Apparently the people that influence Australia's privacy laws do, which is why the government has given itself four years, or until 2012, to start reviewing the Australian Law Reform Commission's recommendation to include "mandatory" data breach notification measures in Australia's Privacy Act.

In the meantime Australians will have to settle for softer initiatives, like the Office of the Privacy Commissioner's (OPC) Privacy Awareness Week, which recognises "good" privacy practices by organisations, but doesn't ferret out bad security and privacy practices.

In this state of affairs, if Australian Customs were to suffer a breach where people disguised as EDS staff stole two mainframes from its high security centre, which also contained sensitive details about you, Customs won't tell you.

Until 2012 we can celebrate privacy while the US clocks up another two billion data breach notifications — the number of notices issued to its citizens since 2002, Microsoft's chief privacy officer Peter Cullen tells me.

The first areas of the Privacy Act the government has promised to tackle are health information and privacy, which is sensible since health costs impact the public purse more than anyone's right to know when your personal information is exposed.

Data security and its relationship to privacy has been put on the back burner due to one fact: no one, not the ALRC, not politicians, not the Privacy Commissioner, and especially not the public, have the foggiest idea about the extent to which data breaches have affected Australians.

We could be lucky, or perhaps have supreme intellects, which has helped Australia avoid HMRC-style mass breaches that exposed 25 million UK citizens' personal records. The Australian Taxation Office at least recognised the reality of the risk. The HMRC breach inspired a security review that found overall good practices, but significant security holes which could result in a data breach.

This was quite rare indeed. According to a recent survey by analyst firm Intelligent Business Research Services of 99 local IT managers — half came from organisations with more than 1,000 staff — many organisations could haemorrhage data without realising it, just like TJX. Asked "How would you know if an unauthorised person were to access sensitive data?", 45 per cent agreed "It's possible we would not know if this occurred".

So that's the situation. The politicians don't know, organisations that hold your information don't know and the pubic doesn't know. If ignorance is bliss, then who the bloody hell am I to question Australia as being the lucky country?

She will, as we say, be right.

Comments (7) | Email this

Share: Google | Facebook | del.icio.us | Digg | Reddit | Slashdot | StumbleUpon

• Google defends privacy credentials
• Microsoft slams Google on privacy
• Why I hate the Privacy Commissioner's office

People fear the consequences of information falling into the wrong hands and therefore, quite rightly, feel the need to defend privacy. But could that "fear", as one doctor calls it, be stopping information reaching hands that could heal us?

This week the Victorian government announced it will pay Deloitte AU$1.3 million to develop an Australia-wide e-health strategy, to introduce online referrals, e-prescribing, and electronic health records.

It sounds like a good idea but it will be interesting to see what impact it will have on the adoption of electronic health records in Australia. Medical professionals appear to want to be able to use electronic records but current privacy laws are preventing it.

"If you go from one hospital to another, the only way your data is going to get from one to the other is if the doctor writes a letter. And there is no electronic sharing whatsoever," said Dr Marienne Hibbert, director of the cancer research project, Biogrid — also part-funded by the Victorian government.

Due to what she believes are fears about privacy, Australian clinicians — at least those participating in the Biogrid project who treat cancer patients — are hamstrung in their efforts to use widely-dispersed information in order to improve the lives of patients, and it's all due to privacy.

"There's a real danger of privacy being too protected — it's people's perception of the risk... It's way out of... Well, it's fear," she said. "If people weren't worried, for a start, I think there'd be much more sharing of patient data for clinical use."

Biogrid currently pulls together de-identified cancer patient data, sourced from over 30 hospitals in Australia, New Zealand, the US, UK, Brazil and Malaysia.

But while researchers are able to learn from anonymised data collected in the Biogrid project, the clinicians who treat patients are unable to make use of it — primarily because the information needs to be attached to a patient's name to be useful. What could be achieved if this were permitted has implications that are far reaching and quite immediate for cancer treatment, according to Hibbert.

"[Biogrid] is research and we can actually integrate data much more effectively than is available for clinical care.

"My clinicians that are involved in this are really frustrated about not having any way of viewing identified clinical information across sites," she said.

If there was a way of providing a "secure and protected" view of cross-site identified information — say across a single tumour stream — clinicians, who are often dispersed amongst several hospitals, could improve their management of cancer treatment.

"Cancer patients are coming and going all the time, they often have had surgery at one site, oncology at another and then radiotherapy elsewhere. If you can provide the clinical view to the clinicians, that would be really helpful. Doctors get so frustrated because they don't have that combined view," said Hibbert.

It's a bit hard to say that if doctors could access identified information from other sites it would reduce the number of cancer related deaths in Australia but it would seem the logical — especially if we are to believe the government's message that the fight against cancer will be won by early detection and surveillance.

But cancer research and saving lives is not the only thing that's being held back. Today, Australians would be hard pressed to use services such as Google Health and Microsoft's Health Vault since the only copy they likely have of their medical history is stuck in their head.

Where is your medical history stored?

Comments (6) | Email this

Share: Google | Facebook | del.icio.us | Digg | Reddit | Slashdot | StumbleUpon

• National e-health vision unleashed in September
• SA health to cut errors with $4.4m pharma system
• National health database every integrator's dream
• Google CEO coughs up Australia Health plans