28 ways you may be losing your privacy. How to protect it online and in real life

...Those who surrender freedom and privacy for convenience and security will have neither.

Have you ever found it annoying that too often it is impossible to do something basic without compromising your privacy? With alarmingly increasing frequency, people have to give out their name, address, email, phone number, fill a form, create an account, subscribe, register, enrol, join, or become a member when it is completely unnecessary or irrelevant to the service in question. For many privacy-conscious customers such attempts to harvest their personal data are one of the main reasons for walking away, seeking the same goods or services elsewhere, or rethinking the need for the service altogether. The good new though, the more people vote with their feet, wallets and votes, the sooner businesses and government departments will get the message that their invasion of privacy has gone too far.

One may not realise, but we are making decisions about our privacy all the time. Whether we are shopping, using bank cards, applying for a job, using social media, participating in a survey, using government services, or being pestered by direct marketing — anything that wants or has our personal information, has a potential to misuse that information, deliberately or out of simple negligence. In today's world of digital technologies, information became a valuable asset: it is worth big money, it brings more money, and that is the main reason why we are pushed to give out our personal information more often than ever. The rapid development of information technologies also made identity theft and fraud easier than ever, yet, unfortunately the frequent, excessive and often unnecessary collection of personal information by government institutions and private enterprises left people vulnerable to scam and identity theft. That is why we can never be too vigilant and cautious with our personal data.

Identity theft, fraud, blackmail, scam, manipulation, and many other crimes are only possible because someone obtained personal, private or sensitive information about another person. Most victims do not disclose their personal information willingly, knowingly or directly. The data is usually stolen, misplaced, misguarded, misused, or wasn't properly disposed of by someone else who was trusted to hold that information. There is no such thing as an absolutely secure system. Nobody can guarantee that their network or database will never be broken into by hackers, or that all their employees are diligent and sufficiently trained in data security. The only sure way to guarantee privacy and security is to not collect personal information in the first place: one can't lose what they never had. Which means that:

  1. Government agencies, departments and contractors, and also private companies and corporations should not ask people to disclose their personal information unless it is absolutely necessary and there is no possible way to do whatever they are doing without every single piece of the information they are asking for.
  2. As the former is not likely to happen (actually, the contrary is happening and is getting worse), every individual should safeguard their own privacy as much as possible and not hesitate to ask why each bit of their personal information is required in each case.

The following list of privacy “holes” is most relevant to Australia, but many its points are applicable worldwide. By checking and rethinking these shortcomings you can greatly increase your personal safety, and the safety of your family and friends. Remember, each person is not only responsible for their own safety, but also for the safety of everyone they keep in their contact list.

Disclaimer: the following list is a list of ideas and suggestions. You and you alone decide what is right for you and which of them you wish to consider.

Being lax or unaware of privacy issues and their causes

One of the most disturbing revelations in recent history is that the biggest potential threat to human rights, freedoms and privacy comes not from those who break the laws, but from those who make them. No matter how sophisticated scammers and hackers are, none of them has access to all personal information of every citizen. But governments do, just as they have the capacity to change the laws and remove privacy protections at any time. The consent you gave for the use of your personal data today may be used for a completely different purpose tomorrow.

The good news is that in a democratic society any governmental misdeed can (at least in theory) only go as far as voters allow it. Therefore it is an important obligation of every voting citizen to be aware of what the governments are doing, which privacy-affecting legislations get passed, under what pretext, for what purpose and with what likely outcome, and keep all that in mind when deciding who to vote for next time.

The “if you've got nothing to hide, you've got nothing to fear” is a very detrimental fallacy. Dignity and autonomy are basic human rights, and they cannot exist when a person cannot live their daily life free from surveillance, censorship and manipulation.

Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.

Edward Snowden
(Ironically, there is no explicit protection of freedom of speech in the Australian Constitution.)

Voting for the wrong people

The past two decades have proven that neither the Labor nor the Liberal party are interested in privacy protection. The legislation introduced and passed by them has been either watered down and inadequate, or designed to maintain the status quo, or paving the way for even more extensive invasion of our privacy and exploitation of our personal data.

If Australians wish to salvage what they still call “privacy” and “rights”, they should take election times seriously and vote for the smaller parties and independent candidates who take these issues seriously and genuinely have human rights, civil liberties and privacy protection in their policies.

Pandemic

The COVID-19 pandemic became a convenient pretext for many governments, health authorities and various seemingly irrelevant players for ramping up surveillance and privacy invasion to unprecedented levels. Some aspects of it may have been justified, while others are unacceptable and using this pandemic merely as an excuse and cover-up. Be careful and read before you agree to so-called privacy policies of virus tracing, proximity tracking and attendance tracking apps, when giving your personal details for COVID testing, and when receiving the vaccine.

Many medical establishments and pharmacies insists on online vaccination bookings through commercial third-party booking systems, such as HotDoc, findapharmacy.com.au or HealthEngine, which may use your name, contact details and medical data for other purposes, such as targeted advertisement, marketing, and for sharing it further with their business partners. It also appears that pharmacies can add contact details from vaccination bookings to their marketing mailing lists. To protect your privacy and prevent spam and scam, you may like to avoid online bookings and instead use walk-in appointments, and refuse to give your email address or phone number.

Another threat to privacy to be aware of, before you sign up for anything, is that one of the core concerns with the implementation of novel surveillance regimes in times of exception is that, in many cases, governments are reluctant to dismantle systems of surveillance enacted during the crisis, seeking to justify their continued access to surveillance data after the immediate public health threats have subsided, as the Australian Privacy Foundation's COVID-19 Surveillance statement points out. You may never be able to opt our or delete your data from wherever it ends up “due to COVID-19”, COVID-29, or whatever else it evolves into.

