Speakers
Synopsis
On the rise in Australia is a need for the courts to understand whether organisations have taken reasonable steps to secure personal information through its lifecycle - that is, from the time the information is collected to the time it is de-identified or destroyed.
An expert witness who possesses specialist knowledge, skill, training, or experience in privacy and information security may be called upon to analyse complex data privacy issues, assess the adequacy of privacy policies and practices, and offer opinions on whether an individual's privacy rights have been sufficiently protected (or, conversely, violated) by an organisation.
Nicole reflects on her experience as an expert witness on application of the 'security principle' embedded in Australian federal, state and territory privacy (and related) laws.
She explains the meaning of 'reasonable steps' and discusses the administrative, technical and physical measures that may evidence whether organisations have applied appropriate and diligent standards of care and compliance in a circumstance. She also shares her 'privacy rule of thumb' for organisations tasked with securing sensitive personal information in digital and other environments.
