reporting (DAR) Program.
Galexia’s advice examined compliance with Victorian privacy legislation, health privacy legislation and the Victorian Protective Data Security Framework.
Read more about Galexia’s work with TAC »
Two-stage independent PIA for myGovID finalised - September 2018
|
In June 2018, Galexia was engaged to provide a 2-stage independent Privacy Impact Assessment (PIA) for the Australian Taxation Office (ATO) on the proposed development of myGovID.
The 2 stages included:
- The replacement of the AusKey credential with myGovID and then
- Privacy compliance with the Australian Government Trusted Digital Identity Framework (TDIF).
The purpose of this PIA was to assist in identifying and managing privacy issues that are raised by the proposed development of the MyGovID identity proofing and credential solution.
TDIF Accreditation
One important part of the PIA on MyGovID is that the ATO are seeking to have their identity solution accredited under the Trusted Digital Identity Framework (TDIF) developed by the Digital Transformation Agency (DTA) <https://www.dta.gov.au/our-projects/digital-identity/trusted-digital-identity-framework>.
The TDIF
enables the reuse of credentials and verified identity attributes provided by an Identity Provider across Relying Parties. The verified identity attributes support the registration of an individual at a Relying Party and the credentials enable ongoing access to the digital services provided by the Relying Party.
In August 2018, ATO accepted all of Galexia’s recommendations.
The PIA made a range of recommendations for mediating privacy risks, including changes to the project design, practical privacy compliance steps, consideration of biometrics and the use of the Australian Government Face Verification Service (FVS) and privacy governance arrangements.
Read more about Galexia’s work with ATO »
ABS accepts all recommendations in Galexia independent Privacy Impact Assessment (PIA) on National Health Survey (NHS) Linkage - 28 August 2018
|
Galexia has been engaged by the Australian Bureau of Statistics (ABS) to provide independent privacy advisory services.
Read more about Galexia’s work with ABS »
In April 2018, Galexia was engaged to provide an Independent Privacy Impact Assessment (PIA) to the Australian Bureau of Statistics (ABS) and Department of Health, examining the privacy considerations around the National Health Survey (NHS) Linkage Project.
In August 2018 this PIA was publicly released, and ABS has accepted all the recommendations.
The purpose of the PIA was to assist in identifying and managing privacy issues that are raised by the proposed integration of data between the 2014-15 NHS and MADIP (Multi-Agency Data Integration Project). While the NHS survey data was at a point in time (in this case collection took place between July 2014 and June 2015), MADIP data is longitudinal.
The key proposal was to:
1. Link the 2014-15 NHS data with a range of other data held in MADIP to facilitate research and statistical analysis; and
2. Ensure an effective governance framework for the proposed data integration (noting that NHS Linkage Governance will fall under MADIP Governance arrangements).
Galexia's advice included:
- Advising on the privacy issues associated with linking the 2014/15 NHS to the MADIP, including support for a targeted consultation process and conduct of an independent PIA.
- Identifying sub-populations for particular attention, and assess personal information and sensitive/less- sensitive variables;
- Providing general advice to inform the communication strategy for the project.
- Assisting ABS to apply learning from this process to inform its approach for future health surveys
In August 2018 this PIA was publicly released, and ABS has accepted all the recommendations.
- View PIA and ABS response » [Galexia - PDF]
- View ABS PIAs and responses » [External Link]
Read more about Galexia’s work with the ABS »
Galexia completes Privacy Impact Assessment (PIA) for Victorian Agency for Health Information (VAHI) - 28 August 2018
|
The Victorian Agency for Health Information (VAHI) was created in 2017 as part of Victorian Government reforms to overhaul quality and safety across Victoria’s healthcare system. VAHI functions independently to the Victorian Department of Health & Human Services.
In June 2018, Galexia was engaged by Victorian Agency for Health Information (VAHI)) to conduct and independent Privacy Impact Assessment (PIA) on the Victorian Health Incident Management System (VHIMS) Central Solution.
This PIA examined privacy issues in the phased roll-out of a new Incident Management System and associated infrastructure. Galexia’s advice examined compliance with Victorian privacy and health privacy legislation.
The PIA was finalised in August 2018.
Read more about Galexia’s work with VAHI »
Galexia completes initial Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on proposed cloud-based Data Analytics and Reporting Pilot - July 2018
|
Galexia has completed a Privacy Impact Assessment (PIA) for the Transport Accident Commission (TAC) on Phase 1 of their proposed Data Analytics and Reporting (DAR) Program. Phase 1 includes the development of a limited working model, based upon a slice of data.
The PIA considers privacy issues surrounding the proposed implementation of a new Data Analytics and Reporting (DAR) system based on cloud infrastructure. Galexia’s advice examines compliance with Victorian privacy and health privacy legislation.
The purpose of the PIA is to assist identifying and managing privacy issues that are raised by the design and proposed implementation of the DAR Program.
This initial PIA was limited to consideration of the first phase of the DAR Project, consisting of:
- 1. Establishing a Working Model for the DAR Project utilising a limited data set;
- 2. Working with sub-contractors and cloud service providers to develop the underlying infrastructure required for the DAR Program; and
- 3. Evaluating the Working Model before proceeding with the further development and implementation of the DAR Project across a broader set of data
Galexia’s advice examined compliance with Victorian privacy legislation, health privacy legislation and the Victorian Protective Data Security Framework.
Read more about Galexia’s work with TAC »
Galexia engaged by Department of Prime Minister & Cabinet to conduct an independent PIA on the proposed Data Sharing & Release Bill - 9 July 2018
|
On 5 July 2019, and following a competitive tender process, Galexia has been engaged by the Australian Government Department of Prime Minister & Cabinet (DPMC) to provide privacy advice on the proposed Data Sharing & Release Bill.
Read Minister Keenan’s media release (5 July 2019) announcing the reforms » [External link]
Read more about Galexia’s work with the Department of Prime Minister & Cabinet »
BSA & Galexia Global Cloud Computing Scorecard 2018 (Galexia Analytics Release) - May 2018
Galexia has released the 2018 Global Cloud Computing Scorecard micro-site. This version, on our website, of the 2018 Cloud Scorecard reflects the final and official version as published on the BSA | Software Alliance Scorecard micro-site with additional embedded analytics and visualisations from Galexia.
The 2018 release of the 4th in this series of ground breaking reports is a great time to take stock and look significant trends and patterns of global improvements over the past 6 years. We have included graphs, analysis and data not previously published.
BSA & Galexia Global Cloud Computing Scorecard (2018) - Galexia Analytics Release
Galexia Authors:
Chris Connolly
Peter van Dijk
2018
The 2018 BSA Global Cloud Computing Scorecard ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas.
The 2018 BSA Global Cloud Computing Scorecard — the newest version of the only global report to rank countries’ preparedness for the adoption and growth of cloud computing services — features an updated methodology to better reflect cloud computing’s exponential growth over the past five years, putting additional emphasis on policy areas, including privacy laws, cybersecurity laws, and broadband infrastructure. Most countries continue to make improvements, the study finds, but some markets are falling further behind.
By examining the legal and regulatory framework of 24 countries, the Scorecard aims to provide a platform for discussion between policymakers and cloud service providers. This dialogue can help develop an internationally harmonized regime of laws and regulations that facilitate cloud computing.
Browse Galexia report with additional analytics on a single page »
Or browse by section...
- Title page - start at the beginning
- 1. Overview
- 2. The 2018 Scorecard - Scores and Rankings
- 3. Executive Summary and Overall Findings (from the BSA Report)
- 4. BSA Cloud Policy Blueprint
- 5. Key Findings Across Themes (from the BSA Report)
- 6. Country Checklist on a page
- 7. Country Summaries (including historic scores and ranks)
- 2018 Rank 1. Germany - Score: 83.95 | Change from 2016 - Rank: +2
- 2018 Rank 2. Japan - Score: 82.09 | Change from 2016 - Rank: -1
- 2018 Rank 3. United States - Score: 82.04 | Change from 2016 - Rank: -1
- 2018 Rank 4. United Kingdom - Score: 81.84 | Change from 2016 - Rank: +5
- 2018 Rank 5. Australia - Score: 80.61 | Change from 2016 - Rank: +1
- 2018 Rank 6. Singapore - Score: 80.21 | Change from 2016 - Rank: +1
- 2018 Rank 7. Canada - Score: 79.98 | Change from 2016 - Rank: -3
- 2018 Rank 8. France - Score: 79.57 | Change from 2016 - Rank: -3
- 2018 Rank 9. Italy - Score: 79.02 | Change from 2016 - Rank: -1
- 2018 Rank 10. Spain - Score: 78.37 | Change from 2016 - Rank: +1
- 2018 Rank 11. Poland - Score: 76.99 | Change from 2016 - Rank: -1
- 2018 Rank 12. Korea - Score: 72.2 | Change from 2016 - Rank: same
- 2018 Rank 13. Mexico - Score: 60.61 | Change from 2016 - Rank: +2
- 2018 Rank 14. Malaysia - Score: 59.26 | Change from 2016 - Rank: -1
- 2018 Rank 15. South Africa - Score: 57.33 | Change from 2016 - Rank: -1
- 2018 Rank 16. Turkey - Score: 54.3 | Change from 2016 - Rank: +3
- 2018 Rank 17. Argentina - Score: 51.75 | Change from 2016 - Rank: -1
- 2018 Rank 18. Brazil - Score: 50.27 | Change from 2016 - Rank: +4
- 2018 Rank 19. Thailand - Score: 48.4 | Change from 2016 - Rank: +2
- 2018 Rank 20. India - Score: 48.39 | Change from 2016 - Rank: -2
- 2018 Rank 21. Russia - Score: 44.99 | Change from 2016 - Rank: -4
- 2018 Rank 22. China - Score: 43.71 | Change from 2016 - Rank: +1
- 2018 Rank 23. Indonesia - Score: 40.67 | Change from 2016 - Rank: -3
- 2018 Rank 24. Vietnam - Score: 36.36 | Change from 2016 - Rank: same
- 8. Themes and Criteria (updated for the 2018 Scorecard)
- 9. Scoring Methodology (updated for the 2018 Scorecard)
- 10. External links (all BSA scorecards and dashboards developed by Galexia)
Galexia has been working with The Software Alliance (BSA) since 2009 and has assisted in the development of an extensive body of cloud research, thought leadership and first to market analysis on key cloud issues.
Galexia has worked extensively with the Singapore, Washington and Brussels BSA offices and has engaged with BSA stakeholders in more than 20 countries.
Read more about our work with BSA »
About BSA
BSA | The Software Alliance (http://www.bsa.org) is the leading advocate for the global software industry before governments and in the international marketplace. Its members are among the world’s most innovative companies, creating software solutions that spark the economy and improve modern life.
With headquarters in Washington, DC, and operations in more than 60 countries, BSA pioneers compliance programs that promote legal software use and advocates for public policies that foster technology innovation and drive growth in the digital economy.
About Galexia
Galexia (http://www.galexia.com) is at the forefront of international research and advice in the areas of privacy, identity, cybersecurity and cloud — with a particular focus on global and cross-border legal and regulatory issues. The firm advises national governments, regional and global organizations (ASEAN and the United Nations), and the private sector (particularly ICT, health and financial services). The firm has expertise in the policy complexities that arise for countries and business addressing cross-border issues. Galexia publishes world-leading research publications, including the regular Cloud Scorecards, Cybersecurity Dashboards and reports on identity management, authentication, privacy and cyberlaws. The firm has specialist expertise in data governance, particularly the development and implementation of identity and authentication management systems, Privacy Impact Assessments and Cybersecurity strategies.
Galexia works closely with a range of international business and government clients to produce clear and effective outcomes from evidence-based research. The firm uses collaborative cloud-based reporting tools to provide real-time access to our research and analysis.
|
Galexia selected to provide independent and public Privacy Impact Assessment on National Health Survey (NHS) Linkage Project for ABS and Department of Health - April 2018
|
Galexia has been engaged by the ABS to provide independent privacy advisory services.
Read more about Galexia’s work with ABS »
On 21 April 2018, following a competitive tender process, Galexia was engaged to conduct an independent Privacy Impact Assessment (PIA) for the Australian Bureau of Statistics (ABS) and Department of Health, examining the privacy considerations around the National Health Survey (NHS) Linkage Project.
The purpose of the PIA is to assist in identifying and managing privacy issues that are raised by the proposed integration of data between the 2014-15 NHS and MADIP (Multi-Agency Data Integration Project). While NHS survey data was at a point in time (in this case collection took place between July 2014 and June 2015), MADIP data is longitudinal.
The key proposal was to:
- Link the 2014-15 NHS data with a range of other data held in MADIP to facilitate research and statistical analysis; and
- Ensure an effective governance framework for the proposed data integration (noting that NHS Linkage Governance will fall under MADIP Governance arrangements).
ABS accepts recommendations in Galexia Privacy Impact Assessment (PIA) on the Multi-Agency Data Interchange Project (MADIP) - April 2018
|
Galexia has been engaged by the ABS to provide independent privacy advisory services.
Read more about Galexia’s work with ABS »
On 4 April 2018 the Australian Bureau of Statistics (ABS) published an independent Privacy Impact Assessment (PIA) on the Multi-Agency Data Interchange Project (MADIP) completed by Galexia.
The ABS (and the 6 partner agencies in MADIP) accepted all 14 recommendations in the PIA.
Galexia was engaged by the ABS to provide independent advice on the large-scale data interchange between the ABS and other Government agencies. This PIA reflects a growing interest in ensuring that privacy and security concerns are addressed in the integration of data for research purposes.
The Multi-Agency Data Integration Project (MADIP) proposes to bring important national datasets together to explore how the Australian Government can make better use of existing public data for policy analysis, research, and statistical purposes.
There are six Commonwealth agencies working together on the MADIP:
- Australian Bureau of Statistics,
- Australian Taxation Office,
- Department of Education and Training,
- Department of Health,
- Department of Human Services, and
- Department of Social Services.
As part of the PIA process Galexia also consulted with the Department of Prime Minister & Cabinet (DPMC) and the Officer of the Australian Information Commissioner (OAIC).
In accepting the PIA recommendations, the ABS has agreed to boost openness, transparency and security arrangements for the project.
The PIA and the Government's response to the 14 recommendations are available at: http://www.abs.gov.au/websitedbs/D3310114.nsf/home/ABS+Privacy+Impact+Assessments
Read more about MADIP » [external link]
2018 Global Cloud Computing Readiness Scorecard released - 6 March 2018
|
Our latest research report has been released - The 2018 BSA Global Cloud Computing Scorecard (a joint research effort between BSA | The Software Alliance and Galexia) ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas. This is the 4th in an updating series - previous reports were released in 2012, 2014 and 2016.
The 2018 BSA Global Cloud Computing Scorecard — the newest version of the only global report to rank countries’ preparedness for the adoption and growth of cloud computing services — features an updated methodology to better reflect cloud computing’s exponential growth over the past five years, putting additional emphasis on policy areas, including privacy laws, cybersecurity laws, and broadband infrastructure. Most countries continue to make improvements, the study finds, but some markets are falling further behind.
By examining the legal and regulatory framework of 24 countries, the Scorecard aims to provide a platform for discussion between policymakers and cloud service providers. This dialogue can help develop an internationally harmonized regime of laws and regulations that facilitate cloud computing.
