Collaborating Authors

Test and Trace program skipped GDPR privacy assessment


The government has conceded that it launched an England-wide Test and Trace program without completing the expected privacy checks. The scheme has been running since the end of May without a Data Protection Impact Assessment (DPIA), which is a process required by GDPR for any project that poses a high risk to the personal data of the people involved. A DPIA is designed to identify and minimize the data protection risks of a project. But when the Test and Trace program started, reports soon emerged that the assessment had not been duly carried out by the government. The public health scheme identifies all the people who have been in contact with a person who has been diagnosed with coronavirus, and collects personal information such as names, sex, postcodes, email addresses and telephone numbers.

Laws allowing release of veterans' private data to be scrutinised following Centrelink case

The Guardian

Proposed laws allowing the government to release veterans' personal information to publicly correct "misinformation" will undergo an independent privacy assessment. The government's bill, which passed the lower house with bipartisan support last week, would allow the Department of Veterans' Affairs to disclose personal information in limited circumstances, including to counter "misinformation in the community" or "mistakes of fact". That appears to allow for the release of the private information of veterans if they criticise the government in a way that undermines confidence in its services. Concerns have since been raised by veterans' groups about the proposal. Labor has also signalled it may withdraw its support for the bill, saying the government's use of welfare recipients' private details shows it cannot be trusted with such powers.

Combining Privacy and Security Risk Assessment in Security Quality Requirements Engineering

AAAI Conferences

Functional or end user requirements are the tasks that the system - Protection and control of consolidated data under development is expected to perform. However, nonfunctional - Data retrieval requirements are the qualities that the system is - Equitable treatment of users to adhere to. Functional requirements are not as difficult - Data retention and disposal to tackle, as it is easier to test their implementation in the - User monitoring and protection against unauthorized system under development. Security and privacy requirements monitoring are considered nonfunctional requirements, although in many instances they do have functionality. To identify Several laws and regulations provide a set of guidelines privacy risks early in the design process, privacy requirements that can be used to assess privacy risks. For example, engineering is used (Chiasera et al. 2008). However, the Health Insurance Portability and Accountability Act unlike security requirements engineering, little attention is (HIPAA) addresses privacy concerns of health information paid to privacy requirements engineering, thus it is less mature systems by enforcing data exchange standards.

China to set assessment measures to regulate data sent abroad by cars


BEIJING, Oct 11 (Reuters) - China, the world's biggest auto market, said on Monday it will roll out assessment measures to regulate data sent abroad by vehicles, as the country steps up efforts to protect data and privacy. As cars become'smarter' with more in-car entertainment, information and autonomous driving functions, automakers and tech companies are gathering more data from vehicles, raising privacy and security concerns. China's Ministry of Industry and Information Technology did not offer details about how the assessment would be done. According to current rules, auto companies cannot export key vehicle data abroad unless they obtain approval from regulators. The ministry said regulators will improve monitoring of vehicle data security and encourage telecommunication companies to invest more in cyber security technologies.



Click to learn more about author Cathy Nolan. What is a Privacy Impact Assessment? A Privacy Impact Assessment, or PIA, is an analysis of how personally identifiable information (PII) is collected, used, shared, and maintained. If your organization needs to comply with the GDPR, a PIA will demonstrate that program managers and system owners have consciously incorporated privacy protections throughout the development life cycle of a system or program. Since one of the stipulations of the GDPR is a requirement that the design of systems and processes are required to have the principles of data protection "built-in" from the beginning of a project, doing a PIA becomes a necessity rather than a "nice to have".