Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2017
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Final Version of 12 November 2009
Comments on Receipt of the Australian Privacy Medal
awarded by the Privacy Commissioner - 12 November 2009
Here is the Nomination Form and the presentation by the Minister Joe Ludwig and the report in The Australian IT Section, mirrored here
Roger Clarke **
© Xamax Consultancy Pty Ltd, 2009
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/DV/APM-091112.html
One of the many important facets of privacy is the recognition that each of us has multiple identities. We mostly like to keep those identities separate from one another. But, as a contribution to the evening, I thought I should ask several of my personas what they thought about being nominated for this Medal.
My ego is represented by my mother. She's proud of me. And she's delighted that the time and energy I've invested in this area over 35 years is appreciated.
For a researcher, only a few forms of positive feedback matter. Most of my publications are in Information Systems and eBusiness. But for my 36 refereed papers on privacy topics, Google Scholar shows well over 1,000 citations. Cumulative downloads of those papers are perhaps 5 million and are running at 350,000 p.a. That's pretty competitive on the world stage, so the Researcher in me feels vindicated.
But, with so few formal Awards available to win in new disciplines like Information Systems, this Medal is likely to help with the dissemination of ideas. So the Researcher in me is pleased to be recognised.
The advocate in me, however, is a lot more circumspect.
Corporations and government agencies have become habituated to hands-off stances by parliaments and by regulators. Instead of looking for real understanding of privacy issues, and real solutions, organisations get away with investing in image.
Public thoroughfares are being converted from anonymous use to identified use, and not one Privacy or Human Rights Commissioner takes any interest in the matter.
Law enforcement agencies, working through Crimtrac, regard the building of a national vehicle surveillance database as being unthreatening to democracy. So they play the public for fools, and simply get on and do it.
Organisations demand access to body fluids and measurements of people's bodies, on the flimsiest of excuses, and in the absence of any effective regulatory framework.
Media empires refuse to establish a body of principles to guide the collection and publication of personal data. Instead, they conduct propaganda campaigns against a privacy right of action.
Complaints-handling by regulators is subject to long delays. And the eventual reply is full of complex legalese used to justify taking no meaningful action.
The ALRC Report's recommendations were a long way from what advocates sought. Yet the recent response of the Government, or at least of the public servants who have the pen in their hands, permits unfettered off-shoring of the personal data of Australians, as organisations see fit.
Meanwhile, public interest representatives and advocates are kept at arms-length. Terms like 'the same old faces' are frequently heard.
Organisations as diverse as the Department of Human Services, the ABC, the National eHealth Transition Authority, and the major banks, act as though advocates had horns on their heads, and do everything they can to avoid engagement.
I've been involved in advocacy in this area since 1972. Until the mid-1980s, I worked on behalf of the professional body, the Australian Computer Society. My purpose was ensure that the seemingly inevitable privacy statute was balanced and not unduly onerous.
Since the first of the long series of attempts to introduce a national id scheme in 1985, my work has been primarily through the Australian Privacy Foundation. I know the advocates. They all wear suits. They're so conservative that they didn't let me have a turn as Chair until 20 years after the APF was formed. Advocates don't have horns.
Given the sorry state that privacy protection in Australia is in, the advocate in me sees a medal that is less burnished, and more tarnished.
My other relevant persona is what I call a 'competency-based consultant'. From that perspective, 'any publicity is good publicity', and 'an Award's an Award', so maybe there's some way to leverage off it.
Most of my consultancy work is in eBusiness, but 20% is in privacy strategies, privacy issues analyses, and privacy impact assessments. I've written sets of PIA guidelines, including for the UK government.
The one-line message is this.
You and your organisations need to get out ahead of the game.
It may seem fine to adopt a reactive stance, to lie low in order to create a small target, and to wait and see if privacy problems happen. It's fine, until you get caught out. Because then the party gets rough, and then you get stampeded into unwise media responses based on zero strategy and zero preparation. My epithet for this phenomenon is 'privacy doesn't matter, until it does'.
Debacles like the Access Card happen when public servants are allowed to get utterly out of touch with the real world. (The Minister would be pleased if I would point out that that debacle was achieved by the previous Government).
Tenderers (in that case, scores of them!) failed to ask the right questions, simply because the dollar signs looked so inviting. There will be more, massive disappointments, not least in the eHealth arena, because lessons aren't being learnt.
PIAs are central to this, because PIAs are fundamentally exercises in risk management. To avoid problems, and to come up with future-proof designs, get the public involved early. Get the consumer reps and privacy advocates inside the door. Learn from them.
Get them pregnant enough that they'll feel it's dishonourable to attack you when your scheme goes live, even if its privacy profile drops a bit short of what they thought you were going to do.
There are plenty of 'brand-name consultancies' out there. And, in recent years, a few new faces have joined 'the usual suspects'. Brand-name consultancies will conclude prettymuch whatever you'd like them to conclude. But some organisations are interested in real understanding and real solutions, rather than just 'marketing communications'.
So ... the consultant in me has some hopes that this Award might stimulate privacy business of the right kind.
Many organisations may lack the confidence to hire a consultant who has as many personas as I've got. But there are several other 'competency-based privacy consultants' in the country, and if this conversation results in additional meaningful assignments landing on their plates, then this consultant can see in this Medal a little less tarnish and a little more burnish.
I apologise to the Privacy Commissioner. I apologise for putting her to the expense of casting four medals, one for each of my identities.
I thank my nominators. And I thank the sponsors.
And I thank the Privacy Commissioner and the Selection Committee firstly for considering me for this Medal, and, secondly, in full knowledge of what my advocate persona thinks of the situation, awarding it to me.
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in the Cyberspace Law & Policy Centre at the University of N.S.W., a Visiting Professor in the Department of Computer Science at the Australian National University, and Board member of the Australian Privacy Foundation since its inception in 1987, and currently its Chair.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 9 November 2009 - Last Amended: 13 November 2009 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/DV/APM-091112.html