Medical system

Within medical system, “privacy” usually means that the patients never get to see the full information about them that is collected and shared, while many other people and institutions have unlimited access to it.

Australian federal, state and territory authorities are continuously trying to ramp up the collection, matching and sharing of medical data on every person in Australia. From My Health Record, from which people luckily can opt out, through state systems like the HealtheNet in NSW, ieMR in Queensland or Clinical Information Portal in Victoria, which grab and share a massive array of private and sensitive data without people's consent or ability to opt out completely, to the booking and patient management systems used by hospitals and small medical practices.

In each instance, patients can lose control over what data is collected about them, whom it is shared with, where it is stored, what it is used for now, and what it can be used for in the future. This severely undermines people's trust in the medical system, destroys the confidentiality between doctors and patients, and discourages people from seeking medical help.

Results of many medical tests, together with the patient's personal details, are reported to various government-run health surveillance programs and entered into screening registers and recall-and-reminder systems. The management of some of those systems and registers involves commercial third parties. For example, the National Cancer Screening Register is operated by Telstra. This personal information disclosure can happen without the clear knowledge and explicit consent of the patient. Or the patient is informed about this but given no choice and no option to stop their personal data from being distributed throughout the system. Other times, there is an opportunity to opt out of this data sharing and medical surveillance, but the patients are not told about it in advance, before the privacy of their data has been taken out of their control.

If you strongly prefer to make your own health decisions and wish to minimise the propagation of your personal data through the medical system and beyond, before consenting to any tests tell your doctor that you don't want your information to be shared with anyone. If your personal data has already been dumped into any of those systems or registers, there are ways to opt out of some of them. For example, you can opt out of the National Cervical Screening Program and the National Bowel Cancer Screening Program by filling the NCSR online opt-out form or by calling 1800 627 701. Pay attention to the options. Your request to cease contact and correspondence will stop the nagging messages, but the new information about you will keep being recorded in the register. Whereas your request to opt out will prevent further information about you from being be recorded in the NCSR.

According to the NCSR “privacy policy”, the data that they have already collected will not be deleted, only made “inaccessible”, whatever that means in their terms. When screening registers were run by states, they had an option to delete the collected information. With the new national register, such option is absent. Instead, their policy says, your information may be used by the NCSR or given to other parties, such as professional disciplinary authority, child protection officers, enforcement bodies, court or tribunal proceedings, coronial inquiry, research, investigation, health promotion and planning purposes, and where the use or disclosure is required or permitted by that state's or territory's law — whatever this clause may encompass at any given time. Therefore, if maximum privacy is your priority, you may conclude that it is best to avoid being added to these databases in the first place.

Perhaps one day the government will realise that significantly more people would participate in such tests and programs if there were an anonymous option — the only option that can truly guarantee privacy. As of now, unfortunately, collecting personal data and spending taxpayer money on promotion campaigns seems to be the preferred modus operandi of the Australian government and healthcare system.

Facial recognition technology

Despite the absence of clear regulations and guidelines on the use of facial recognition technology, Australian government and businesses are pushing ahead with its use. Retailers like Bunnings, Kmart and The Good Guys capture and store unique biometric information of the largely unsuspecting shoppers, while the government and police are building the national facial recognition database to which some states and territories have already dumped our driver's license data. In addition to the potential future abuse of our biometric data with no adequate oversight, accountability and privacy protections, this already abuses the driver licensing system itself. The purpose of a driver's license ID is to confirm that a certain person is licensed to operate an appropriate motor vehicle on public roads, not to give the government an opportunity for slurping up such highly sensitive data as our faces as use it for unrelated, vague or undisclosed purposes.

Giving out more information than necessary

If someone wants to collect your personal information, ask questions and make them justify their need for the data: Why do they need it? What will they do with it? How will they store and protect it? Who will they share it with?... This applies to any business, organisation, health care provider or government agency. If each person starts fighting for every bit of their personal data, data collectors will have to reconsider their appetites. Most often their demands for data are a mere effort to harvest as much information as they can and keep it until some future time when they discover a use for it. Unfortunately, a routine fishing expedition by marketers — collecting information for loyalty schemes and marketing databases — exposes consumers to greater risks when that data is sold or stolen. Even big companies with huge IT budgets lose control over the data they collected. Privacy and security experts say the increased demand for personal data creates an arms race: as identity fraud worsens, companies want to gather more evidence to establish a customer's identity, which in turn exposes more information to the risk of abuse or theft.

Using cashless payments for everything

Increasing numbers of people are switching to cashless payments, paying for everything by card, or worse, by using an app on their smart phone. This may feel quick and convenient, but it also means that the bank, the payment processing companies, and potentially numerous third parties watch nearly every step of the person's life: from where and when they boarded and got off their commuter train to where and when they had a cup of coffee. In addition, the mere act of downloading the payment app onto the phone most likely means the person had to create an Apple App Store or Google Play account, which inevitably means giving your personal details to those corporations as well.

Unfortunately, the decreasing cash use gives governments an excellent excuse to start talking about abolishing cash altogether, which will not only take away the last option to have any financial privacy, but will also mean that the whole country can be easily paralysed by a hacker attack, or that nothing can be purchased during internet and/or electric power outage. Think of all those times when Australia has a cyclone, a storm, a flood, a bushfire... Power lines are down? Mobile tower burned? Broadband node flooded? Too bad: no food or fuel for you. Not so “quick and convenient” anymore, is it?