(BSA | The Software Alliance Global Media Release - 6 March 2018 - Washington) Report: Cloud-Enabling Policies Drive Economies, While Data Localization Requirements Hinder Growth WASHINGTON — March 6, 2018 — Cloud computing is becoming more and more integral to every nation’s economic growth. The increasingly adopted technology powers global businesses and helps governments better connect with their citizens on a daily basis. It follows, then, that countries with policies that promote cloud computing services will increase their productivity and advance their economy. The 2018 BSA Global Cloud Computing Scorecard - the newest version of the only global report to rank countries’ preparedness for the adoption and growth of cloud computing services - features an updated methodology to better reflect cloud computing’s exponential growth over the past five years, putting additional emphasis on policy areas, including privacy laws, cybersecurity laws, and broadband infrastructure. Most countries continue to make improvements, the study finds, but some markets are falling further behind. Germany scored the highest on the Scorecard - due to its national cybersecurity policies and promotion of free trade - followed closely by Japan and the United States. Bringing up the rear are a small group of nations that have failed to embrace the international approach: Russia, China, Indonesia, and Vietnam. In terms of overall ranking, the biggest improvers were the United Kingdom (moving up five places) and Brazil (moving up 4 places). The Scorecard’s key findings include:
By examining the legal and regulatory framework of 24 countries, the Scorecard aims to provide a platform for discussion between policymakers and cloud service providers. This dialogue can help develop an internationally harmonized regime of laws and regulations that facilitate cloud computing. “The Scorecard is a tool that can help countries constructively self-evaluate their policies and determine next steps to increase adoption of cloud computing,” said Victoria Espinel, President and CEO of BSA | The Software Alliance. “Cloud computing allows anyone to access technology previously available only to large organizations, paving the way for increased connectivity and innovation. Countries that embrace the free flow of data, implement cutting-edge cybersecurity solutions, protect intellectual property, and establish IT infrastructure will continue to reap the benefits of cloud computing for businesses and citizens alike.” The full, 24-country rankings and detailed findings are available at www.bsa.org/cloudscorecard. |
The BSA Global Cloud Scorecard analyzes the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.
The study includes a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.
Each country's score is computed using a 72-item scoring grid and analyses. The scores are derived using a weighted system that allocates different weights to each section/question. A number of basic fact-finding questions are excluded from the scoring system. Each group of questions is weighted to reflect its importance to cloud computing and each individual question is also weighted to reflect its importance within the group. To help with the scoring and usability of the study, the assessments are based on a series of questions that are framed so that a "yes" response reflects a favorable policy setting for global cloud computing. The weights are shown in the table below and the results are available in the downloadable report.
Download the 2018 Scorecard and 24 Country Reports
- Galexia micro-site with additional analytics » (released May 2018)
- BSA Global Cloud Computing Score Card (2018) micro-site (external site)
Putting data governance and privacy top of Australian Government Agencies Agenda (KWM Insight) - 6 November 2017
|
The following King & Wood Mallesons (KWM) News Insight is reproduced with permission.
View article at KWM » [external site]
Overview
The Australian Government’s open data and digital agenda has sparked renewed debate around privacy, governance and security. As Australia moves towards an open data regime, the Office of the Australian Information Commissioner (OAIC) has flagged the importance of taking an approach that supports ‘privacy by design’.
In this context, on 27 October 2017, the OAIC registered a new APP Code - the Privacy (Australian Government Agencies - Governance) APP Code 2017 (Code) <https://www.oaic.gov.au/privacy-law/privacy-registers/privacy-codes/privacy-australian-government-agencies-governance-app-code-2017>. From 1 July 2018, all agencies will be required to comply with the Code. The Code imposes a host of new obligations on agencies with respect to privacy management and governance. Significantly, the Code mandates the conduct of a Privacy Impact Assessment for all ‘high privacy risk projects’.
It is therefore critical that you understand your new obligations under the Code and that you get your data house in order ahead of July next year. Read on to find out how the Code will affect you.
Background
The Australian Privacy Principles (APP 1.2) require agencies to take reasonable steps to implement practices, procedures and systems to ensure compliance with both the APPs and any binding registered APP code. Earlier this year, the OAIC released a draft version of the Code for consultation, noting that the application of a uniform privacy standard across the APS would be critical to ensuring community buy-in for government data sharing activities.
Relevantly, the Code applies to all Departments and incorporated or unincorporated bodies established for a public purpose by or under Commonwealth law (as well as other bodies listed in section 6 of the Privacy Act 1988 (Cth)). The Code is likely to have significant implications for agencies undertaking data sharing and release activities. This is the case even if agencies are already undertaking to comply with guidance such as the OAIC’s Privacy Management Framework and De-identification Decision-Making Framework. Read more »
Mandated Privacy Impact Assessments (PIAs)
As noted above, the Code mandates the conduct of a PIA for all ‘high privacy risk projects’. However, the concept of a ‘high privacy risk project’ is sufficiently broad as to capture most (if not all) data sharing and release activities.
A project will be a ‘high privacy risk project’ if an agency reasonably considers that the project involves new or changed ways of handling personal information - where that is likely to have a significant impact on the privacy of individuals. Given that most datasets comprise at least some personal information, there is a high likelihood that any data sharing, release or use initiatives will meet this threshold criteria, including where data has been inadequately de-identified. This applies even if you are de-identifying data for public or limited release - in those circumstances a PIA must be conducted to probe the integrity of the de-identification methodology applied to a particular dataset. Indeed, a release of personal data that has been de-identified will in almost every circumstance constitute a very high risk privacy project. As fast as de-identification techniques are created - techniques to re-identify that data are only a few steps behind.
The characteristics of a PIA should be scalable, to reflect the complexity and size of the project. A PIA will typically require expert examination of public policy and perception issues, relevant laws and legal ramifications, technical issues, and practical and pragmatic recommendations for action and management. Larger PIAs may also require stakeholder engagement and best practice advice around governance and monitoring.
What should you be doing? Agencies should review the types of data-related activities they currently undertake (and will undertake in future) and consider whether a PIA will be required for those activities. For example, moving to the cloud, data sharing and the creation of new platforms to manage applications or processes are all likely to be ‘high privacy risk projects’ for the purposes of the Code.
Privacy management and governance
A key feature of the Code is a requirement for agencies to have a privacy management plan and to designate Privacy Officers and a Privacy Champion as part of an agency’s privacy management and governance framework.
The OAIC has previously prepared guidance on how to prepare a privacy management plan. However, the OAIC is now in the process of developing a privacy management plan template and a privacy self-assessment tool to assist agencies to assess their current privacy practices.
Agencies must also ensure that they formally designate persons as the Privacy Officer and Privacy Champion by reference to a position or role within the relevant agency. The Privacy Officer is the first point of contact for privacy matters within an agency and is responsible for ensuring day-to-day operational privacy activities are undertaken. A Privacy Champion is to be a senior official within an agency who is responsible for leadership activities and engagement that require broader strategic oversight. It is important to note that the Code permits agencies to designate officers as Privacy Officers by reference to a position or role in another agency (and there may be more than one Privacy Officer).
Privacy Capability
Other requirements in the Code are designed to build internal privacy capability within agencies. Agencies must regularly review and update their privacy practices, procedures and systems to ensure they are appropriate and current. This is particularly important in the face of technological advances and shifting policy. In particular, de-identification methodologies require constant monitoring, to ensure that historical processes are updated if no longer technically adequate.
Agencies must also provide annual privacy education / training for all staff who access personal information in the course of their employment. Similar training must also be provided to all new starters within an agency.
Next steps
The requirements in the Code are geared towards ensuring agencies comply with their obligations under the Privacy Act, namely to take reasonable steps to implement practices, procedures and systems that ensure compliance with the Australian Privacy Principles when handling personal information. It is also a timely reminder for agencies to start preparing for Australia’s new open data regime. If you have any questions about the Code or what action you can be taking to get your data house in order, please get in touch.
View article at KWM » [external site]
King & Wood Mallesons (KWM) and Galexia bring together a multi-disciplinary data governance practice to give clients a joint service offering that covers the legal and privacy aspects of cloud platforms, data sharing and use, data linkage and digital identity.
This collaboration gives clients access to a leading provider of Privacy Impact Assessments (PIAs) and privacy management strategies, as well as market-leading strategic advice and legal expertise in respect of data and privacy.
Our services are designed to give clients confidence to engage with the new open data economy.
Read more about Galexia’s collaboration with KWM »
Galexia assisted The University of Sydney on an Identity and Access Management Strategy - October 2017
|
The Galexia team has a long track record in providing IdAM health checks, reviews, strategies and roadmaps to large scale clients.
Galexia was successful in a competitive tender and has assisted The University of Sydney with an Identity and Access Management (IdAM) Strategy and Roadmap based on Galexia's proven IdAM methodology.
The IdAM Strategy includes:
- Current State, Issues and Impacts
- Policy, Oversight, Delivery Model, Operations and Communication
- User Experience
- Identity Types and Lifecycles
- Access Management, Privileged Access Management, Entitlements Management, Credential Management, Federation
- Directory Services
- Identity Platform
- Key Trends
- Vision
- Enhanced Capabilities and Benefits
- Gap Analysis
- IdAM Program
- Reference Architecture
- Governance Structure
- Policy, Standards and Procedures
- Teams and Functions
- Roles and Responsibilities
- Communication
The IdAM Roadmap includes:
- Target State Capabilities and Maturity
- Streams and Activities
- Dependencies
- Timeline
- Governance Structure
- Best Practices
More information about Galexia’s Identity and Access Management (IdAM) Guiding Principles
Galexia’s methodology includes 6 IdAM best practice principles that should be applied to programs of work, activities and individual projects.
IdAM Guiding Principle |
Example application (and this will vary on a case-by-case basis) |
|
1. Common Governance |
Provide central control while also supporting the flexibility of autonomous execution across various business functions. Align IdAM projects with key initiatives to maximise business impact. |
|
2. Invest in Standard Solutions |
Invest in commercially available products when possible and deploy with minimal customisation. Reduce or eliminate the development of in-house solutions/tools which can be costly to maintain and difficult to integrate. |
|
3. Reuse, Replicate, Standardise |
Where possible, centralise IdAM process execution, reuse existing technologies, replicate proven processes, standardise technologies and architectural patterns. |
|
4. Automate |
Where possible, provide process automation and/or system driven execution. Streamline provisioning processes. Establish workflows and accountability matrices for sustainability. |
|
5. Enable |
Enable the business by investing in people, training and communication as an integral component of execution. IdAM processes and solutions are operationalised across the organisation for sustainability. |
|
6. Measure |
Measure and monitor the IdAM program at various levels, considering the customer, key performance indicators, key risk indicators, compliance, and adherence to service expectations. |
Legal and Ethical Challenges for Driverless Cars and Smart Roads - 20 October 2017
|
Galexia Director Chris Connolly gave a presentation on legal and ethical issues in driverless cars at the Bath Digital Festival (UK) on 20 October 2017.
The session - Self-Driving Cars, The Future is Now! - consisted of a series of TED Style talks at the University of Bath Innovation Centre.
Other panel members included:
- Councillor Mark Shelford, Bath & North East Somerset Council
- Andrew Hawthorn, Deputy Head of Engineering, Altran
- Dr Miriam Ricci, Senior Research Fellow, Centre for Transport and Society
Legal and Ethical Challenges for Driverless Cars and Smart Roads
Chris discussed the legal and ethical challenges in the development of driverless cars and smart roads and examined the role of artificial intelligence (AI) in the driverless car environment.
There is long history of the law failing to 'keep up' with developments in technology, and driverless cars are no exception.
Galexia’s top 6 legal and ethical challenges for driverless cars and smart roads:
- 1. Privacy
- 2. Safety and Selection
- 3. Liability
- 4. Cultural Differences
- 5. Traffic Priorities
- 6. Trust
View the presentation slides »
New De-Identification Decision-Making Framework released - October 2017
|
The Office of the Australian Information Commissioner (OAIC) and CSIRO’s Data61 have released a guide to assist organisations to de-identify their data effectively, titled the De-Identification Decision-Making Framework (DDF).
The Guide considers a range of factors, from ethical and legal obligations to technical data questions. The Guide integrates the different perspectives on the topic of de-identification into a single, comprehensible framework.
One of the lead authors of the guide is Dr Christine O’Keefe - Research Scientist at Data61. Galexia has collaborated with Dr O'Keefe for many years and CSIRO are a key Galexia client/partner. The new report references a joint publication by Dr Christine O'Keefe and Galexia Director Chris Connolly:
- O'KEEFE C.M. & CONNOLLY, C. (2010) Privacy and the use of health data for research; Med J Australia 193 (2010), pp 537-541, Read more »
Find out more and download the guide from Data 61/CSIRO » [external link]
Australian Open Banking Review to consider digital identity issues - October 2017
|
The Australian Open Banking Review commissioned by Treasury has been given broad terms of reference and has expressed an interest in the role of digital identity credentials in the implementation of open banking.
Galexia team members held a bilateral meeting with the head of the Review - Scott Farrell - and members of the Review Secretariat, to share insights into the implementation of open banking initiatives worldwide, and the overlaps between open banking and digital identity.
The Review’s mandate is to make recommendations to the Treasurer on:
- the most appropriate model for Open Banking in Australia
- a regulatory framework under which an Open Banking regime should operate, and
- a roadmap and timetable for its implementation.
The terms of reference, issues paper and submissions are available at https://treasury.gov.au/review/review-into-open-banking-in-australia/
King & Wood Mallesons (KWM) and Galexia collaborating on Data Governance Advisory Services - October 2017
|
KWM and Galexia bring together a multi-disciplinary data governance practice to give clients a joint service offering that covers the legal and privacy aspects of cloud platforms, data sharing and use, data linkage and digital identity.
This collaboration gives clients access to a leading provider of Privacy Impact Assessments (PIAs) and privacy management strategies, as well as market-leading strategic advice and legal expertise in respect of data and privacy.
Our services are designed to give clients confidence to engage with the new open data economy.
Read more about Galexia’s collaboration with KWM »
Galexia undertakes Review and Briefing on Identity Management and Customer Initiated Data Sharing for Regional Australia Bank - September 2017
|
The Regional Australia Bank approached Galexia (as independent IAM and privacy consultants) to consider options, issues and trends surrounding Regional Australia Bank (RAB) providing customers with an enhanced Identity and Access Management (IAM) platform that incorporates Customer Initiated Data Sharing with selected third parties.
This included a consideration of technical standards to API Authorisation (and Authentication) and financial sector APIs.
Galexia reviewed both local and international regulatory and policy landscape, including:
- Financial System Inquiry (The Murray Report), 2015
- New Payment Platform (NPP) 2017-2018
- The NPP includes an optional identity component (or overlay) known as PayID
- Australian Government Digital Transformation Agency (DTA)
- Trusted Digital Identity Framework (2016-2017)
- Australian Government Productivity Commission
- Inquiry on Data Availability and Use (8 May 2017)
- Australian Government Department of Prime Minister & Cabinet (DPMC
- Parliament of Australia, House of Representatives Standing Committee
- Review of the Four Major Banks (Second Report) (21 April 2017)
- Data 61
- Blockchain Reports (8 June 2017)
- Australian Government Treasury
- Review of Open Banking in Australia (August 2017)
- Australia Post
- Digital iD (2017)
- UK Competition and Market Authority (CMA)
- www.openbanking.org.uk
Read more about Galexia’s work with RAB »
Galexia completes Privacy Impact Assessment (PIA) for the Australian Health Practitioner Regulation Authority (AHPRA) on Cloud Hosted Platforms - August 2017
|
Galexia was engaged through a competitive tendering process by the Australian Health Practitioner Regulatory Agency to provide independent privacy advice on proposals to migrate significant data assets and processes to a variety of cloud computing platforms.
Galexia completed an initial Privacy Impact Assessment (PIA) on the proposed use of cloud-hosted platforms by the Australian Health Practitioner Regulation Agency (AHPRA).
The purpose of the PIA was to assist in identifying and managing privacy issues raised by the proposed migration of services to cloud computing. It provided a baseline privacy assessment for cloud platforms and API tools and also provided a modular PIA checklist tool for subsequent initiatives.
Read more about Galexia’s work with AHPRA »
Galexia on panel at ForgeRock Identity Summit - The evolving role of privacy in digital transformation - 15 August 2017
|
Galexia Managing Director, Peter van Dijk, participated in a panel at ForgeRock Identity Live in Sydney on 15 August 2017.