Or a much more mundane scenario: someone who decided to be ultra-modern and carry no wallet: no cash, no cards — everything is in their phone, which they accidentally drop in the toilet. Classics. Now what? They can't pay for anything, can't get anywhere, can't even call anyone to ask for help. Will that be the point where some futuristic fantasy proponent suggests we have implanted chips for human tracing and payments? ;)

Letting your ID documents to be scanned or copied

When staying at hotels or other lodging facilities

Unlike some other countries, there is no legal requirement in Australia for hotels, motels and other accommodation providers to ask for identity documents, let alone copy them and retain those copies. Any Australian hotel demanding a photo ID does it at its own initiative.

As this practice creates a high risk of personal data misuse and identity theft, it has guidelines issued by the Office of the Australian Information Commissioner. In particular, it is advised that a business can scan a customer's ID or collect information from that ID by any other means only if:

OAIC also states:

Collecting unnecessary personal information is a breach of the Privacy Act. A business should not scan or copy a customer's ID, if sighting it would be sufficient for the purpose the business requires it for.

www.oaic.gov.au

Therefore, if someone wants to copy your ID, yet cannot explain what exactly it is needed for, how securely it will be stored and who will have access to it, they are acting unlawfully. So, do you really want to give your ID to someone who is breaking the law?

Research also indicates that the more relentless a hotel is in demanding a photo ID, the more likely it is to have customer data misused or stolen. And the larger the hotel or hotel chain, the larger the privacy breaches. For example, Marriott hotels insisted (and still insist!) on collecting excessive volumes of guest personal information, scanning their IDs, and retaining the data long after the guests left. In 2018 their network was hacked and thus compromised the personal information of 500 million people who stayed at their hotels since 2014. The stolen data included card numbers and expiration dates, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, and more. If Marriott can't afford a secure system, then a smaller hotel can't either. The only way to guarantee customer data safety would be to refrain from collecting it in the first place.

Check the privacy policy of the prospective accommodation before booking, and give your preference to those hotels who are either contend with merely sighting your ID, or care about their customer data safety enough to rely on other measures for their own security, such as credit card details, advance payments, bonds or cash deposits.

Also, beware of websites and online services that ask you to send them a copy of your ID, for any reason. If they don't trust you, why should you trust your ID to them? Sending a copy of your identity documents is unsafe, as the copy of your ID will not only be kept and used by that site for an unknown length of time and uncontrolled purposes, but can also be harvested along the way by email providers and other systems or apps.

When visiting clubs or other entertainment venues

Many clubs scan patron's ID upon entry, taking “you either do as we tell you or get lost” stance, giving zero explanations and disregarding legal requirements for this procedure. Not surprisingly, there have been numerous incidents when customer personal data collected by night clubs was misused or sold to dubious third parties without customer consent.

When paying with a credit card

“May I see your ID?” — you may never give a second thought to such request for identification when you pay with a credit card at a store or a hotel. While all credit card networks allow a merchant to ask for identification, Mastercard and Visa explicitly prohibit retailers from requiring an ID to accept a properly signed card. Merchants can ask for an ID, but you can refuse to show it and they still must accept the card. Some business owners are not aware of this or disregard card issuer restrictions on requiring an ID, and set their own policies that violate the rules, ostensibly to make sure the card indeed belongs to the person. It is also unclear how some merchants get away with pushing further and insisting on copying the ID instead of just having a look at it. Knowing your PIN is enough for getting cash out of any ATM, so it should also be sufficient for a card payment.

Not opting out

Whether it is ticking all marketing “opt out” boxes on a paper form or opting out of online health record system, each step will contribute to security of your personal data.

Australian “My Health Record” system is still developing, and nobody knows whether the patient control over the stored data is going to be eventually restricted or removed. There is also no guarantee that the sensitive and/or identifiable health information won't be disclosed to third parties, stolen by hackers, shared for a research, or used for any purpose other than direct benefit for the health of the person — all without the explicit consent of the patients. In fact, in 2015 the Australian Bureau of Statistics announced that it will keep people's names and addresses collected during the 2016 census and link census data to health records.

Posting personal information online, using social media, cloud storage, AI devices, or Google

Once something has been uploaded to the Internet, it cannot be 100% deleted. It may be marked as “deleted”, or hidden from view, but it will keep being stored somewhere. Don't put important private information or large amounts of personal data on social networking sites. Uploading your data into cloud storage services like iCloud means you almost certainly lose your control over its privacy and confidentiality. Don't upload photos of people, yourself included, to Facebook and other social media sites: facial recognition technology is evolving extremely quickly and can be used for tracking you across online platforms and in real life.

Be mindful when creating an account on some websites, like Facebook. They often set a trap by initially allowing you to sign up with minimal personal details, let you use the account for some time, and later start demanding that you give them more information, like phone number or a government-issued ID. They won't let you access your profile until you give them that data. Before you sign up, search for online complaints like “Facebook suddenly requests my phone number” and see what you are getting into.

Using Google for all your Internet searches and Gmail for all your communication is another sure way to have no privacy at all. In addition to watching, analysing and recording everything you do online, Google is notorious for suddenly locking people out of their accounts (allegedly for “security purposes”) and not letting to log in even with a correct password until the person gives Google more personal data, such as mobile phone number or home address. Consider using other search engines, like DuckDuckGo, for at least some of your browsing, to avoid letting Google spy on you 24/7. And don't use Gmail for some or all of your correspondence, to prevent Google from knowing everything about your work, family, friends and other personal interactions. Many other email service providers snoop on their users too, but, unlike Google, they are unable to supplement that information with a detailed dossier on all your other online activities. You may like to consider a privacy-driven email service, such as Protonmail or Tutanota.