Panel Discussion: The Evolving Role of Privacy In Digital Transformation
In this panel industry experts will share insights to tackle the privacy concerns impacting organisations and governments en route to digital transformation. Each panellist brings a different perspective on:
- How regulations (such as GDPR and The Privacy Act) impact digital transformation adoption
- Empowering end-users with rich consent and privacy capabilities
- Ensuring privacy and security for IoT and connected devices
Host:
- Mike Ellis, Chief Executive Officer, ForgeRock
Panellists:
- Victoria Richardson, Chief Strategy Officer, Australian Payments Network
- Richard Addiscott, Director, IT Planning, Governance & Security, Curtin University
- Marta Ganko, Director, Privacy and Data Protection Lead, Cyber Risk Services, Deloitte
- Peter van Dijk, Managing Director, Galexia
Find out more about ForgeRock Identity Summits » [external link]
Galexia providing independent privacy advisory services to Australian Bureau of Statistics (ABS) - August 2017
|
Galexia has been engaged by the Australian Bureau of Statistics (ABS) to provide independent privacy advisory services
Read more about Galexia’s work with ABS »
Following a competitive tender, from August 2017, Galexia has been engaged by the Australian Bureau of Statistics (ABS) to conduct an independent Privacy Impact Assessment (PIA) on the Multi-Agency Data Interchange Project (MADIP).
Galexia has been engaged by the ABS to provide independent advice on the large-scale data interchange between the ABS and other Government agencies. This PIA reflects a growing interest in ensuring that privacy and security concerns are addressed in the integration of data for research purposes.
The Multi-Agency Data Integration Project (MADIP) proposes to bring important national datasets together to explore how the Australian Government can make better use of existing public data for policy analysis, research, and statistical purposes.
There are six Commonwealth agencies working together on the MADIP:
- Australian Bureau of Statistics,
- Australian Taxation Office,
- Department of Education and Training,
- Department of Health,
- Department of Human Services, and
- Department of Social Services.
Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Point of Sale (PoS) Online Service - June 2017
|
Galexia completed a Privacy Impact Assessment (PIA) for the Transport Accident Commission (TAC) on the proposal to develop and implement a Point of Sale (POS) application using Lantern Pay <http://www.lanternpay.com> (in association with Westpac). The application will be hosted, in part, on a cloud-computing platform.
The purpose of the PIA was to assist in identifying and managing privacy issues raised by the design and proposed implementation of the Point of Sale (POS) application - the Lantern Pay service.
The PIA considered compliance with privacy legislation, user acceptance and public perception issues. The PIA made a broad range of recommendations for mediating privacy risks, including changes to the design, practical privacy compliance steps, further research and privacy governance arrangements.
Read more about Galexia’s work with TAC »
Galexia director speaks at Conference on Digital Economy, Trade and Development (Stockholm) - 21 June 2017
|
Galexia director, Chris Connolly, presented at the Conference on Digital Economy, Trade and Development in Stockholm on 21 June 2017.
The seminar was co-hosted by The Swedish Ministry of Foreign Affairs, UNCTAD, and the National Board of Trade.
The event addressed a number of issues:
- What are the development implications of the digital economy?
- How can we bridge the e-commerce divide?
- How should cross-border data flows best be regulated?
The event examined the implications of digitalisation and e-commerce for trade and development. Its fast expansion has led to a division between and within countries where online access has become crucial for the visibility of businesses and economies.
Chris Connolly presented on data protection and sustainability, with a focus on the findings of the report for the United Nations Conference on Trade and Development (UNCTAD)
Session: Data flows, trade and regulations
- Magnus Rentzhog, Senior Adviser, National Board of Trade
- Hanne Melin, Director, eBay Public Policy Lab
- Harsha Liyanage, CEO and Co-Founder at Grasshoppers.lk, Sri Lanka
- Chris Connolly, Director, Galexia
- Christophe Kiener, Head of Unit, Trade in Services, DG Trade, EU Commission
- Moderator: Hosuk Lee Makiyama, Director, ECIPE
|
Galexia Associate publishes new book on privacy law in Singapore - June 2017
|
Galexia Associate Yee Fen (Hannah) Lim has published a new book on privacy law in Singapore - Data Protection in the Practical Context - Strategies and Techniques (June 2017).
The book provides a detailed study of the law, practice and policy of personal data protection law in Singapore. As the EU General Data Protection Regulation (GDPR) that was adopted in April 2016 included provisions implementing a formidable extended jurisdictional reach, this book also provides practical coverage of the GDPR and gives clarity to the key provisions. The book includes an extensive exposition on Big Data and the Internet of Things and their inter-relationship with cybersecurity.
Contents:
- Chapter 1 The Context of Protecting Personal Data
- Chapter 2 The Practical and Conceptual Framework
- Chapter 3 The Concept of Personal Data
- Chapter 4 Notification Obligation
- Chapter 5 Consent Obligation
- Chapter 6 Purpose Limitation Obligation
- Chapter 7 Data Protection by Design and Default
- Chapter 8 Access and Correction Obligations
- Chapter 9 Care of Personal Data
- Chapter 10 Transfer Limitation Obligation
- Chapter 11 Other Notable Provisions in the European Union
- Chapter 12 Looking Ahead
The book is available from: https://www.sal-e.org.sg/data-protection-in-the-practical-context-strategies-and-techniques
Read more about Professor Lim >
Galexia completes Privacy Impact Assessment (PIA) for the Victorian Transport Accident Commission (TAC) on Phase 1 of Online Client Service - April 2017
|
Galexia was successful in a competitive tender to undertake a PIA examining privacy issues arising from the design and implementation of a new Online Client Service (including an online portal for self-managing clients and a mobile app).
Galexia’s advice covered compliance with Victorian privacy and health privacy legislation, and advice on best practice in moving existing processes to a cloud based service. The PIA was completed in April 2017 and included
- Galexia PIA Matrix (Victoria)
- ‘Urgent Issues’ guidance in the first 2 weeks of the engagement - ensuring a no surprises approach and working closely with multi-disciplinary and agile teams.
- 3 staged briefing notes and vendor and internal team updates incorporated into an agile delivery process.
- Draft and Final PIAs
- Follow briefing to executive and privacy teams
Read more about Galexia’s work with TAC »
Digital Transformation Agency (DTA) releases 1st Galexia Privacy Impact Assessment (PIA) on Digital Identity - 17 March 2017
|
On 17 March 2017 the Australian government Digital Transformation Agency (DTA) released the initial Privacy Impact Assessment (PIA) on the proposed Trusted Digital Identity Framework (TDIF) and identity platform. Galexia completed the PIA as independent consultants to the agency.
The TDIF and platform are designed to support a federated digital identity system.
The initial PIA examined impacts based on the draft framework and platform architecture as at the completion of the Alpha phase of the Digital Identity Initiative, as defined by the Digital Service Standard.
This PIA included extensive analysis of the role of the States and Territories and the application of local privacy legislation, including key differences between Commonwealth privacy legislation and local privacy legislation.
This initial PIA is the first stage of an independent and multi-phase PIA process.
To accompany the PIA the DTA also issued an update on the overall progress of the project.
• Read the blog post about GovPASS on the DTA website » [External link - 17 March 2017]
Download the PIA from the DTA website » [External link - PDF]
Download the PIA » [PDF - Galexia]
Read more about Galexia’s work with the Australian Government and DTA on identity »
Austroads publishes the first Privacy Impact Assessment (PIA) on data messages for connected cars in Australia - March 2017
|
Austroads has released a Privacy Impact Assessment (PIA) developed by Galexia on the hot topic of smart roads and driverless cars.
Galexia provided independent privacy advice on the data messages that be wirelessly broadcast and received by vehicles and roadside units in the deployment of Cooperative Intelligent Transport Systems (C-ITS) in Australia. This is a vital part of the infrastructure required to enable automated or 'driverless' car technology to be deployed safely. Read more »
The PIA considered compliance with privacy and security legislation, standards and international developments in this fast moving sector.
More Information:
- Title: Privacy Impact Assessment (PIA) for Cooperative Intelligent Transport System (C-ITS) data messages
- Abstract: This document provides a high level Privacy Impact Assessment for the Cooperative Intelligent Transport System (C-ITS) data messaging system.
- Keywords: Cooperative Intelligent Transport System, C-ITS, privacy, personal information, cooperative awareness message, de-centralised event notification message, legislation
- Austroads Project No. NT1785?
- Austroads Publication No. AP-C100-17?
- Publication date: March 2017 (Prepared August 2016) Pages 46
- Copyright: Austroads and Galexia 2017
- Download: <https://austroads.com.au/publications/traffic-management/ap-c100-17>
Galexia has a long history of providing advice on privacy issues related to driver and vehicle licensing and transport platforms. Galexia continues to provide independent privacy advice on a range of new and innovative technologies.
Austroads is the peak organisation of Australasian road transport and traffic agencies. Read more about Galexia’s work with Austroads »
New Global Cloud Computing Readiness Scorecard being developed - February 2017
|
Galexia is working with BSA | The Software Alliance on a significant ‘reboot’ of the Global Cloud Readiness Scorecard for 2017, implementing additional and revised criteria and scoring methodology.
The 2017 report will deliver fresh data and results. The new Scorecard benefits from lessons learned and insights developed in the 2012, 2013 and 2016 scorecards and country reports. The scorecard will also benefit from the lessons and successes of the APAC and EU CyberSecurity Dashboards.
The new scorecard will be released in mid-2017.
The Galexia / BSA Global Cloud Scorecard will analyse the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.
The study will include a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.
Galexia presenting at CPDP2017 (The Age of Intelligent Machines) Computers, Privacy & Data Protection 10th International Conference, Brussels - 25 January 2017
|
Galexia Director Chris Connolly will be presenting at CDPD2017 - The Age of the Intelligent Machine at the 10th International Computers, Privacy & Data Protection (CPDP) International Conference in Brussels on 25 January 2017.
CPDP (now in its 10th year) is one of the largest gatherings of privacy experts in the world. More information about the conference is available at: <http://www.cpdpconferences.org>
|
Chris will be speaking on the topic of international data transfers as part of an expert panel considering Legal challenges to the international transfer of data: Privacy Shield and standard contractual clauses (SCCs):
- Chair: Bruno Gencarelli, DG JUST (EU)
- Moderator: Guido Lobrano, Business Europe (EU)
- Panel:
- Thomas Boué, BSA (US)
- Chris Connolly, Galexia (International)
- Fanny Hidvegi, AccessNow (International)
- Christopher Kuner, Brussels Privacy Hub (BE)
- Theme: The panel will focus on the recent legal challenges to data transfers from Europe to the rest of the world: from the Schrems II case on the use of Standard Contractual Clauses to the recent formal complaints against Privacy Shield seeking to annul the European Commission implementing decision, and what these could entail for global data transfer mechanisms. After a brief explanation of the various challenges and the transfer tools put into question, we will focus on the implications that these challenges may have if they were to succeed. This panel will allow for a timely and very topical discussion on a series of ongoing legal developments that may have a profound impact on the future of the Europe and its economy.
The Panel will ask:
- What is at stake with regard to the legal challenges to data transfers from Europe today??
- Why is Privacy Shield qualitatively different from Safe Harbor??
- Are Standard Contractual Clauses (SCCs) and Privacy Shield comparable??
- If both the use of SCCs and Privacy Shield are annulled, what then??
More information about this stream: <http://www.cpdpconferences.org/25012017/cave.html>
The Panel is organised by BSA | The Software Alliance. Read more about Galexia’s work with BSA »
More information about the conference is available at: <http://www.cpdpconferences.org>
[Download presentation slides (PDF) »]
Galexia completes initial Privacy Impact Assessment (PIA) for the Australian Government Digital Transformation Agency (DTA) on the proposed Trusted Digital Identity Framework (TDIF) - December 2016
|
In December 2016 Galexia completed an initial Privacy Impact Assessment (PIA) on the proposed Trusted Digital Identity Framework (TDIF) and identity platform being developed by the Australian Government Digital Transformation Agency (DTA).
The TDIF and platform will support a federated digital identity system.
The initial PIA will determine impacts based on the draft framework and platform architecture as at the completion of the Alpha phase of the Digital Identity Initiative, as defined by the Digital Service Standard.
This PIA is the first stage of an independent and multi-phase PIA process.
On 17 March 2017, the DTA has published this PIA. Read more »
Read more about Galexia’s work with the Australian Government and DTA on identity »
Galexia presenting at the Annual European Data Protection and Privacy Conference, Brussels - 1 December 2016
|
Galexia Director Chris Connolly will be presenting at the 7th Annual European Data Protection and Privacy Conference in Brussels on 1 December 2016. This event has become the principal annual data protection and privacy conference held in Brussels, gathering over 350 cross-sector delegates.
The 2016 conference will particularly focus on the implementation of the GDPR rules, on the implications of the Privacy Shield agreement and will discuss the e-Privacy directive review. It will provide an opportunity for both the policymakers and stakeholders involved in this area to engage in an interactive debate discussing issues related to the future of Data Protection and Privacy in Europe, and what the new framework will mean for the creation of a successful Digital Single Market.
Chris will be chairing a panel of global experts on:
|
More information about the conference is available at: <http://www.eu-ems.com/summary.asp?event_id=3307&page_id=7895>
Galexia Micro-site on the 2016 Global Cloud Computing Scorecard with analytics and graphs on trends since 2012 - December 2016
|
Galexia Global Cloud Computing Readiness Scorecard (2016) Micro-site » - Access the 2016 Scorecard, Dashboard and 24 country report, as well as analytics and graphs showing transition and trends in overall scores across themes and 24 countries (from 2012 to 2016)
In April 2016 the a major update to our cloud readiness research series was released - The 2016 BSA Global Cloud Computing Readiness Scorecard (a joint research effort between BSA | The Software Alliance and Galexia) ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas. Previous reports were released in 2012 and 2013 and this is a major update.
Our micro-site of the 2016 Cloud Scorecard reflects the final and official version as published on the BSA | Software Alliance Scorecard micro-site - with additional embedded analytics and visualisations from Galexia. The release of the 3rd in this series of ground breaking reports is a great time to take stock and look at what we think are the fascinating and significant trends and patterns of global improvements (and backward steps) over the past 4 years (from 2012 to 2016). We have included graphs, analysis and data not previously published.
How does the scorecard and report series work?
There are number of components that go into building up the Cloud Readiness Scorecard & 24 Country Reports
- Consistent themes, criteria and scoring methodology across all reports from 2012
- 24 country reports
- Country checklist on a page - it is worth obtaining the BSA hard copy version of the report which has an double A4 foldout presenting a useful checklists across 24 countries
- Country summaries
- Theme summaries
- Consistent scoring across 46 criteria
- Overall Score and Rankings
- Detailed change tracking, identifying trends and rates of improvement
How much change has there been from 2012 to 2016?
Changes in the 2016 report - from 2013 |
Changes in the 2013 report - from 2012 |
Updates across 24 countries and 66 criteria, including:
Tracks change in score and rank from 2013 Full scorecard report translated into 3 languages (Korean, Spanish & Thai) Country reports translated into 7 languages (Argentina, China, Germany, Korea, Japan, Mexico & Thailand) Includes 2 new case studies |
Updates across 24 countries and 66 criteria, including:
Tracks change in score and rank from 2012 Includes 3 new case studies |
Summary of Scores and Ranks for 2016
The 2016 BSA Global Cloud Computing Scorecard ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas.
This year’s results reveal that almost all countries have made healthy improvements in their policy environments since the release of BSA’s previous Scorecard in 2013. But the stratification between high-, middle- and lower-achieving country groups has widened, with the middle-ranking countries stagnating even as the high achievers continue to refine their policy environments.