Think really well before getting a so-called smart home device, or any artificial intelligence technology, that is connected to the Internet, like Google Home, Amazon Alexa or Echo. They harvest enormous amounts of information about you and your daily life, end up knowing more about you than you could imagine, and send all that data to their vendors. Nobody can tell how and when this data will be used in the future.

Keeping personal information on your mobile device

Many use their smart phones to store their own, their friends' and their family members' personal info, such as names, phone numbers, home addresses, email addresses, birthdays and online profile links in the contact list, sometimes supplemented by logins to your various accounts and copies of important documents. It may be handy, but don't forget that mobile phones are easily lost or stolen. In addition, the phone's OS or apps can gather and transmit all that personal information to an interested company or agency. Given that they can also collect information about the websites you visit, photos you take, your geolocation coordinates, contact lists, sms texts, email contents and phone calls history, and have an in-built “intelligent virtual assistants”, like Siri, that listen to everything you say, they may know about your private life more than you realise. Also, think twice before synchronising your mobile phone data with any sort of “cloud”. Even if you adopted “I've got nothing to hide” attitude about your personal life, are you sure that all the people in your contact list are happy for their personal details to be handed over to the company that owns the “cloud”?

If you must sync your contacts with a cloud storage, consider using short names or nicknames for your contacts, and avoid adding extra information about them, such as their photos or birthdays.

Trusting that “deleted” means deleted

Once the information is entered into a database, it hardly ever gets deleted, even if you were told it has been. In modern databases, the information gets marked as no longer in use, but it may be kept in the database for a long time. The disk space is very cheap these days, and database management programs are very nifty and fast: anything can be kept indefinitely and restored at any point. Companies no longer run out of space on their archive shelves for paper documents, so no information needs to be destroyed, no matter how old and outdated. The best way to make sure your data in not stored forever in some database is not to let it to get there in the first place.

Using one email address for everything

Set up separate email accounts for different purposes. At the very least, have a “junk” account for anything you don't trust entirely, for example for subscribing to “newsletters” and “special offer” notices. If possible, don't enter your real name, date of birth or mobile phone number when creating an account for that.

Participating in surveys, competitions, entering prize draws, or registering product purchases

Essentially, all these are baits in the fishing expedition for your personal data. Many companies use various win-whatever appeals as a way of obtaining customer personal information for their marketing research. No business does anything really for free: if they are offering a prize, it only means that the information they are expecting to collect from the participants will bring them more money than the worth of the prize they are promising.

Too often the purchased products come with a paper form or a link to an online page that you supposedly should fill on order to “register your warranty”. This is another smoke-screen for obtaining your personal details. Under the Australian Consumer Law, automatic consumer guarantees apply to products and services you buy regardless of anything else the supplier says. If the purchased product can be covered by a warranty, it is covered without any need to “register” anything. To guarantee the quality of the product, the supplier doesn't need to know your name, email address, phone number, where you live, how much you earn, how many children you have, and a tonne of other personal information, as this example of a ridiculously intrusive warranty registration form from Barbeques Galore demonstrates.

Loyalty programs and rewards cards

These are not about rewarding the customers, they are about spying on the customers. These schemes usually offer very little value while collecting huge amounts of customer personal information for data mining. The main objective of any business is to create a profit. So a business will never do or offer anything unless it yields more than it costs. Suppliers are always in search for strategies to sell us more than we need, or to cut corners in production and delivery. Targeted marketing is the most effective tool for that. And, as a result, we are not getting the best goods, only the best marketed goods.

By signing up for a rewards or loyalty card, you share your name, address, gender, age, interests, income range, and other information about your family and household. Then, every time you shop and use that card, you essentially tell the retailer what, when and how much you buy. All that data is collected, analysed, added to your profile, used to predict your next move, shared with other businesses, and sometimes even sold to third parties for even bigger profits. Next time when you are wondering how an ad, packaging design or a “special discount” managed to convince you to buy some rubbish you never needed, don't be surprised: marketers know about you and your behaviour way more than you do. They know how to target you when you are most vulnerable and susceptible.

Memberships, clubs, doctors, dentists, pathology laboratories

A customer database is one of the most valuable assets of any business or institution. It is used for profit-increasing strategies and is sometimes shared with other companies for money or other benefits. The most unfair aspect in this arrangement is that this information is not only extracted from the customers for free, but the customers are given no choice, and are often charged admin / joining / new customer / new patient fees for that. Shops, clubs, gyms, entertainment venue ticket sellers, doctors, dentists, optometrists — all demand large volumes of personal information without ever explaining why it is necessary. As most of us know, it is impossible to visit a dentist or get a new pair of glasses from an optometrist without being later bombarded with reminders, marketing messages and special offers.

For example, optometrists obtain customer details under the pretext of being “healthcare providers” under the Health Practitioner Regulation National Law (which, by the way, says nothing about personal data collection and usage), and then use that data for marketing and spam. The customers are never given the choice of not being included into the mailing lists, or for their data not to be shared with numerous third parties, including mailing list services, which often are foreign third parties. The only option is to opt out once the spam starts coming. Unfortunately, opting out at that stage doesn't erase personal data from the marketing databases or stops its further disclosure and misuse, it only stops the unwanted communications, sometimes only for a limited time.

Medical establishments have become frequent targets of hacker attacks and honeypots for identity fraudsters: doctors and other medical professionals collect and keep huge volumes of highly personal and private data, yet have no skills or expertise to keep it secure. How many people dare to question why a medical centre is asking for certain personal information and what they are going to do with it? People simply comply and supply. Medical centres often engage other companies too look after their technology needs (which means those companies have access to your health information without being bound by healthcare privacy laws), or use third-party software for managing bookings, medical records and communications. That software is often made overseas and uses cloud facilities located in other courtiers, which means nobody knows what happens to your data and who has access to it.

Clinical pathology laboratories are data accumulation and sharing machines within Australian medical system: they obtain the patient personal details, add clinical test data to it, and then keep and share this information with medical practitioners, can disclose it the government or enter it into disease screening registers without asking for the explicit patient consent or offering any way of opting out of this. From the patient perspective, pathology labs operate one way: they take data from the patient without ever giving anything back, except for the bills if the certain tests aren't covered by Medicare. For any useful information the patients are forced to go back to the medical practitioners.

Be careful and vigilant every time you are filling a form, and keep in mind that the company is most likely going to use all this data for marketing purposes, and in case of a medical or semi-medical establishments, pass information about you to the government systems, which can share it with other government branches or link it to census and other data. If some information is demanded as “mandatory”, ask why. If there is no satisfactory answer, ask yourself whether you still want the “service” on these terms? Is it really worth the loss of control over your personal information, privacy and safety?

Credit cards, loans, mortgages

Once you borrowed any funds, your personal information goes into the credit history and is shared with all sorts of third-party companies and credit reporting agencies, which may use and misuse the data as they please. By borrowing money you not only enter the financial slavery and enable the lending institutions to make money off the interest you play, you are also forced to supply a load of your personal information which will be used by other companies to make money off selling or sharing access to it — all without your control or explicit consent. Given the fact that credit reporting agencies like Veda/Equifax can easily navigate their ways around the law, can they be trusted to do a decent job of safeguarding your privacy? It is also worth noting that many credit reporting agencies, such as Equifax and Experian, which receive your personal information from your banks, utility services and phone provides without giving you any choice in the matter, are foreign-owned companies that not only may accumulate, store and share your data overseas, but are also subject to massive hacker attacks, security breaches and data theft.

Money management and budgeting tools offered by banks

Personal online budgeting services and software like NAB's Spending (formerly Money Tracker), St George/Westpac's Budget Planner Calculator, or ANZ's MoneyManager are actively advertised as invaluable services to help the customers take control of their money and develop a better understanding of where they are spending and how much they are saving. Sounds great, but keep in mind that first of all, banks always help themselves.

The online personal finance planners have sophisticated transaction analysis engines for organising and categorising user data. Along with promising their customers to take all of the headache and guess work out of budgeting, tracking money and saving for goals, the banks are able to run rich customer analytics, for example by customer segment for more targeted marketing and to get valuable insights to our customers, for example, to see a comparison of spending patterns to others like them. Customers who use money management tools are providing the bank with a live picture of their financial situation at any point in time. When you use the budget planner or the “what if” scenario analysis option, you are giving your bank the important insights on your future plans. If you would rather keep your plans for your future to yourself, you may want to avoid using these tools. If your bank made it impossible to disable these tools, at least avoid adding more data to them.

By monitoring your financial transactions, banks continuously watch what you are doing, where you are staying, working, holidaying and shopping, what you are choosing and buying, who your insurers, doctors, friends and family are... Your everyday life is monitored, analysed, and that information being used by the banks and their partners. The only sure way to avoid being watched, analysed, categorised and targeted is to pay in cash whenever possible.

Not shredding

Shred all paper documents before throwing them out. Don't just crumple the paper up or tear it in half! Cut the paper to small pieces across the lines or text, paying special attention to the areas where your personal details are printed. If you have a garden compost bin, it is the best place for the paper shreds. Compost worms can be trusted with your privacy better than any human. :)

Ignoring fine print and privacy policies

They are usually deliberately long and boring, but worth a look. Make note who your private information may be disclosed to. The fact that the company you are dealing with promises to protect your information doesn't necessarily mean that the third parties it shares your information with are going to do the same. Don't deal with a company if their privacy policy is vague, or you are not satisfied with its conditions. This also includes government agencies — they are notorious for passing personal information further. For example, Australia Post supplies customer details to Australian Electoral Commission and the Department of Transport, Australian Medicare passes data to Immigration Department, Immigration Department gives it to Australian Bureau of Statistics, state governments let information brokers sell driver licence, vehicle/property ownership and court information, and so on; and yet each department swears in their privacy policy that your privacy is very important to them.

Travelling to or through certain countries

Countries collecting biometric data from visitors

What was once a procedure reserved for criminals, is now becoming a “normal” part of holiday travels. One by one, countries begin demanding tourists and visitors to submit their fingerprints, iris scans or photographs for facial analysis under the same overused pretexts: counter-terrorism and national security. It remains unclear how, by looking at fingerprints, the border security is going to tell who is a potential terrorist and who isn't; yet it is clear that this process harms civil liberties, invades privacy, and creates a serious risk of identity theft, because any leaks from biometric databases could be used by criminals or hostile individuals.

Countries demanding excessive personal information

For example, the US require all visitors to supply their parents names, all current and past citizenships, details of all past travels, national identity documents ever issued by any country, all present and past email addresses, phone numbers and social media accounts. Travellers are also obliged to supply passwords for any of their mobile devices or accounts to allow all the data to be searched and copied by security forces. The same is demanded from transit travellers who have no intention of leaving the airport! This violates not only the privacy of the travelling individual, but also the privacy of their family, friends and colleagues who ever shared any private messages, pictures or documents with that person. Doctors, lawyers, scientists and business people may be forced to break the law and moral obligations by disclosing sensitive information about their patients, clients, research or business to border agents; and after Snowden and Manning revelations, every person has solid grounds to distrust the US government promises or intentions regarding the data. These demands also severely undermine the freedom of speech, which is absolutely essential for a democracy, as people who have to travel to or through such country will be forced to censor everything they ever publish online, and because the US authorities do not give any explanations as to why the entry to the country was denied, any criticism of anything relating to the country can potentially impede the person's movements at any point in life. Unfortunately, the US disregard the much-quoted words of their very own Benjamin Franklin: Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.