Scores and Rank and how this has changed from 2012 to 2016
The following visualisations show the transition and trends in the overall scores, theme scoring components and rank changes (from 2012 to 2016):
Galexia Global Cloud Computing Readiness Scorecard (2016) Micro-site » - Access the 2016 Scorecard, Dashboard and 24 country report, as well as analytics and graphs showing transition and trends in overall scores across themes and 24 countries (from 2012 to 2016)
Article in Data Protection Leader - Regulators fight back against privacy fraud - November 2016
|
Data Protection Leader, Volume 13, Issue 11 (November 2016) - Regulators fight back against privacy fraud
Chris Connolly, Director at Galexia, summarises the key lessons to be learnt from recent enforcement action involving ‘privacy fraud.’
Privacy fraud has traditionally been viewed as a niche issue, but in recent years it has emerged as a mainstream privacy compliance matter, and now attracts significant attention from data protection regulators. It typically occurs where a company claims it belongs to a specific privacy compliance?scheme or that it has been certified?in a privacy trustmark scheme. The?claim is designed to assure consumers that it meets a high level for privacy assurance, or that its practices have been assessed and certified by a?trusted third party. In a growing number of instances, these claims are false.?Data protection experts have been aware of this problem for many years. Consumer protection regulators, trust- mark operators and consumer advocates spend a significant amount of time and resources contacting companies and asking them to remove false claims. Consumer protection regulators (including some data protection regulators) can threaten to use their legal powers in relation to ‘misleading and deceptive’ conduct. Trustmark operators can threaten to use their trademark protection powers to seek the removal of false claims. Consumer advocates?can threaten to refer the company to?the relevant regulator or to the media.
The vast majority of this work takes place ‘behind the scenes’ and it is?only in recent years that formal, public enforcement action has been taken on privacy fraud. Since 2009, there have been 39 public enforcement actions related to privacy fraud, with the bulk of them occurring in the last three years.
...
Read the complete article » - including
- The Ashley Madison case - Privacy fraud may be so significant that it invalidates consent?
- False Safe Harbor claims - Privacy fraud may occur where a?false claim is the result of ‘lapsed’ membership of a privacy scheme (various Safe Harbor cases 2009-2015);
- Trustmark scheme false claims - Privacy fraud may extend to the privacy trustmarks schemes themselves (TRUSTe 2015);
- APEC CBPRs false claims - Privacy fraud may occur where?a company falsely claims it is a member of a scheme it has never applied to join (some Safe Harbor cases in 2009 and 2015, and the APEC CBPRs cases 2016);
Read Volume 13, Issue 11 (November 2016) »
Galexia completes Privacy Impact Assessment (PIA) for the Australian Government Attorney General’s Department (AGD) on Change of Name Data Sharing - October 2016
|
Galexia was engaged by the National Security Policy Branch of the Australian Government Attorney General’s Department to conduct an independent Privacy Impact Assessment (PIA) on proposals to allow change of name data to be shared across multiple Commonwealth, State and Territory agencies.
This PIA includes consideration of legislative requirements, identity verification protocols, national security considerations and community privacy perceptions.
Stakeholders included the National Security Policy Branch (Attorney General’s Department), Department of Immigration and Border Protection and all of the state Births Deaths and Marriages Registries.
The broad purpose of this PIA was to assist in the development of ongoing data sharing arrangements regarding formal change of name information between State and Territory Registries of Births Deaths and Marriages (BDMs), and the Australian Government Department of Immigration and Border protection (DIBP).
The Martin Place Siege: Joint Commonwealth - New South Wales Review <https://www.dpmc.gov.au/resource-centre/national-security/martin-place-siege-joint-commonwealth-new-south-wales-review> (the Review) identified gaps in the sharing of information on changes of name between government agencies. In particular, the Review highlighted the need to improve the robustness of checks on identity by Commonwealth and state and territory government agencies, including the need for improved arrangements for sharing formal name change information between Commonwealth and state bodies. A national Change of Name Working Group has been established to manage the implementation of a solution.
Read more about Galexia’s work with the Australian Government AGD »
Galexia Director Chris Connolly joins the Editorial Board of Data Protection Leader - October 2016
|
Galexia Director, Chris Connolly, has joined the Editorial Board of Data Protection Leader (formerly known as the Data Protection Law and Policy Journal). This global journal is one of the leading monthly publications on privacy, data protection and cyber-security.
The monthly law publication covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data.
Subscribers to the publication receive printed copies each month and also gain full online access, including to the fully searchable archives, which feature over 500 articles.
The main themes covered in the Data Protection Leader are:
- Global Privacy Norms & Reforms
- Data Breach & Data Security
- Data Transfers & Outsourcing
- Cloud computing and digital data
- Sectoral privacy issues (e.g. health and financial services)
More information: <http://www.e-comlaw.com/data-protection-leader/>
Galexia presenting at the International Conference of Data Protection and Privacy Commissioners, Marrakech - October 2016
|
Galexia Director, Chris Connolly, will deliver a presentation on privacy law and trade at the 38th International Conference of Data Protection and Privacy Commissioners (Marrakech, 17-20 October 2016). The presentation is part of a high profile Panel on Data Protection and Privacy Law as a Driver in Sustainable Development.
The presentation will include highlights from Chris's research paper for the United Nations: Data protection regulations and international data flows: Implications for trade and development (UNCTAD 2016), and also lessons from the Global Cloud Computing Scorecard (Galexia / BSA 2016).
More information about the conference is available at:
https://www.privacyconference2016.org/
[Download presentation slides (PDF) »]
Privacy Policy and Privacy Management Framework for Financial Literacy Platform - September 2016
|
Galexia assisted in the strategic realignment of CreditED business around privacy and service strengths. This included the development and implementation of a best practice privacy management framework appropriate to the size and risk profile of the business.
Read more about Galexia’s work with CreditED »
Galexia completes Privacy Impact Assessment (PIA) for Austroads on Co-operative Intelligent Transport Systems (C-ITS) data messaging - August 2016
|
Galexia conducted a high-level Privacy Impact Assessment (PIA) for Austroads considering the privacy issues raised by standard data messages that will be wirelessly broadcast and received by vehicles and roadside units in a Cooperative Intelligent Transport Systems (C-ITS) deployment.
In March 2017, Austroads has published this PIA. Read more »
Cooperative ITS (C-ITS) is a vital part of the infrastructure being developed under the broader banner of Intelligent Transport Systems.
A connected vehicle ecosystem is emerging in which vehicles will share data wirelessly with other vehicles, with infrastructure, with transport management systems, and with mobile devices. Commonly referred to as Cooperative Intelligent Transport Systems (C-ITS), this ecosystem will enable a wide range of vehicle and transport applications to be deployed that cooperatively work together to deliver safety, mobility and environmental outcomes that are in addition to what many standalone systems can achieve.[1]
Potential communications scenarios include:
- Vehicle to vehicle (V2V);
- Vehicle to infrastructure (V2I, and also I2V); and
- Communications with other devices (V2X), such as personal devices.
The infrastructure is a vital part of the deployment of ‘smart roads’ and ‘smart cars’ (driverless or automated vehicles).
|
Galexia has a long history of providing advice on privacy issues related to driver and vehicle licensing and transport platforms.
Austroads is the peak organisation of Australasian road transport and traffic agencies.
Read more about Galexia’s work with Austroads »
Galexia undertakes Privacy Review on a micro payment system for public transport - July 2016
|
Galexia has completed a high-level privacy review for a payments consortium consisting of LittlePay (Australia) and Perimeter Payments (UK) regarding their roll-out of a micro-payments system for public transport.
The review considered privacy compliance issues in situations where data flowed across a variety of jurisdictions. This included an examination of Australian, British and European requirements for protecting privacy during the cross-border transfer of personal data.
Galexia has a long history of providing advice on privacy issues related to both electronic payment systems and to transport related platforms.
littlepay is an Australian fintech start-up focused on developing micro payment processing services.
Read more about Galexia’s work with LittlePay »
Galexia completes Privacy Impact Assessment (PIA) for the NSW Information and Privacy Commission on cloud based Government Access tool - July 2016
|
Galexia, in conjunction with Doll Martin Associates, completed a high level Privacy Impact Assessment (PIA) for the Information and Privacy Commission NSW on the IPC GIPA Tool. (GIPA is the Government Information (Public Access) Act 2009).
The Government Information Privacy Act 2009 (GIPA) requires the Information and Privacy Commission (IPC) to provide a resource to assist agencies in processing GIPA applications and to report annually on the operation of GIPA. In order to facilitate these requirements the IPC has developed and implemented a case management and reporting system called the ‘GIPA Tool’.
The PIA considered compliance with the NSW Privacy and Personal Information Protection Act 1998 (PPIP Act) and privacy issues associated with storing data in the cloud.
Galexia chapter in 'Enforcing Privacy' book published (Springer) - April 2016
|
Galexia directors Chris Connolly and Peter van Dijk are the authors of a chapter in the new book Enforcing Privacy - Regulatory, Legal and Technical Approaches (published by Springer, April 2016). This is the first major book to focus on the enforcement of privacy, and contains chapters from many leading privacy experts, including key regulators, academics, consultants and politicians.
Chris Connolly and Peter van Dijk contributed the chapter on Enforcement and Reform of the EU-US Safe Harbor Agreement. The chapter includes a detailed analysis of every Safe Harbor enforcement action. It also includes a detailed history of attempts to reform the Safe Harbor agreement, culminating in the proposed EU-US Privacy Shield in 2016.
Galexia advises on options for the cross border transfer of personal data in compliance with global, regional and national data protection requirements. The enforcement of these arrangements is a key issue in data protection, and this book provides a unique insight into the diversity of legal and technical enforcement options that are in use today.
More Information:
Enforcing Privacy - Regulatory, Legal and Technical Approaches
Wright, David, De Hert, Paul (Editors.)
Springer (publisher), April 2016
<http://www.springer.com/gb/book/9783319250458>
Table of contents (21 chapters):
- Introduction
- 1. Introduction to Enforcing Privacy - Wright, David (et al.) - Pages 1-12
- 2. Enforcing Privacy - Wright, David - Pages 13-49
- Part I - Countries
- 3. Failures of Privacy Self-Regulation in the United States - Gellman, Robert (et al.) - Pages 53-77
- 4. From a Model Pupil to a Problematic Grown-Up: Enforcing Privacy and Data Protection in Hungary - Szekely, Ivan - Pages 79-104
- 5. A Tale of Two Privacies: Enforcing Privacy with Hard Power and Soft Power in Japan - Miyashita, Hiroshi - Pages 105-122
- 6. The Spanish Experience of Enforcing Privacy Norms: Two Decades of Evolution from Sticks to Carrots - Lombarte, Artemio Rallo - Pages 123-144
- 7. Data Protection and Enforcement in Latin America and in Uruguay - Brian Nougrères, Ana - Pages 145-180
- Part II - International Mechanisms
- 8. The International Working Group on Data Protection in Telecommunications: Contributions to Transnational Privacy Enforcement - Dix, Alexander - Pages 183-193
- 9. Enforcing Privacy Across Different Jurisdictions - Svantesson, Dan - Pages 195-222
- 10. Cross-Border Breach Notification - Stewart, Blair - Pages 223-231
- 11. Responsive Regulation of Data Privacy: Theory and Asian Examples - Greenleaf, Graham - Pages 233-259
- 12. Enforcement and Reform of the EU-US Safe Harbor Agreement - Connolly, Chris & van Dijk, Peter - Pages 261-283
- Part III - Instruments
- 13. How Effective Are Fines in Enforcing Privacy - Grant, Hazel (et al.) - Pages 287-305
- 14. Enforcing Privacy Rights: Class Action Litigation and the Challenge of - Rotenberg, Marc (et al.) - Pages 307-333
- 15. Data Protection Certification: Decorative or Effective Instrument - Audit and Seals as a Way to Enforce Privacy - Bock, Kirsten - Pages 335-356
- 16. The Co-existence of Administrative and Criminal Law Approaches to Data Protection Wrongs - Hert, Paul (et al.) - Pages 357-394
- 17. Whom to Trust - Using Technology to Enforce Privacy - Métayer, Daniel - Pages 395-437
- Part IV - Challenges for the Future
- 18. The Irish DPA and Its Approach to Data Protection - Hawkes, Billy - Pages 441-454
- 19. Getting Our Act Together: European Data Protection Authorities Face Up to Silicon Valley - Kohnstamm, Jacob - Pages 455-472
- 20. Regaining Control and Sovereignty in the Digital Age - Albrecht, Jan Philipp - Pages 473-488
- 21. Privacy Enforcement in Search of Its Base - Rule, James B. - Pages 489-497
3rd Global Cloud Computing Readiness Scorecard released - 27 April 2016
|
Our latest research report has been released - The 2016 BSA Global Cloud Computing Scorecard (a joint research effort between BSA | The Software Alliance and Galexia) ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas.. Previous reports were released in 2012 and 2013 and this is a major update.
This year’s results reveal that almost all countries have made healthy improvements in their policy environments since the release of BSA’s previous Scorecard in 2013. But the stratification between high-, middle- and lower-achieving country groups has widened, with the middle-ranking countries stagnating even as the high achievers continue to refine their policy environments..
(BSA Global Media Release - 26 April 2016 - Washington) Despite Gains, Countries’ Cloud Computing Policies Leave Much Room for Improvement, BSA Study Shows South Africa, Canada Make Major Strides; Russia, China Push Policies Hindering Technology WASHINGTON — April 26, 2016 — National governments continue to make significant strides in improving the legal and regulatory environment for cloud computing around the globe, but important exceptions exist in several countries that threaten to impede economic growth in those markets, according to a far-reaching study by BSA | The Software Alliance. The 2016 BSA Global Cloud Computing Scorecard ranks the cloud computing readiness of 24 countries that account for 80 percent of the world’s IT markets. Each country is graded on its strengths and weaknesses in seven key policy areas. Cloud computing allows anyone — a start-up, an individual consumer, a government or a small business — to quickly and efficiently access technology in a cost-effective way. These services in return open the door to unprecedented connectivity, productivity and competitiveness. This year’s results reveal that almost all countries have made healthy improvements in their policy environments since the release of BSA’s previous Scorecard in 2013. But the stratification between high-, middle- and lower-achieving country groups has widened, with the middle-ranking countries stagnating even as the high achievers continue to refine their policy environments. “The Scorecard shows that countries are eager to welcome cloud computing and its myriad economic benefits, and many of them are creating a favorable regulatory and legal environment,” President and CEO of BSA | The Software Alliance Victoria Spinel said. “Unfortunately, the Scorecard also shows some countries are heading down a path of treating cloud computing as the next frontier of protectionism. The report is a wakeup call for all governments to work together to ensure the benefits of the cloud around the globe.” In terms of overall ranking, the biggest improvers were South Africa (moving up six places) and Canada (moving up five places). Notably, three of the countries that have trailed in the rankings — Thailand, Brazil and Vietnam — continue to make significant and consistent gains and are closing their gap with mid-tier countries. The world’s major IT markets remained stable with modest gains. Negative trends emerged as well. For example, few countries are promoting policies of free trade or harmonization of cloud computing policies. Russia and China, in particular, have imposed new policies that will hinder cloud computing by limiting the ability of cloud computing service providers to adequately move data across borders. The full, 24-country rankings and detailed findings are available at www.bsa.org/cloudscorecard. |
The BSA Global Cloud Scorecard analyzes the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.
The study includes a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.
Each country's score is computed using a 72-item scoring grid and analyses. The scores are derived using a weighted system that allocates different weights to each section/question. A number of basic fact-finding questions are excluded from the scoring system. Each group of questions is weighted to reflect its importance to cloud computing and each individual question is also weighted to reflect its importance within the group. To help with the scoring and usability of the study, the assessments are based on a series of questions that are framed so that a "yes" response reflects a favorable policy setting for global cloud computing. The weights are shown in the table below and the results are available in the downloadable report.
Download the scorecard and 24 country reports:
- BSA’s Global Cloud Computing Score Card (2016) micro-site
- Galexia Micro-site - analytics and graphs showing transition and trends in overall scores across themes and 24 countries (from 2012 to 2016)
Galexia helps the United Nations publish major study on data protection and trade - 19 April 2016
|
On April 19, 2016 the United Nations Conference on Trade and Development (UNCTAD) published a major new study: Data protection regulations and international data flows: Implications for trade and development.
Galexia Director Chris Connolly was the lead author / consultant for the study.
This major report (170 pages) examines the relationship between data protection and trade, with a strong focus on the issues faced by developing nations. The study also includes detailed contributions from national governments, regulators and businesses.
The study identified numerous challenges in the development and implementation of data protection laws, including:
- 1. Addressing gaps in coverage
- 2. Addressing new technologies
- 3. Managing cross-border data transfers
- 4. Balancing surveillance and data protection
- 5. Strengthening enforcement
- 6. Determining jurisdiction
- 7. Managing the compliance burden
The study includes numerous practical policy options and suggestions for global, regional and national stakeholders.
The United Nations is emerging as an important voice in the data protection debate, with the ability to engage with developing nations and emerging markets. Galexia continues to provide assistance to the UN on data protection and e-commerce legal and regulatory issues.
The full report is available at: http://unctad.org/en/pages/PublicationWebflyer.aspx?publicationid=1468
3rd Global Cloud Computing Readiness Scorecard due for public release - April 2016
|
The 3rd Global Cloud Computing Readiness Scorecard is due for public release in April 2016 and will be available from <http://bsa.org/cloudscorecard>.
The Galexia / BSA Global Cloud Scorecard analyses the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.
The study includes detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.
United Nations hosting major E-Commerce event in Geneva - 18 April 2016
|
Galexia director Chris Connolly will be assisting in the presentation of a two day expert meeting on Data Protection and Privacy: Implications for Trade and Development on 19-20 April in Geneva. The meeting is part of the United Nations E-Commerce Week (Geneva, April 18-22).
The E-Commerce Week is hosted by UNCTAD - the UN Conference on Trade and Development. The week includes sessions on cybercrime readiness, consumer protection online, ICT policy reviews and the proposed Action Plan for Aid for eTrade. The week concludes with the launch of the UNCTAD B2C E-Commerce Index 2016 (Measuring Cross-Border E-Commerce).
A highlight of the E-Commerce Week is the Ad Hoc Expert Meeting on Data Protection and Privacy: Implications for Trade and Development (19-20 April). Galexia Director Chris Connolly has been assisting UNCTAD as a consultant in preparing a new report on privacy and trade, and he will be moderating the meeting.
The UNCTAD meeting invitation states:
"The increasing global relevance of activities and transactions online and the changing nature of the information economy, enhances the importance of coherence between data protection and privacy frameworks that can help foster innovation and trade while at the same time protect against unnecessary intrusions. Recent and expected regulatory changes in the field of data protection and privacy as well as diverging approaches in different parts of the world, call for renewed discussion on possible ways forward.
This ad hoc expert meeting will contribute to ensure global communication on the subject to understand emerging topics in data protection and privacy, new challenges and opportunities, as it relates to unlocking the potential for cross-border trade. Industry players and consumers, as well as governments and international organizations will present their perspectives and outline the latest developments, current practices and relevant frameworks.
The Ad Hoc expert meeting will commence with the presentation of the UNCTAD Study on Data Protection and International Data Flows. Representatives from public and private stakeholders will then take the floor to discuss thematic topics and present their experiences. Invited delegates include representatives from the African Union Commission, Asia-Pacific Economic Cooperation, the Commonwealth, the Council of Europe, the East African Secretariat, the ECOWAS Commission, European Union, the Organisation for Economic Co-operation and Development, the United States Federal Trade Commission, UNOHCHR, International Chamber of Commerce, the Computer and Communications Industry Association, Consumer International, Google, Microsoft, and eBay and other e-commerce platforms from developing countries."
More details are available at: <http://unctad.org/en/pages/newsdetails.aspx?OriginalVersionID=1194>
Galexia article about Implementation of the new EU-US Privacy Shield - 21 March 2016
|
Galexia has published an article on the proposed EU-US Privacy Shield, which is set to replace the former Safe Harbor as the key mechanism for the transfer of personal data from the European Union to the United States.
The draft Privacy Shield adequacy decision by the European Commission is yet to be formalised - the commission must first seek the opinion of the influential Article 29 Working party. However, it is almost certain that the Privacy Shield will be implemented in some form in the near future.
The former Safe Harbor framework was the subject of extensive research and analysis by Galexia, including a major report in 2008 followed by ongoing monitoring and the submission of evidence and reports to the EU and US authorities.
How does the proposed Privacy Shield compare to the Safe Harbor?
Advice on market sizing for cross border transfers from Europe - February 2016
|
Galexia advised DIGITALEUROPE on market issues and policy options related to the cross-border transfer of personal data. The study included an analysis of the type and size of organisations making data transfers, the type of data transferred and the regulatory options adopted by hundreds of organisations. The analysis included a breakdown of market segments by sector and business size.
Galexia has particular expertise in the privacy issues associated with the transfer of data to and from Europe.
DIGITALEUROPE <www.digitaleurope.com> is a European trade organisation representing the digital technology industry. Their members include around 60 major technology companies and 35 national trade associations.
The European Union Network and Information Security (NIS) Directive moves a step closer to implementation - 16 January 2016
|
The European Union Network and Information Security Directive (the NIS Directive) has moved a step closer to implementation after the EU's Internal Market Committee voted to support the Directive on 16 January 2016. This was the final major hurdle in the passage of the Directive, and the Directive is expected to be endorsed by parliament in the near future.
The NIS Directive requires relevant businesses to put in place security measures to protect their networks and data against cyber security attacks and to report serious cyber incidents and threats to regulators.
Galexia has been at the forefront of studying the potential impact of the NIS Directive, both in Europe and beyond. One of our key reports on CyberSecurity is the 2015 EU CyberSecurity Maturity Dashboard (including 28 Country reports and case studies). That report was prepared for BSA | The Software Alliance and released in April 2015. The report includes a comparative analysis of country readiness for the NIS Directive.
The subsequent Asia Pacific CyberSecurity Maturity Dashboard (including 10 country reports and case studies considers the maturity of APAC countries through the lens of the NIS directive.
Follow the progress of the NIS Directive at the Digital Agenda for Europe site: <https://ec.europa.eu/digital-agenda/en/cybersecurity>
Galexia Director speaking at Privacy Law and Business Conference in Cambridge (UK) - 7 July 2015
|
Galexia Director Chris Connolly will deliver a special presentation at the Privacy Laws and Business Conference at Cambridge University on July 7.
The presentation will mark the fifteenth anniversary of the launch of the EU-US Safe Harbor, and is titled: 'The Safe Harbor at Fifteen' - A brief history of enforcement and reform.
- A brief history of the establishment of the Safe Harbor, its role, purpose and structure.
- An overview of the five public reviews of the Safe Harbor that have been conducted
- An issue by issue analysis of Safe Harbor enforcement, including:
- The notice and consent cases ?
- False claims of current Safe Harbor membership
- Safe Harbor fraud
- Expensive dispute resolution providers and threats against complainants
- Fine print exclusions
- Conflicts of interest
- A brief discussion of structural and cultural differences (and similarities) between the EU and US approach to privacy
- The role of the Safe Harbor in the national security surveillance debate
- The future of the Safe Harbor, and lessons learned.
The presentation will be followed by a panel discussion including Commissioner Julie Brill (US Federal Trade Commission) and Bruno Gencarelli (Head of Data Protection at the European Commission Directorate General for Justice).
More details are available at: <http://www.privacylaws.com/annual_conference>
APAC CyberSecurity Dashboard and 10 Country Reports Launched - 1 July 2015
|
On 30 June 2015 BSA | The Software Alliance released the APAC CyberSecurity Maturity Dashboard (including 10 Country reports and case studies).
The 2015 APAC Cybersecurity Dashboard evaluates cybersecurity laws, rules, policies and institutions in 10 key jurisdictions:
- Australia
- China
- India
- Indonesia
- Japan
- Malaysia
- South Korea
- Singapore
- Taiwan
- Vietnam
The report assesses each country against criteria deemed essential for effective cybersecurity protection.
The full country reports are available for download and give an overview of the cybersecurity landscape, highlighting key cybersecurity legislation and policy, as well as the main entities currently operating within each jurisdiction. Maturity is assessed against criteria grouped across the following key themes:
- Legal foundations for cybersecurity;
- Operational capabilities;
- Public-private partnerships;
- Sector-specific cybersecurity plans; and
- Education.
This work complements Galexia’s other research reports for BSA,
- European Cybersecurity Maturity Dashboard published in March 2015
- Global Cloud Readiness Scorecard - published in 2012, 2013 and in August 2015.
Download the APAC CyberSecurity Report and 10 Country Studies
- BSA APAC CyberSecurity Maturity Dashboard (2015) micro-site (external site)
Vale Claro ‘Lalen’ Parlade - June 2015
It is with great sadness that we report the loss of Galexia Associate and close friend Claro Parlade, who has died in the Philippines after a period of illness.
Claro was a well known IT lawyer in the Philippines who played a key role in the development of cyberlaws in the Asia Pacific region. Claro collaborated with Galexia on several regional projects, and was based in the Galexia offices in Sydney for a short period while he worked on the development of the Philippines privacy legislation, (the Data Privacy Act 2012).
Claro also held senior roles at Google and BSA | The Software Alliance. He was a global expert, having lived, worked and studied in the Philippines, Australia, Canada, the US and Singapore.
The Galexia team express our deepest sympathy to Claro's wife, three daughters and family. Claro’s gentle combination of wit, insight, friendship, intellect and cyber-law expertise will be missed by all of us.
Privacy Review for Diabetes Australia - June 2015
|
In June 2015 Galexia completed a Privacy Review of the National Diabetes Services Scheme (NDSS) for Diabetes Australia.
Read more about our projects with Diabetes Australia »
European CyberSecurity Dashboard and 28 Country Reports Launched - 3 March 2015
|
On 3 March 2015 BSA | The Software Alliance released the EU CyberSecurity Maturity Dashboard (including 28 Country reports and case studies).
The 2015 EU Cybersecurity Dashboard — the first-of-its-kind examination of the relevant policy approaches in the Member States — highlights some fundamental challenges as well as significant opportunities for improving cybersecurity across the EU.
The Report evaluates national laws, rules and policies in all 28 EU Member States against 25 criteria deemed essential for effective cybersecurity protections. It is intended to provide EU Member States with an opportunity to evaluate their countries’ policies against key metrics and maps a way forward by outlining the key building blocks for a strong cybersecurity legal framework.
The full Member State reports give an overview of the cybersecurity landscape, based on the set of criteria outlined below, highlighting key cybersecurity legislation and policy, as well as the main entities currently operating within each jurisdiction.
- Legal foundations for cybersecurity;
- Operational capabilities;
- Public-private partnerships;
- Sector-specific cybersecurity plans; and
- Education.
This work complements Galexia’s other research reports for BSA, including the soon to be Global Cloud Readiness Scorecard published in 2012, 2013 and in April 2015.
Download the EU CyberSecurity Report and 28 Country Studies
- BSA European CyberSecurity Maturity Dashboard (2015) micro-site (external site)
Galexia to present at Expert Meeting on Cyberlaws and Regulations for Enhancing E-Commerce, Geneva - March 2015
|
Galexia Director Chris Connolly will present a paper on Global Issues in Cybersecurity and Privacy in Geneva on 25 March 2015.
More information about the conference is available at:
<http://unctad.org/en/pages/MeetingDetails.aspx?meetingid=644>
The Expert Meeting on Cyberlaws and Regulations for Enhancing E-Commerce has been organised by the United Nations Conference on Trade and Development (UNCTAD). Chris will be speaking in the session on data protection and cybercrime.
The session will explore recent developments related to e-commerce in respect of data breaches and fraud. It will discuss ways to ensure confidence and trust in the use of the Internet through the enactment of legal and regulatory frameworks for protecting personal data, privacy and combatting cybercrime. It will explore the complexity of cross-border enforcement and ways in which governments and businesses can work together in these areas. It will also discuss measures by companies, in particular small and medium-sized enterprises, to keep consumer information secure.
Galexia has a long history of working with UNCTAD (and ASEAN and other regional groupings) on international cyberlaw issues.
3rd Global Cloud Computing Readiness Scorecard being developed for mid 2015 launch - August 2014
|
In August 2014 Galexia began work on an important research project for BSA - The Software Alliance. Galexia has been commissioned to prepare the 3rd Global Cloud Computing Readiness Scorecard, following the success of the 2012 and 2013 scorecards.
The new scorecard will be released in mid-2015.
The Galexia / BSA Global Cloud Scorecard will analyse the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.
The study will include a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.
Galexia completes Privacy Impact Assessment (PIA) for Victorian Resource Rights Allocation and Management (RRAM) migration to cloud - August 2014
|
Galexia conducted a Privacy Impact Assessment (PIA) for the Victorian Department of State Development, Business & Innovation (DSDBI) on the proposed migration of the Resource Rights Allocation and Management (RRAM) Project to a commercial cloud provider.
Galexia has particular experience in advising Government agencies in their successful migration to cloud and externally hosted services. We have assisted in the development of a staged privacy and security assessments and compliance framework for prior migrations.
Galexia developing Asia-Pacific Cybersecurity Comparative Study - July 2014
|
In July 2014 Galexia began work on an important research project for BSA - The Software Alliance. Galexia has been commissioned to prepare a report on Cybersecurity in 10 Asia Pacific nations.
The countries included in the study are Australia, China, India, Indonesia, Japan, Korea, Malaysia, Singapore, Thailand and Vietnam.
The report will be published in early 2015.
This work complements our earlier research reports for BSA, including the Global Cloud Readiness Scorecard published in 2012 and 2013.
The new report will include a detailed country-by-country analysis of legislation, regulations, government policy, standards and infrastructure related to Cybersecurity.
Australian Department of Communications Technology Advice Panel - June 2014
|
Galexia has been appointed to the Department of Communications Technology Advice Panel to provide specialised services to the Department.
The specialised services include:
1. Information & Communications Technology (ICT) Industry Research and Analysis
a) Research and analysis of the ICT industry, including
- Horizon scanning and forecasting
- Technology developments (incl. hardware, software and processes) and their performance and impacts
- Telecom and communications deployments, including migrations
- Demand and supply side trends and drivers
- Industry structure, alliances, partnerships, mergers and acquisitions key players and market segments
- Regulatory and public policy issues
- Modelling, costing's and deployment plans
- Sectoral and trans-sectoral ICT developments and deployments
- Technical standardisation and assorted trends, nationally, regionally and internationally. Provisions for telecommunications and communications in the built environment (e.g. pathway systems)
- International comparisons and case studies in relation to any or all of the above
b) Customised primary and secondary research and analysis as required.
Galexia developing European Cybersecurity Comparative Study - June 2014
|
In June 2014 Galexia began work on an important research project for BSA - The Software Alliance. Galexia has been commissioned to prepare a report on Cybersecurity in 28 European Union nations.
The report will be published in 2015.
This work complements our earlier research reports for BSA, including the Global Cloud Readiness Scorecard published in 2012 and 2013.
The new report will include a detailed country-by-country analysis of legislation, regulations, government policy, standards and infrastructure related to Cybersecurity.
Galexia presents on The Future of the EU-US Safe Harbor at Brussels conference - 1 June 2014
|
Galexia Director Chris Connolly presented a paper on The Future of the EU-US Safe Harbor at a major privacy research conference in Brussels on 1 June 2014.
The event was the final conference of the SAPIENT project: (Supporting fundamentAl rights, PrIvacy and Ethics in surveillaNce Technologies) <http://www.sapientproject.eu/>
The presentation focused on enforcement issues, and follows previous Galexia research on compliance issues in the EU-US Safe Harbor. The Safe Harbor Framework is a mechanism for allowing some EU data to be transferred to US businesses while protecting the privacy of individuals. The Framework is the subject of a significant review and overhaul by the US and EU.