If you do not wish to be treated like a criminal and be forced to supply your fingerprints or personal data for a foreign regime to keep and use in any way they see fit, you may want to research the entry or transit requirements of the countries before making your travel plans and instead spend your tourist money in the countries who don't think they are entitled to damage civil liberties and jeopardise personal safety of innocent individuals. Sadly, the choice is steadily narrowing.

Australian border security now use the SmartGate technology, and airport staff is often quite pushy in their attempts to get the travellers from “eligible” countries to use SmartGate electronic kiosks rather than being processed by a fellow human. At the moment, unless forcibly herded by the airport employees to the SmartGates, people still have a choice to be processed by a real human officer. However it may no longer be an option in the future. Presumably, the plan is to first make people get used to machines, get rid of the highly-trained and famously polite Australian border security officers. Then say that no system is perfect, SmartGates make errors and a facial recognition is not enough, so more biometrics are needed, and under that pretext start collecting fingerprints, iris scans, body parameters, DNA samples, or anything else the authorities may want. If people don't insist on being processed by human staff now, biometrics collection won't stop at facial recognition. There is nothing more intelligent and sophisticated than a trained person who can do more than any machine, such as analysing behaviour and other clues. Using machines has nothing to do with increasing the country's security, it is just another way of harvesting more data.

Australian Border Force

Australian Border Force (ABF) has very broad and intrusive powers to search personal digital devices, such as mobile phones and laptops, and copy electronic information without a warrant. An ABF officer can force you to hand over your phone and its passcode, take the device away for any length of time, look at and copy any information that you have on your device, share this information with other agenesis — all this without having to have a warrant, explaining you anything, giving you any reasons for what they are looking for and why, or informing you what information was examined and copied.

Within Australian borders, police can search your mobile phone too, but if they want to unlock your device, they must first get a warrant. ABF can do whatever they like without any warrant or explanation. Because of this lack of transparency and accountability, it is unknown how often travellers are subjected to this gross violation of privacy, whom exactly ABF targets and based on what. People might be targeted because they are journalists, or privacy advocates, or whistle-blowers, or were simply born in a “wrong” country. We just don't know!

The absence of federal charter of human rights in Australia means that in reality Australians have very few rights. The only protection of your privacy when you travel to Australia, New Zealand or other countries that have similar border “security” procedures would be in not keeping anything on your devices that you don't want authorities to access. Private messages, intimate pictures, sensitive data, work documents, email history, saved passwords, online banking, Medicare, myGov... — none if this is a good idea to have on your devices when you are crossing the border of a country like Australia, where people don't legally have the fundamental human rights.

If your device was taken out of your sight, you should assume that it has been completely compromised and everything on it has been copied, and you should act accordingly as soon as possible: change all your passwords and inform all the people whose data is stored on your phone about the incident.

Notifying the people who may be affected would achieve multiple goals: it will prompt them to tighten the security of their personal data; it will give them a warning that they too could be targeted by the ABF when they travel; and it will raise the public awareness about the dreadful state of privacy legislation in Australia, which could make more people vote for the smaller parties and independent political candidates who have genuine and serious interests in protecting privacy and human rights of Australians.

Telemarketing

If you are tired of telemarketing, add your number to the Do Not Call Register. For Australia, visit www.donotcall.gov.au. For other countries, do a search and see if there is an organised way to opt out.

Scammers

If you are unexpectedly contacted by someone claiming to be an insurance company, a bank, a government agency, a debt collector, no matter what the reason, never give them any of your personal details. You can't be sure who the caller really is. If they are really your insurance company, bank or a government agency, they already have all the necessary information. If they want to “confirm”, “verify” or “make sure everything is correct because they are updating their system”, they are either too dodgy to do the update properly without such verifications, or are scammers trying to steal your identity. The easiest way to check is to call back via an official contact number and ask whether such verification has really been required. Never call back using the phone number the stranger gave you without making sure that number really belongs to the company they claim to work for.

Mission creep

If you notice that a company or institution suddenly needs more personal information than they needed before for the same service saying that they “will be unable to provide you with the service” without that information, demand an explanation. This is common, and is a direct result of unnecessary data harvesting combined with inability to keep the harvested data secure. First they need your full name and address, which quickly leaks out because every Tom, Dick and Harry asked for this data and added it to their flimsy databases, contact lists and apps. So they want your date of birth, to “enable you to be identified securely”; which of course also leaks from social media, email provider snooping, or a database of any entity that has it. Now they want your photo ID details, which will of course eventually be leaked too, because nothing can be kept secure forever, especially if everyone demands to have a copy of your ID and keeps storing that information in their databases even when it is no longer needed. With all personal details leaked, email accounts hacked and phone communication snooped upon, what is next? What will people have to provide for secure identification? Fingerprints? DNA samples? You get the gist.

Low quality of online systems and software

Unfortunately, programmers and IT specialists are not chosen from geniuses and brain elite anymore. Companies are cutting corners and are happy to outsource programming jobs, which means they are getting lower quality for lower cost. They know that everyone is pretty much forced to use online services these days and will have to put up with bugs and errors because too often there is no alternative.

Rapidly growing IT industry also means time pressure — to be quick, to be the first. New websites, online shops, e-government services and internet banking systems are rolled out as quickly as possible, often ditching the thorough testing stage in the software development process. Illogically, companies don't mind spending extra time and money on unnecessary, fancy-looking design features, and would rather cut costs of proper security and testing. After all, a pretty interface is what gets the majority of new customers in. Once they signed up — the target is achieved, it will be too late when the customers discover the poor quality and unacceptable level of security of the system, their data is already in the system.