Galexia completes Privacy Impact Assessment (PIA) for Business Victoria Online - May 2014
|
Galexia completed a Privacy Impact Assessment (PIA) for the Victorian Department of State Development, Business & Innovation (DSDBI) on the migration of Business Victoria Online (BVO) services to a commercial cloud services provider.
Galexia provided a range of cloud and privacy advice and developed a re-usable template and checklist driven approach for future PIAs.
AUSTRAC releases Galexia’s PIA on AML/CTF reforms - May 2014
|
In early 2014 Galexia completed a Privacy Impact Assessment (PIA) for proposed changes to the customer due diligence requirements of Australia’s Anti-Money Laundering and Counter-Terrorism Financing Framework (the CDD project).
The PIA was one of the first PIAs conducted in accordance with the new Australian Privacy Principles (APPs) that came into force in March 2014.
The PIA was published by AUSTRAC in May 2014.
Galexia was able to advise AUSTRAC on how to incorporate important changes to customer due diligence requirements that form part of international commitments to tackle money laundering, while complying with Australia's revised privacy legislation.
A number of recommendations in the PIA resulted in changes to the final form of the AML/CTF Rules.
Download PIA » [Galexia - PDF]
Galexia gives evidence about EU/US Safe Harbor privacy framework to the UK House of Lords - 12 March 2014
|
Galexia Director Chris Connolly appeared at the House of Lords EU Sub-Committee on Home Affairs, Health and Education in London on 12 March 2014.
The Committee was investigating the potential reform of the EU US Safe Harbor Framework which allows some EU personal data to be transferred to the United States. Mr Connolly was asked to provide evidence on the level of privacy protection provided under the Framework.
On 7 May 2014 the Committee issued a final report, calling for improvements to the Safe Harbor. The final report is available at:
<http://www.parliament.uk/documents/lords-committees/eu-sub-com-f/safeharbour/boswell.pdf>
Galexia presentation at the Commonwealth Cybersecurity Forum in London - 5 March 2014
|
Galexia Director Chris Connolly appeared at the Commonwealth Cybersecurity Forum in London on 5 March 2014. He discussed the balance between privacy and security in the emerging cloud computing environment. Mr Connolly provided an overview of national approaches to cloud computing policy and regulation, with a special emphasis on the issues facing developing countries.
Galexia has played a key role in assessing national, regional and global approaches to cloud computing privacy and security policies. In 2012 and 2013 Galexia developed the BSA Global Cloud Computing Scorecard. We have also contributed to the work of the United Nations Conference on Trade and Development (UNCTAD) in this area.
More information: (External links)
- Commonwealth Cybersecurity Forum 2014, London - <http://www.cto.int/events/previous-events/2014-2/cybersecurity-2014/>
- The UNCTAD Information Economy Report 2013 - The Cloud Economy and Developing Countries - <http://unctad.org/en/PublicationsLibrary/ier2013_en.pdf>
Galexia completes privacy and security advice on cloud applications for 3wks.com.au and Victorian Government - November 2013
|
Galexia worked with 3wks.com.au and a Victorian government agency to consider the legal and regulatory issues regarding the development of cloud based application for government.
This work required a review and analysis of:
- Google Apps terms and privacy policy
- Google Cloud Services Partner Agreement
- Comparison of cloud provider privacy policies (including Google Compute, Google Apps, Salesforce, AWS, etc)
- Agency privacy policies
- General research and literature review on offshore privacy issues
- Review of relevant guidance from the Office of the Victorian Privacy Commissioner;
- Review of relevant Victorian Government guidance on security and cloud computing and DSD Cloud Computing Security Considerations (2011); and
- Review of Victorian Government Security Policy Documents - <http://digital.vic.gov.au/policies-standards-guidelines/information-security/>
Galexia and Doll Martin Associates announce closer strategic relationship - October 2013
In October 2013 Galexia and Doll Martin Associates strengthened their existing partnership and announced a closer strategic alliance. Galexia and Doll Martin Associates have worked on projects together since 2005 and both organisations have decided to leverage their particular strengths and synergies by working together.
All Galexia services in Australia and New Zealand will be provided through the alliance. Galexia brings to the alliance its Australian and international cloud, privacy and identity advisory practice and Doll Martin Associates provides Galexia with greater local capacity and access to an expanded range of business strategy, architecture and information management consulting services.
Galexia invited to provide evidence to the European Parliament LIBE Inquiry on Electronic Mass Surveillance of EU Citizens - 7 October 2013
|
Galexia Director, Chris Connolly, has been asked to appear before a European Parliament inquiry to discuss the impact of the NSA / PRISM revelations on the privacy of European citizens when their data is transferred to the United States.
The Committee on Civil Liberties, Justice and Home Affairs (the LIBE Committee) is holding an inquiry on electronic mass surveillance of EU citizens, and Chris will appear before the Committee in Strasbourg on Monday October 7. Chris's task will be to comment on the effectiveness of the US Safe Harbor Privacy Framework, a topic that Galexia has covered in several previous research papers, articles and speeches.
Other speakers at the Hearing include:
- Viviane Reding, the Vice President of the European Commission,
- Peter Hustinx, the European Data Protection Supervisor, and
- Isabelle Falque-Pierrotin, the President of the French Data Protection Agency (CNIL).
Related (external) links
- The inquiry hearings will be broadcast live from http://www.europarl.europa.eu/committees/en/libe/home.html
- Download the program (PDF)
- Download the poster (JPG)
UNCTAD Review of E-commerce Legislation Harmonization in ASEAN - 25 September 2013
|
Galexia and the United Nations Conference on Trade and Development (UNCTAD) have released a major report, entitled Review of E-commerce Legislation Harmonization in the Association of Southeast Asian Nations (2013).
Galexia Director Chris Connolly was a major contributor to the report. The report is a follow-up to Galexia's previous AusAID funded project to harmonise e-commerce legal infrastructure in ASEAN (2004-2009) and Galexia’s earlier study for the UNCTAD Information Economy Report on ASEAN cyberlaw harmonisation in 2008.
This 2013 review documents the significant advances made by ASEAN countries in the area of e-commerce laws. It also makes proposals for accelerating the process of regional integration and harmonization as outlined in the ASEAN ICT Masterplan 2015.
Galexia’s extensive and detailed work with ASEAN has assisted ASEAN be the first region in the developing world to adopt a harmonized legal framework for e-commerce and it is the most advanced developing region in terms of implementing harmonized e-commerce laws.
The review includes detailed regional and national analysis of e-commerce laws, privacy, cybercrime and cloud computing.
Galexia Microsite
UNITED NATIONS PUBLICATION |
UNCTAD Information Economy Report 2013 - Expert Peer Review Meeting (Geneva) - July 2013
|
Galexia Director, Chris Connolly, presented at the Expert Peer Review Meeting on the Information Economy Report 2013 on 9-10 July in Geneva. The Information Economy Report is an annual publication issued by the United Nations Conference on Trade and Development (a regular Galexia client), and this year's theme is Cloud Computing. The meeting was a gathering of experts on cloud computing technology, law and policy from more than a dozen countries.
Chris was the lead discussant for the report chapter on The governance, law and regulation of cloud computing in developing countries.
The final report will be published in late 2013.
Galexia provides Australian Energy Market Operator (AEMO) advice on cloud based identity - April 2013
|
Galexia provided the Australian Energy Market Operator (AEMO) with options for implementing Single Sign-On (SSO) to external Software-as-a-Service (SaaS) applications. Our consultants performed an analysis of AEMO's authentication requirements, internal and external applications, and existing processes. We used our expert knowledge of cloud-based SSO technology vendors and solutions to select and cost the best approach, based on proven cloud identity design principles and best practices.
Read more about Galexia’s work with AEMO »
Independent Review of Queensland Personal Identification Information in Property Data (PIIPD) Code of Conduct - March 2013
|
Galexia was engaged to undertake an independent review on the operations and effectiveness of the Queensland Personal Identification Information in Property Data (PIIPD) Code. The review considered the operation of the Code and encompass accountability, effectiveness, efficiency, accessibility, independence and fairness.
Galexia has played an ongoing role in the development, implementation and review of a code-of-conduct for QVAS (Queensland Valuation and Sales System).
More information is available at the Personal Identification Information in Property Data Code of Conduct website (external link)
This code-of-conduct is an excellent example of successful privacy self-regulation in the information broking sector.... Even if we do say so ourselves!
2nd Global Cloud Computing Readiness Scorecard launched - 7 March 2013
|
The 2013 Global Cloud Computing Scorecard — the first-ever report to track year-over-year change in the international policy landscape for cloud computing — shows that cloud readiness is improving, if unevenly.
These findings come against the backdrop of the massive and well-documented movement to cloud services by consumers, businesses, and governments. What hasn’t been documented until now is the less steady improvement in the policy environment to support global cloud computing, with some countries making big strides to improve their cloud readiness while others, including some of the world’s largest technology markets, have stalled or even backtracked.
(BSA Global Media Release - 7 March 2013 - Washington) Progress on Cloud Computing Policy Is Hit and Miss Around the World - Singapore leaps forward in global policy rankings; Japan, Australia, and US lead global market; Europe stalls Countries around the world are improving the legal environment for cloud computing — though at an uneven pace that risks undermining the full economic potential of cloud technologies. The 2013 BSA Global Cloud Computing Scorecard — the first report ever to track changes in the global policy landscape for cloud computing — finds that while many of the world’s biggest IT markets have stalled or slid backwards, others are embracing laws and regulations conducive to cloud innovation. The Scorecard also finds that policy fragmentation persists, as some countries, aiming to promote local cloud markets, adopt laws and regulations that inhibit cross-border data flows or skew international competition. The new 2013 BSA Cloud Scorecard builds on an inaugural edition of the report released last year. The biggest mover in the rankings is Singapore, which vaulted to fifth from 10th place a year ago by adopting a new privacy law that builds user trust while also promoting business innovation. The 2013 study finds that Japan continues to lead the global rankings with a comprehensive suite of laws supporting digital commerce. Australia remains in second place, and the US has edged into third, pushing Germany down to fourth. The study finds that policy improvements in many of the world’s biggest IT markets have stalled. Notably, all six European Union countries covered in the study have lost ground in the rankings. Others are effectively unplugging themselves from the global market — with especially counterproductive policies in Korea, Indonesia and Vietnam. The study evaluates countries in seven policy areas critical to the market for cloud computing services — data privacy, cybersecurity, cybercrime, intellectual property, technology interoperability and legal harmonization, free trade, and ICT infrastructure. Among the study’s findings:
|
The BSA Global Cloud Scorecard analyzes the legal and regulatory framework and broadband infrastructure of 24 countries that together make up 80 percent of the global ICT market. The analysis is grouped under seven policy categories that are central to the growth and operation of cloud computing.
The study includes a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable. The Scorecard analysis is based upon a combination of published information and statistics and evaluation by independent experts at Galexia.
Each country's score is computed using a 66-item scoring grid and analyses. The scores are derived using a weighted system that allocates different weights to each section/question. A number of basic fact-finding questions are excluded from the scoring system. Each group of questions is weighted to reflect its importance to cloud computing and each individual question is also weighted to reflect its importance within the group. To help with the scoring and usability of the study, the assessments are based on a series of questions that are framed so that a "yes" response reflects a favorable policy setting for global cloud computing. The weights are shown in the table below and the results are available in the downloadable report.
The 2013 Scorecard follows on from the groundbreaking 2012 Scorecard and contains:
- Updates across 24 countries and 66 criteria, including:
- 27 significant (positive) changes
- 34 moderate (positive) changes
- 6 moderate (negative) changes
- 108 minor (no effect) changes
- 432 infrastructure changes
- Tracks changes in score and rank from 2012
- 3 new case studies
Galexia Microsite:
- Global Cloud Computing Score Card (2013) summary micro-site - Browse themes and country summary reports
Download the scorecard and 24 country reports:
Asia Cloud Computing Association incorporates Galexia research into its 2nd Cloud Readiness Index - 13 November 2012
|
The 2nd Cloud Readiness Index (CRI) developed by the Asia Cloud Computing Association evaluates key attributes in order to identify the state of readiness for cloud computing in 14 markets across the Asia region. It also provides insight into how regulation and policy work address cloud computing issues.
The Index is designed to look at the state of readiness for cloud computing in markets across the Asia Pacific region - especially how we see regulation and policy work by governments - to help advance cloud computing in Asia. It measures key attributes and conditions that will help companies and individuals determine which markets are currently best placed for wide adoption of cloud computing services.
The Index incorporates information from several sources, including the Global Cloud Computing Scorecard (2012) completed by Galexia for the Business Software Alliance (BSA) in February 2012.
External links:
- Asia Cloud Computing Association Cloud Readiness Index:
http://www.asiacloud.org/images/stories/contents/files/CRI_2012.pdf - Asia Cloud Computing Association website
Galexia develops Identity and Access Management Strategy and Roadmap for Australian Energy Market Operator (AEMO) - March 2012
|
Galexia delivered an Identity and Access Management (IAM) Strategy for the Australian Energy Market Operator (AEMO).
Our consultants performed an analysis of AEMO's current state IAM business processes and technology, and determined the future state based on requirements and best practice. Galexia performed an IAM market review and technology evaluation that identified and costed the products most appropriate to AEMO. Leveraging the analysis and review, Galexia consultants provided an IAM Strategy and Roadmap for a 2-3 year period.
Read more about Galexia’s work with AEMO »
Global Cloud Computing Readiness Scorecard launched - 22 February 2012
|
On 22 February 2012, the Business Software Alliance (BSA) launched the BSA Global Cloud Computing Readiness Scorecard (2012) developed by Galexia.
The first-of-its-kind Scorecard analyses and ranks the legal and regulatory framework and broadband infrastructure of 24 countries based on seven policy categories that measure the countries’ preparedness to support the growth of cloud computing. Together, these countries account for 80% of the global ICT market.
The Scorecard also includes a detailed country-by-country analysis of legislation, regulations, case law, government policy and standards. The assessments include an evaluation of enforcement and implementation of existing laws in each country, as well as an assessment of compliance with relevant treaties and global agreements where applicable.
Each country's score is computed using a 66-item scoring grid and analyses. The scores are derived using a weighted system that allocates different weights to each section/question. A number of basic fact-finding questions are excluded from the scoring system. Each group of questions is weighted to reflect its importance to cloud computing and each individual question is also weighted to reflect its importance within the group. To help with the scoring and usability of the study, the assessments are based on a series of questions that are framed so that a "yes" response reflects a favourable policy setting for global cloud computing.
External links:
Galexia to present the new Global Cloud Readiness Scorecard at the Cloud Connect conference, Santa Clara USA - 14 February 2012
|
On 14 February 2012 Galexia presented the new Global Cloud Readiness Scorecard at the Cloud Connect conference in Santa Clara USA. The new scorecard examines the legal, regulatory and infrastructure environments in 24 countries, including a detailed assessment of their readiness for cloud computing.
Galexia Directors Chris Connolly and Peter van Dijk presented on a panel on a panel called: Breaking Down Barriers: Creating a Global Policy Environment to Promote Cloud Adoption.
External link:
- The Cloud Connect conference website:
http://www.cloudconnectevent.com/santaclara/
New ePayments Code launched in Australia - September 2011
|
In September 2011 the Australian Securities and Investments Commission (ASIC) issued a completely revised and updated Code of Conduct for Electronic Transactions. The new ePayments Code replaces the long standing EFT Code of Conduct, and applies to a broader range of online payment systems.
Galexia Director Chris Connolly was a member of the expert working group revising the Code - a process that took two years to complete and involved three rounds of public consultation.