Promises of secure server connection or encrypted data transfer do not guarantee that your data will be securely stored and correctly used once it has passed through that connection. Solemn mentions of long cipher key, strongest industry standard encryption technology or military grade security have nothing to do with long-term safety. The system is as secure is its weakest component; and the vast majority of breaches happen because there are holes and errors in badly tested software often made by cheap, outsourced software developers, and because of poor security training or negligence of human staff using that software.

ABR and ASIC

If you are thinking about becoming a small business owner or sole trader, check how Australian Business Register and Australian Securities and Investments Commission work. First, Australian Business Register (ABR) charges people for the registration of a business or a company. Then it charges annual fees, which are basically payments for database record maintenance, which should include secure and safe storage of private and personal information. Nevertheless, ABR is making money off people's personal details twice: once, by charging them for entering the information, and then — by selling that information to other companies and interested parties, stripping people of their privacy.

The free publicly available lookup in Australia Business Register and Australian Securities and Investments Commission (ASIC) disclose only limited information about a company or a business name holder. However, for a small fee, anyone can obtain a much more detailed set of data. ASIC sells access to the information to an array of private companies, so-called Information Brokers (SAI Global, Veda, InfoTrack, Tri-Search and others; many of them are international commercial entities). These companies, in turn, are making money on reselling your personal details further, and the data can eventually end up in the hands of spammers and scammers. ABR's privacy policy states We may give your personal information to other government agencies, including regulatory and law enforcement bodies and assistance agencies, but only where authorised or required by law to do so. They don't mention that it will also be sold to whoever is willing to pay for it.

One may argue that business registration is not a private affair in Australia, yet all this unlimited information trading may be very disturbing for the owners of small business who have no choice other than providing their home address for business registration, which may jeopardise the safety of their families if made publicly available. This whole arrangement is discouraging small business while benefiting large corporations, which is discriminating and has negative impact on Australian economy.

Australian Bureau of Statistics

Be aware of privacy issues with the ABS census and compulsory household surveys.

Plunging into using new gadgets, websites or online services

In the past, we lived with anticipation and curiosity about the technology evolution, we were wondering what a new, interesting and useful discovery will be implemented next. And those new implementations were indeed interesting and useful. Today, the world has changed. For the majority of people, the technology evolves too rapidly to follow it with deep understanding. Nearly every day we discover that now we have to do things differently; sometimes we have a choice, sometimes we don't. Too often we are told that now we have to update, move, sign up, create an account or login in order to be able do the same things we were dong before (for example, the infamous my.gov.au portal). The changes are always touted as “improvements”, as something faster, more efficient and convenient.

Everything advertised as “one click away” is in fact a profile full of personal data away. People suddenly need to create so many profiles and logins, fill so many online forms, and accept so many “Terms and Conditions” that it is virtually impossible to carefully research, remember and keep track of each one. Usually, the users just tick the ‘accept’ box and submit a load of private information to the service, which will store, analyse, merge, verify, disclose, sell and use the personal information to its advantage in any way it sees profitable. Every bit of personal information we give away means we are tracked, targeted, profiled, and subjected to surveillance for “safety and security reasons”, at the same time increasing the danger of theft of our identity. The database with our data may be misguarded, misused, hacked or leaked, our identity may be forged or stolen, and once the information is passed into someone else's hands, there is no way back.

Freedom, privacy and safety are worth spending some extra time researching the true benefits and drawbacks of a new trinket or service before rushing into using it. Very often, the old trusty cash, cheque or paper form is more secure than all the “new and improved” apps and online frills. It also very beneficial for one's health to pick up a pen every now and then to exercise the fine motor skills with the old-fashioned writing rather than tapping the screen or pushing the buttons.

The most effective way of controlling and protecting information about oneself is not to share it in the first place.

“We value your privacy”. Really?

Even if you are dealing with a government agency, it is still wise to read all the fine print, privacy policy, and ask questions. There is no guarantee that one day all the private and sensitive information entrusted by people to what once was a government agency cannot be privatised and sold. Look at CITEC: an organisation given a power to manage shared services for the whole of government, including a major consolidation of Queensland government data centres; an organisation given access to more than 40 government and commercial information sources, including the data in investigative reports, property registers, motor vehicle registers, traffic incident reports, crime incident reports, is not just already making money off the private information people had to provide for free due to the government's requirements, but it is also considered that it could be sold off as part of a revenue drive to bring the economy back into the black.

Nearly every privacy policy document of each organisation starts with the solemn words “we value your privacy”. Unfortunately, too often this value is measured in dollars the organisation can make off the possession, use and sale of your personal information.

Further reading:

ID protection at crisis point, Sydney Morning Herald

The Australian Privacy Foundation dedicated to protecting the privacy rights of Australians, it aims to focus public attention on emerging issues which pose a threat to the freedom and privacy and defend the right of individuals to control their personal information and to be free of excessive intrusions

Australian Information Commissioner, a government website dedicated to privacy issues with a special focus on information technology and the Internet

No one likes to see a government folder with his name on it.

Stephen King

Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficent. Men born to freedom are naturally alert to repel invasion of their liberty by evil-minded rulers. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding.

Louis D. Brandeis, Lawyer and Associate Justice of the Supreme Court of the United States

The right to be let alone is indeed the beginning of all freedom.

William O. Douglas, Associate Justice of the Supreme Court of the United States

Big Brother in the form of an increasingly powerful government and in an increasingly powerful private sector will pile the records high with reasons why privacy should give way to national security, to law and order ... and the like.