Related links:
- Galexia assisted CHOICE, the Consumers’ Federation of Australia, and the Consumer Action Law Centre in preparing a joint consumer response to the Australian Securities and Investments Commission’s proposals for changes to the Electronic Funds Transfer (EFT) Code of Conduct. Key issues addressed in the response include liability of consumers and small businesses, and monitoring Code compliance.
View the 2008 joint consumer response » - Galexia assisted CHOICE with its submission regarding the 2007 review of the Electronic Funds Transfer (EFT) Code of Conduct, as conducted by the Australian Securities and Investment Commission (ASIC).
View the 2007 joint consumer submission »
External link:
- A copy of the ePayments Code is available at the ASIC website at:
http://www.asic.gov.au/asic/asic.nsf/byheadline/ePayments-Code
Singapore to introduce privacy legislation and a Do Not Call Register - September 2011
|
Singapore has flagged that it plans to introduce privacy legislation in early 2012. A public consultation paper issued by the Ministry of Information, Communications and the Arts was released on 13 September 2011, titled: Proposed Consumer Data Protection Regime For Singapore.
The paper recommends the introduction of private sector privacy legislation based on a mix of EU and APEC best practice. Interestingly, the paper also proposes the establishment of a national Do Not Call Register to fight against the intrusion of telemarketing.
Singapore joins a growing list of countries with proposed and draft privacy legislation in the region.
External link:
- Singapore public consultation paper:
http://app.mica.gov.sg/Default.aspx?tabid=482
Asia Cloud Computing Association incorporates Galexia research into its Cloud Readiness Index - September 2011
|
The Cloud Readiness Index developed by the Asia Cloud Computing Association evaluates key attributes in order to identify the state of readiness for cloud computing in 14 markets across the Asia region. It also provides insight into how regulation and policy work address cloud computing issues.
The index incorporates information from several sources, including the Asia Pacific Digital Economy and Cloud Computing Scorecard completed by Galexia for the Business Software Alliance (BSA) in March 2011.
External link:
- Asia Cloud Computing Association Cloud Readiness Index:
http://www.asiacloud.org/docs/Cloud_Readiness_White_Paper_v6-0.pdf
Galexia research on privacy and health data published in two prestigious medical journals - July 2011
|
Galexia director Chris Connolly is the joint author (with Christine O’Keefe from CSIRO/Data61) of two articles on privacy and health data.
- Regulation and Perception Concerning the Use of Health Data for Research in Australia, Christine M O'Keefe and Chris Connolly was published in the Electronic Journal of Health Informatics, Vol 6, No 2 (2011): Special Issue on Smart Healthcare Systems.
A shorter version of the Article was also published in the Medical Journal of Australia:
- C.M. O'Keefe and C. Connolly, Privacy and the use of health data for research, Med J Australia 193 (2010), 537-541.
Abstract:
The primary objective of this review is to provide an overview of the issues involved in balancing privacy and access in the context of health research. Appropriate collection, management, linkage and interrogation of health data can play a vital role in improving individuals’ health and wellbeing. However, the assembly and use of linked population, clinical and genetic health databases in the research and policy analysis environments raises privacy, confidentiality and ethical concerns.
The topic of our review is of current interest in the context of the Australian Government National Collaborative Research Infrastructure Strategy (NCRIS) investment in the Population Health Research Network (PHRN), which aims to provide improved accessibility to health-related data for the research sector. This initiative is likely to attract new researchers to the field of population health, and the current review may assist them in taking account of privacy regulation and perceptions when designing study and consent processes.
Although there is little evidence of privacy complaints or breaches in health research, it seems clear that privacy regulation and privacy perception are both key factors in the health research context, acting as potential restraints on some types of research that could deliver considerable public benefit. In particular, significant concerns regarding consent and de-identification remain in the community.
Recent Australian Law Reform Commission recommendations leave room for technical solutions to play an increased role in allowing personal information to be de-identified for research purposes. Recent advances in the techniques for de-identifying personal information provide some hope that de-identification can occur without a negative impact on data quality.
External link:
- Electronic Journal of Health Informatics:
http://www.ejhi.net/ojs/index.php/ejhi/article/view/135/93 - Medical Journal of Australia:
http://www.mja.com.au/public/issues/193_09_011110/oke11214_fm.html
ACMA publishes Galexia’s research on international Cybersecurity awareness raising and educational initiatives - May 2011
|
An Overview of International CyberSecurity Awareness Raising and Educational Initiatives - a report for the Australian Communications and Media Authority (ACMA) by Galexia in partnership with the Cyberspace Law and Policy Centre, was launched in CyberSecurity Awareness week - 30 May 2011.
The study included research and advice on 68 Cybersecurity initiatives (both government and private sector) in 11 jurisdictions.
Browse the Research Report
Download the Research Report from the ACMA
Galexia team presents Asia Pacific Digital Economy and Cloud Computing Scorecard at Hong Kong workshop - April 2011
|
Galexia Director Peter van Dijk and Galexia’s Singapore based Associate Yee Fen Lim presented the Asia Pacific Digital Economy and Cloud Computing Scorecard at an industry workshop in Hong Kong in April 2011.
The Scorecard is a comparative analysis of major cyberlaw issues and digital infrastructure in 14 Asia-pacific countries. The presentation focussed on areas where the region is making good progress on developing consistent and harmonised laws and regulations that facilitate cloud computing. Some regional gaps and challenges were also identified in areas such as data protection law, cybercrime legislation and ICT infrastructure.
The workshop was attended by industry associations and business leaders from countries in the region, with strong representation from both developed and emerging economies.
Galexia completes Asia Pacific Digital Economy and Cloud Computing Scorecard - March 2011
|
Galexia has completed a comprehensive review of digital economy laws and infrastructure in 14 Asia Pacific countries - the Asia Pacific Digital Economy and Cloud Computing Scorecard. This important comparative analysis was commissioned by the Business Software Alliance (BSA).
The 14 countries in the study are: Australia, China, Hong Kong, India, Indonesia, Japan, Korea, Malaysia, New Zealand, Philippines, Singapore, Taiwan, Thailand and Vietnam.
The report is presented as a checklist of over 100 issues in 8 categories:
- Security;
- Cybercrime;
- Interoperability;
- Data protection;
- Intellectual property;
- International harmonisation of rules;
- Promoting free trade; and
- Infrastructure.
The full report is available to BSA members.
Treaties Committee recommends Australia sign two important cyberlaw Conventions - March 2011
|
The Joint Standing Committee on Treaties has recommended that Australia accede to two important cyberlaw Conventions. The United Nations Convention on the Use of Electronic Communications in International Contracts (Electronic Contracts Convention) and the Council of Europe Convention on Cybercrime (Cybercrime Convention).
Electronic Contracts Convention
The United Nations Convention on the Use of Electronic Communications in International Contracts (the Convention) is the first United Nations Convention to address legal issues arising from the digital economy. Eighteen countries have signed the Convention, including major trading partners such as Korea; China; and Singapore.
The Convention contains a comprehensive framework for establishing contracts using electronic communications.
The Committee noted that in practice, businesses with disputes relating to electronic contracts have not sought to use legal means to resolve their disputes. However, the Committee concluded that signing the Convention would ensure that when an “inevitable” legal dispute arises, the Australian legal system will comply with the internationally recognised process for resolving disputes.
The Committee recommended that Australia take binding treaty action to join the United Nations Convention on the Use of Electronic Communications in International Contracts.
Cybercrime Convention
The Council of Europe Convention on Cybercrime entered into force in 2004. The Convention covers a range of criminal activity involving use of computers or computer networks, such as in unlawfully accessing computer data or interfering with computer systems, or where computer use is integral to the offence, such as for the distribution of child pornography via the Internet.
Over 30 European member states and one non-member, the United States, are party to the Convention. Seventeen other nations have signed the Convention, including non-members Canada, Japan and South Africa.
The Treaties Committee drew considerable attention the role of the Convention in boosting international co-operation to deal with increasingly sophisticated and diverse forms of computer-related criminal activity.
Articles 29 to 34 of the Convention set out the expectations for mutual assistance between Parties including:
- The preservation of some computer data, and associated traffic data, by service providers for both domestic and foreign investigations;
- Mutual assistance in the disclosure of traffic data in real time, but only to the extent permitted under applicable treaties and domestic law (Australian legislation does not allow for real-time interception by foreign countries); and
- Establishment of a 24 hour, 7 days per week point of contact to receive requests and provide assistance for searching and accessing computer data.
Naturally, these aspects of the Convention have raised some community concerns about privacy and security.
The Attorney-General’s Department submitted to the Treaties Committee that the capacity to access and preserve data is fundamental to the new mutual assistance arrangements. However, they also advised that Australia would lodge a Reservation to requirements for foreign investigation of real-time data to ensure they matched Australian thresholds - in particular, Australian law limits disclosure of real-time traffic data to investigations relating to a criminal offence punishable by at least three years’ imprisonment.
The Committee recommended that Australia should accede to the Council of Europe Convention on Cybercrime and update local laws as appropriate.
External link:
- The full reports are available at:
http://www.aph.gov.au/house/committee/jsct/1march2011/report/fullreport.pdf
Cloud computing advice to the Victorian Department of Innovation, Industry and Regional Development (DIIRD) - November 2010
|
Galexia provided detailed advice to the Victorian Department of Innovation, Industry and Regional Development (DIIRD) on cloud computing.
In 2009 Galexia prepared an assessment for the Victorian Department of Innovation, Industry and Regional Development (DIIRD) on issues associated with cloud computing and issues concerning potential outsourcing and off-shoring of data.
In 2010 Galexia provided an update to reflect further expansion of the project.
Galexia contributes to new research on privacy complaints in the communications sector - September 2010
|
On 14 September 201 a new research report: Connolly, C and Vaile, D. Communications privacy complaints: in search of the right path was launched by the Australian Communications Consumer Action Network (ACCAN).
The research for the report was a joint effort between Galexia and the Cyberspace Law and Policy Centre.
External link:
- The full reports are available at:
http://www.cyberlawcentre.org/privacy/ACCAN_Complaints_Report/report.pdf
Galexia presented at the Privacy Laws & Business 23rd Annual International Conference - 14 April 2010
|
Galexia Director, Chris Connolly, presented at the Privacy Laws & Business 23rd Annual International Conference in Cambridge, UK, from 5-7 July 2010. Chris’s presentations covered:
- Benchmarks for Privacy Trustmarks: An analysis of the challenges facing trust schemes in Australia, Japan, Mexico, Singapore, Thailand; and
- The United States and The Future of the EU/US Safe Harbor Privacy Framework: Can it be improved or does it require a complete overhaul?
Galexia has previously conducted research into trustmark schemes and the Safe Harbor privacy framework.
Related links:
- Galexia's report: Trustmark Schemes Struggle to Protect Privacy »
- Galexia's report: The US Safe Harbor - Fact or Fiction? »
External links:
Malaysia Parliament passes Personal Data Protection Act - 5 April 2010
|
Malaysia’s lower house (Dewan Rakyat) has passed the Personal Data Protection Act 2009. The Act introduces protections for personal information, including requirements of and restrictions on private sector data users and rights of data subjects. The Act will also create a Personal Data Protection Commissioner, an advisory committee, and an appeals tribunal.
Related links:
External links:
Galexia prepares submission on consumer fairness tests for ACCAN - 5 March 2010
|
On behalf of ACCAN, Galexia prepared a submission to the Expert Panel On Franchising And Unconscionable Conduct, established by the Government following a parliamentary inquiry into provisions of the Trade Practices Act 1974 that prohibit unconscionable conduct.
The submission proposes to reform Australia’s consumer laws by inserting a new fairness test into Section 52 of the Trade Practices Act (and all legislation that mirrors that test). This would result in Section 52 prohibiting ‘conduct that is unfair or misleading, or conduct that is likely to mislead or be unfair’.
Related links:
External links:
- ACCAN home page (external site) »
- Unconscionable conduct issues paper at The Treasury (external site) »
- Government response to the inquiry at The Treasury (external site) »
Galexia director Chris Connolly speaking at Asia-Pacific privacy seminar - 2 March 2010
|
Galexia Director, Chris Connolly spoke at Privacy in the Asia-Pacific: 2010 Update A comprehensive survey of privacy and data protection in the region on 2 March 2010. The seminar was part of the Continuing Legal Education seminar series run by the Faculty of Law at the University of New South Wales.
Chris discussed the overlap between regional privacy developments and global privacy standards.
Related Galexia Reports:
- Galexia Report: Benchmarks for Global Privacy Standards »
- Galexia Report: Asia-Pacific Region at the Privacy Crossroads »
External links:
Asia-Pacific privacy advocates and academics: Professor Lee Bygrave, Professor Paul Roth, Dr Sinta Dewi Rosadi, Associate Professor Fumio Shimpo, Professor Whon-il Park, Professor Dennis T.C. Tang, Professor Colin Bennett, Professor Abu Bakar Munir, Ms Katrine Evans, Mr Iwan Setiawan, Mr Nigel Waters, Assistant Professor Pirongrong Ramasoota, Mr Chris Connolly, Mr Claro Parlade, Mr Edward Santow, Professor Roger Clarke, Mr David Vaile, Ms Robin Bayley, Professor Graham Greenleaf.
Galexia prepares draft interoperability principles for ACCAN - 2 March 2010
|
Galexia is preparing a report on interoperability for the Australian Communications Consumer Action Network (ACCAN), including a set of draft interoperability principles. Interoperability, in many systems, can provide a number of benefits for consumers, including reduced cost, increased functionality, and increased competition.
ACCAN will present the report to COPOLCO, the Consumer Policy Committee of the International Standards Organisation (ISO).
Related links:
External links:
Galexia interviewed by Privacy Laws and Business International Journal on the US Safe Harbor and recent actions by the FTC - 26 February 2010
|
Chris Connolly has been interviewed for the Privacy Laws and Business International newsletter, discussing the recent action taken by the US Federal Trade Commission against six organisations who falsely claimed membership of the US Safe Harbor.
Prior to the FTC action, Galexia published a report highlighting the problem of false membership claims and data accuracy of the Safe Harbor list. The report was published in Privacy Laws and Business International, and is available from Galexia’s website.
Related links:
External links:
- Privacy Laws and Business International (external site) »
- FTC news release concerning Safe Harbor action (external site) »
Galexia report on public information on credit reporting - 16 February 2010
|
Galexia has prepared a report for Veda Advantage on consumer information about credit reporting. The report recommends key consumer education requirements in the lead-up to the reform of Australia’s credit reporting and privacy laws (expected in 2011).
Related links:
External links:
Galexia and Qubit Consulting conduct IDM upgrade for the University of Western Sydney - 25 January 2010
|
Galexia and Qubit Consulting have implemented a major new identity management solution for the University of Western Sydney. Galexia assisted with the design, development and implementation of automated provisioning, password synchronisation and data cleansing for University staff and students.
Related links:
Galexia and CHOICE prepare submission to superannuation review - 18 December 2009
|
On behalf of CHOICE, Galexia prepared a submission to Phase 2 of the Super System Review (the Cooper Review). Phase 2 of the review deals with the operation and efficiency of Australia’s superannuation system.
The submission focuses on a small number of key areas where reform is most needed:
- Increasing the amount and quality of comparative data available to consumers;
- Removing the bias that results from sales commissions to advisers when recommending a superannuation fund to consumers;
- Introducing measures to decrease excessive fees and charges, including a new ‘fee target’ of 1%; and
- Introducing measures to reduce the number and impact of inactive and lost accounts.
Related links:
External links:
- Super System Review website (external site) »
- CHOICE's submission at the Super System Review website (external site) »
Galexia contributes to the Oxford Australian Law Dictionary - 17 December 2009
|
Galexia has contributed to the Australian Law Dictionary 2010, published by the Oxford University Press. The Australian Law Dictionary is a current and conceptually new dictionary of Australian legal terms designed as a practical and helpful resource for law students and practitioners. Galexia provided the definition of ‘privacy’ along with several related terms.
External links:
Legal Information Access Centre publishes Galexia’s Hot Topic on Cyberlaws - 1 December 2009
|
Galexia has prepared a ‘Hot Topic’ for the Legal Information Access Centre (LIAC). The Hot Topic is concerned with cyberlaws, covering key Australian and international laws, conventions, and guidelines as well as emerging trends and recent developments on:
- Accessibility;
- Domain Names;
- Copyright;
- Contracts;
- Defamation;
- Content Regulation;
- Privacy and Spam;
- Social Network Sites;
- Consumer Protection; and
- Cybercrime.
LIAC’s Hot Topics is a series of plain-language publications about key areas of law. Four issues are published each year, and are available by subscription or through public libraries in New South Wales. Older issues are available directly from the LIAC website.
External links:
Galexia prepares privacy analysis of Salesforce CRM - 17 November 2009
|
Galexia has prepared a Privacy Impact Assessment (PIA) of Salesforce Customer Relationship Management system (CRM). Salesforce CRM offers to simplify interactions between companies and their clients through its ´cloud services’, but such a system inevitably raises privacy concerns as client data is controlled by a third party.
Galexia and Qubit Consulting conduct IDM upgrade for the University of Sydney - 5 November 2009
|
Galexia and Qubit Consulting have conducted a major upgrade of identity systems for the University of Sydney. Galexia assisted with the development and implementation of a security and provisioning solution for University staff and students.
Related links:
Galexia prepares working draft of Benchmarks for Global Privacy Standards - 3 November 2009
|
Galexia has prepared a working draft of proposed benchmarks for Global Privacy Standards. The proposed benchmarks are designed to provide a basis for assessing the numerous proposed global privacy standards which have recently emerged.
The release of the working draft comes as Civil Society representatives meet at The Public Voice: Global Privacy Standards for a Global World in Madrid to discuss international privacy developments, including global privacy standards, and the release of the Civil Society declaration Global Privacy Standards for a Global World.
Comments on the working draft are welcome, and can be sent to [email protected].
Related links:
External links:
- The Public Voice: Global Privacy Standards for a Global World (external site) »
- The Madrid Declaration: Global Privacy Standards for a Global World (external site) »
Galexia publishes submission to the DBCDE Do Not Call Register Statutory Review - 20 October 2009
|
Galexia has published its submission to the Department of Broadband, Communications and the Digital Economy (DBCDE) review of the Do Not Call register and its associated legislation, the Do Not Call Register Act 2006 (Cth).
The submission raises particular concerns about the ways in which consumers might be taken to have expressed their consent to receive marketing calls, the current three-year registration period, the scope of exemptions in the Act, compliance, and the possibility of industry codes focusing on low-priority issues at the expense of the simplicity and effectiveness of the Register.
Galexia has previously conducted an analysis of the Australian Do Not Call Register and similar international systems, highlighting emerging best practices and the issues affecting the operation of these systems.
Related links:
- Submission in response to the Do Not Call Register Statutory Review »
- Emerging Best Practice in Do Not Call Registers »
External links:
Galexia completes PIA for Victorian Department of Innovation, Industry and Regional Development - 1 October 2009
|
Galexia recently completed a Privacy Impact Assessment (PIA) for the Victorian Department of Innovation, Industry and Regional Development concerning a proposed client data management system. The PIA raised issues of data security and transborder data flows, public perceptions and governance.
The project made use of Galexia’s Victorian PIA template, tailored to Victoria’s privacy law and the Privacy Impact Assessment Guidelines of the Victorian Privacy Commissioner.
Related links:
Galexia develops Victorian Privacy Impact Assessment template - 21 September 2009
|
Galexia has developed a Privacy Impact Assessment (PIA) template tailored to the privacy requirements under Victoria’s Information Privacy Act 2000 and the Victorian Privacy Commissioner’s Privacy Impact Assessment Guidelines. Our Victorian PIA template complements our Commonwealth and New South Wales PIA templates.
Galexia’s PIA templates are the result of our extensive experience in delivering PIAs and have been used in some of the largest and most complex PIAs in Australia. They ensure that our clients receive a PIA based on a well-tested and well-regarded methodology.
First US Prosecution for false web claim of Safe Harbor status - 11 September 2009
|
The California-based company Balls of Kryptonite has become the subject of the first complaint against a company for falsely claiming membership of the US Safe Harbor Principles.
The Safe Harbor Privacy Principles were developed to allow the export of personal information from the EU to the US, in the absence of any US laws meeting the EU ‘adequacy’ requirement of the EU Data Protection Directive 95/46/EC. The Safe Harbor is a voluntary arrangement; organisations wishing to receive personal information from the EU must self-certify to the Department of Commerce that they comply with the Principles. At present, no law expressly prohibits falsely claiming membership of the Safe Harbor; any prosecution must rely on more general prohibitions against, for instance, deceptive or misleading conduct.
A 2008 study by Galexia found over 200 organisations which claimed to have self-certified were in fact not members of the Safe Harbor.
Related links:
Related links:
- The US Safe Harbor Privacy Principles (external link) »
- The FTC Action entry for the Balls of Kryptonite complaint (external link) »
Galexia publishes international analysis of Do Not Call Registers - 8 September 2009
|
Do Not Call Registers have grown in popularity and are starting to deliver real privacy benefits for consumers. After some initial teething problems, they appear to be working well, with large numbers of registered consumers and numerous examples of enforcement action.
Chris Connolly and Amy Vierboom have published a comparison of the Do Not Call Registers of Australia, Canada, India, Spain, the United Kingdom and the United States. The article compares the functions and sizes of these Registers, and highlights emerging best practices and issues affecting their operation.
Browse online
- Title page
- Contents
- 1. Introduction
- 2. Comparative Analysis
- 3. Best Practice Recommendations
- 4. Emerging Issues
- 5. Conclusion
- 6. Summary Table
ACCAN releases Galexia research on Customer Service Charters in the Australian Telecommunications Sector - 25 August 2009
|
The Australian Communications Consumer Action Network (ACCAN) has released the final report for a research project, conducted by Galexia, on Customer Service Charters in the Australian Telecommunications Sector.
Galexia prepared an analysis of customer service charters in the telecommunications industry, compared with consumer codes. The analysis covered best practice consumer protection in Australia and internationally.
A key finding from the ACCAN Customer Service Research Report is that consumer charters are not effective and the industry proposals used to solve their problems through customer charter is a dead-end.
Related links:
- View the full research report »
- View ACCAN's press release (138KB PDF) »
- Read more about Galexia’s work with ACCAN »
External links:
ACCAN releases Galexia research on Informed Consent in the Australian Telecommunications Sector - 21 August 2009
|
The Australian Communications Consumer Action Network (ACCAN) has released the final report for a research project, conducted by Galexia, on informed consent in the Australian telecommunications sector.
Laws and codes of conduct set out only limited and inconsistent requirements to obtain informed consent, and industry practice varies greatly in the amount of information provided to consumers about telecommunications products.
The report also finds that industry practice often fails to address the additional complexities in obtaining informed consent from specific consumer categories, including people with disabilities, indigenous consumers, young people, and culturally and linguistically diverse consumers.
Related links:
- View the full research report »
- View ACCAN's press release (151KB PDF) »
- Read more about Galexia’s work with ACCAN »
External links:
eCrime symposium - 4 August 2009
|
Galexia Director Chris Connolly took part in a panel discussion at the 2009 eCrime Symposium. Chris discussing the legal roles and ethical boundaries for organisations in combating electronic crime, and in particular the EU Cybercrime Convention.
External links:
Galexia complete facial recognition PIA for NSW Roads and Traffic Authority - 1 August 2009
|
Galexia has completed a privacy impact assessment for the proposed NSW Roads and Traffic Authority (RTA) facial recognition system.
Related links:
External links:
CHOICE submission on consumer code development processes - 2 June 2009
|
CHOICE has published its submission to the Australian Government’s review of the consumer-related industry codes development process. The submission calls for
- An articulation of high-level code content principles in legislation;
- Power for regulators to be able to initiate code development (rather than only the industry);
- Requirements for the constitution of code development bodies (including a requirement for consumer representatives, and a mechanism for breaking deadlocks);
- Code monitoring and enforcement requirements;
- Code review requirements; and
- External dispute resolution requirements.
In preparation for the submission, Galexia provided CHOICE with a survey of key consumer code approval processes in use in Australia - those of the Australian Competition and Consumer Commission (ACCC), the Australian Securities and Investments Commission (ASIC), the Office of the Privacy Commissioner, and the Australian Communications and Media Authority (ACMA).
Related links:
External links:
- Read CHOICE’s submission (external site) »
- Review of consumer-related industry code processes at DBCDE (external site) »
Galexia has published an article on Privacy White Lists - 2 June 2009
|
Privacy white lists are published by trustmark schemes to help identify which organisations have been certified as compliant members of their scheme. If an organisation is on the list a consumer may have an increased level of confidence that they will be covered by the rules of the trustmark scheme, including privacy protection and dispute resolution. Consumers can also use the white lists to check that the use of the trustmark is valid, as a significant proportion of trustmarks that appear on websites are often fake or expired.
There is a trend towards the global expansion of white-lists and there is a proposal to develop an APEC white-list of organisations that comply with the APEC Privacy Framework Cross Border Privacy Rules.
This article summarises a Galexia study of white lists published by trustmark schemes. (Surprisingly, not all trustmark schemes publish white lists). The study only examined white lists where the trustmark operators claim that organisations on the lists have passed strict verification of privacy protection standards. Also, the study only examined white lists that have some form of Government backing, oversight or approval. Only six white lists are published that meet all of these criteria, and the Galexia study excluded one white list (ESRB) because it was limited to one very specific type of product (computer games).
The study found that privacy white lists contained an alarming proportion of inaccurate and out of date information. Depending on the trustmark scheme administering the white-list, between 22% and 73% of information is inaccurate or out of date.
This article was published in Privacy Laws and Business International, issue 98, April 2009.
Browse online:
Government to expand the Do Not Call Register - 29 May 2009
|
In its 2009-2010 budget, the Federal Government allocated AU$4.7 million over four years to the expansion of the Do Not Call Register. The expansion will allow small businesses and emergency services to register, thus prohibiting telemarketing and fax marketing companies form contacting them.
The Department of Broadband, Communications and the Digital Economy (DBCDE) released a discussion paper and called for submissions on the possible expansion in 2008. Galexia’s submission is available via the link below.
Related links:
External links:
- Budget 2009-2010: Expense measures for Broadband, Communications and the Digital Economy (external site) »
- Do Not Call Register (external site) »
ACCAN and customer service charters in the telecommunications sector - 27 May 2009
|
Galexia is preparing a report on Customer Service Charters and Consumer Codes in the Telecommunications Sector for the Australian Communications Consumer Action Network (ACCAN), a government-sponsored peak consumer representative organisation.
The report has been completed and will be launched by the Minister for Broadband, Communications and the Digital Economy in the near future.
Related links:
ACCAN and informed consent in the telecommunications sector - 26 May 2009
|
Galexia is preparing a report on Informed Consent in the Telecommunications Sector for the Australian Communications Consumer Action Network (ACCAN), a government-sponsored peak consumer representative organisation.
The report examines ‘informed consent’ in Australian law, particular measures used to inform consumers, and special issues of informed consent for consumers from culturally and linguistically diverse groups.
The report has been completed and will be launched by the Minister for Broadband, Communications and the Digital Economy in the near future.
Related links:
Government releases draft National Consumer Credit Reform Package - 28 April 2009
|
The Australian Commonwealth government has released a package of draft legislation for National Consumer Credit Reform, aimed at strengthening and consolidating Australia’s consumer credit laws.
Specific reforms include:
- Registration and licensing of credit organisations (including the introduction of an Australian Credit License);
- Responsible lending practices;
- Sanctions and remedies (to be administered by the Australian Securities and Investments Commission); and
- Reforms of dispute resolution and court mechanisms.
Galexia has worked closely with both industry and consumer groups on credit and consumer issues:
- Review of the proposed Credit Reporting Code of Conduct »
- Credit Reporting Framework - Submission to Australian Law Reform Commission Discussion Paper 72 »
- Consumer Protection in Telecommunications »
External links:
Galexia news available via RSS - 24 April 2009
Galexia news is now available as an RSS feed. To subscribe, click on the RSS logo or copy the address http://www.galexia.com/public/news.xml into your RSS reader.
Galexia news covers key developments in privacy, electronic commerce, and identity and authentication management in Australia and the Asia-Pacific region, along with news about Galexia’s work.
RSS feeds allow you to track news and updates on websites without having to visit the website in your browser. There are several ways to follow RSS feeds:
- Web browsers: current browsers like Internet Explorer (7+), Firefox (2+), Opera (9+) and Safari (2+) include built-in feed readers. Follow the link to the feed to view the news stories or subscribe.
- Websites: there are online tools for aggregating feeds into a single page, useful if you use multiple computers. Popular sites include Bloglines, NewsGator, Google Reader, Netvibes and MyYahoo.
- Feed reader software: You can install stand-alone programs to run from your desktop to read feeds. A typical Windows program is Feed Demon. There are many others listed at Wikipedia's RSS Reader entry.
- Email software: Email clients like Microsoft Outlook 2007 and Mozilla Thunderbird include feed reader features.
Australia to adopt the UN Convention on the use of Electronic Communications in International Contracts - 23 April 2009
|
Ministers at the Standing Committee of Attorneys-General meeting in April 2009 have agreed that the electronic commerce laws of Australia’s states and territories should be amended to allow Australia to adopt the United Nations Convention on the use of Electronic Communications in International Contracts.
The Convention sets out principles for the legal recognition of electronic communications, the nature of offer and acceptance in electronic contracts, the time and place of dispatch and receipt of electronic communications, the use of automated systems in contract formation, and errors in electronic communications.
As at April 2009, 18 countries have signed the Convention.
Galexia has written and worked extensively on electronic contracting issues in Australia and internationally, most notably assisting the ASEAN Member Countries in harmonising their electronic commerce laws and preparing an analysis of regional harmonisation of electronic commerce laws for the UN Conference on Trade and Development (UNCTAD).
Related links - Galexia’s publications on the Conventions and Australia’s electronic contracting laws:
- United Nations Convention on the Use of Electronic Communications in International Contracts (UNECIC) - Colloquium - Articles 19 and 20 (Declarations) »
- UN Convention on the use of Electronic Communications in International Contracts to come into force »
- First UN Convention on E-Commerce Finalised »
- UN Releases New International Convention on Electronic Contracting »
- Fantastic Beasts and Where to Find Them - A Guide to Exemptions in the Electronic Transactions Act (ETA) in Australia »
Related links - Galexia’s work on electronic contracting and e-commerce:
- Harmonisation of E-Commerce Legal Infrastructure in ASEAN Project »
- Galexia’s analysis for UNCTAD’s Information Economy Report 2007-2008 »
External links:
- Standing Committee of Attorneys-General (external site) »
- The Convention at the United Nations Commission on International Trade Law (external site) »
Department of Broadband, Communications and the Digital Economy (DBCDE) releases issues paper on consumer codes in telecommunications - 31 March 2009
|
The Department of Broadband, Communications and the Digital Economy (DBCDE) has released an issues paper on the processes involved in developing self-regulatory consumer codes in the telecommunications sector. The issues paper makes a number of references to Galexia and CHOICE’s joint paper Consumer Protection in the Communications Industry: Moving to best practice.
The release follows a number of government initiatives aimed at reforming the industry:
On 31 March 2009, Senator Stephen Conroy, Minister for Broadband, Communications and the Digital Economy, announced that the Australian Government would undertake a review of the processes associated with developing consumer-related industry codes, as specified under Part 6 of the Telecommunications Act 1997.
DBCDE has invited the public to make submissions on the issues paper by 15 May 2009.
Related links:
External links:
Australasian Retail Credit Association Credit Reporting Code - March 2009
|