William O. Douglas

A desire for privacy does not imply shameful secrets; without anonymity in discourse, free speech is impossible, and hence also democracy. The right to speak the truth to power does not shield the speaker from the consequences of doing so; only comparable power or anonymity can do that.

Nick Harkaway, novelist and commentator

I don't like to share my personal life... it wouldn't be personal if I shared it.

George Clooney

Privacy is not something that I'm merely entitled to, it's an absolute prerequisite.

Marlon Brando

Comments

Write a Comment

There is a big difference between a company that DID something to earn its customers' trust, and a company that HASN'T DONE anything [yet/known] to lose the trust of its customers. For example, Apple actively pushes its users to create Apple ID and backup/sync all personal data to its cloud. It actually takes quite a bit of determination and vigilance to bar the numerous attempts of any iDevice to upload your data to Apple. There is no simple "don't touch any of my information" settings, and the is no option to create an Apple ID without giving them your name and contact details. Apple portray themselves as a defender of its customers' privacy, yet they haven't actually done anything to prove it. Simply popping up a screen saying "Apple believes privacy is a fundamental human right..." proves nothing. Believing is not enough, it's the actions that matter. Speaking of which, Apple quickly ditched its plans for end-to-end encryptions when FBI didn't like it. Had Apple say 'no', stood for its beliefs in the fundamental human rights, and, in an extreme case, moved their operations to a country that aligns with their beliefs, then we would have had grounds to trust Apple's promises. But since Apple only "believes" in human rights, but prefers to have an easy life and cooperate with secret and intelligence services, I will never use their iCloud, backup or syncing, and always try to reduce the amount of personal data I keep on any devices made by Apple. There is just no way of knowing who this data will be shared with. The only personal data I have on my iPhone is contact phone numbers and emails of my friends, family members and colleagues (I never add addresses, photos or birthdays there), but I loved your idea about avoiding using names for my contacts as well. Initials or nicknames are an excellent way to add a bit more privacy even if Apple grabs my contacts and uploads them to its cloud against my wishes.

Anonymous, 27 June 2019

Our family was one of the 500 million victims of the Marriott hack in November 2018. We received a canned apology from them and an ass-covering 'warning' that our private details might have been compromised because we stayed with them a few years prior. We were furious that they kept our data for so long! If they deleted our data after we checked out, it would not have been hacked. But the biggest shock was to discover that they still want visitors' ID upon check-in even after that breach. We said NO and found a place in another hotel. Having just read in the news that Marriott has been hacked again, we are so glad we went to another hotel then. Will never stay with them in the future.

Anonymous, 3 April 2020

We have an appalling situation with covid vaccination bookings in Australia. As if vaccine shortages weren't bad enough, now we are coerced by our own government into creating HotDoc accounts and signing up for third party crap just to be able to book the vaccination. Doctors decline to accept phone bookings and walk-ins, and demand that we book through HotDoc, which is a commercial organisation and should not be permitted to take advantage of this pandemic disaster to became a middleman between the taxpayer-funded government-run vaccination program and the taxpayers!

Anonymous, 7 August 2021

These Australian government and hotdoc online covid vaccination bookings are pure evil. You have to give them a phone number to be able to register. There is no way around it. And because a photo ID is mandatory for mobile phones in Australia, we have a situation that unless you give your ID data to a phone provider first, you can't get a vaccine. Telcos and commercial booking systems like hotdoc are in business, while ordinary Australians are in deep shit with zero privacy.

Chris, 11 August 2021

This is not a coronavirus pandemic. This is a data grab pandemic.
Want to get food? You must have a check-in app, and an email address, and a phone number.
Are you forced to have a phone number? You must give your photo ID to Telstra, Optus, Vodafone, or some other telco. And then wait and watch how all your communications become the property of ASIO spooks.
Are you forced to have an email address? You must give your personal data to Gmail, Hotmail, Yahoo, or some other overseas email provider, and let them read all your private correspondence.
Are you forced to have a check-in app? You must create an Apple or Google account to download it. And then watch how US secret services go through your personal data.
Are you forced to have a covid test? You must give your personal data, and of course you must have a phone number. And then wait and see how your personal data is used to lock you up.
Are you forced to have a covid vaccine? You must book online, enter your personal data, and you must have an email and a phone number. And then watch how you personal data and medical information is sold off by someone like HealthEngine.
Are you vaccinated and now forced to show a proof of vaccination or vaccine passport? You need a Medicare app.
Are you forced to use a Medicare app? You must have an Apple or Google account to download it. And then it must be tied to a mygov account.
Are you forced to have a mygov account? You must enter personal details and provide an email address.
Have you finally got your vaccine passport? Now you have to show your personal details and medical information to every Tom, Dick, and Harry who think they have the right to see it.
And the worst thing: none of this will end even when this pandemic is over. The government will find another excuse why the status quo must remain.

Anonymous, 12 August 2021

One explanation why people are not allowed to test for covid anonymously is that these test samples can be used by the authorities for DNA profiling. It is exactly the same procedure when police collects DNA samples for criminal investigations. Only with covid it is much more convenient for them, no consent is needed. People are queuing up to provide the samples voluntarily. Nowhere in the paperwork it guarantees or even mentions that your covid test sample will never under no circumstances be used for anything else. Anyone who questions this are labelled conspiracy theorists, sure enough, as if the government has never lied or covered anything up before! Having everyone's DNA data is a dream of governments, insurance companies and financial corporations. Why would they pass on such a perfect opportunity?

Anonymous, 14 August 2021

A brilliant quote from one of the Electronic Frontiers Australia talks:
"Power is enacted for a particular reason, but then it is used in a different context. And we've seen this time and time again with the legislation that gets passed; a lot of if is the legislation since 2001. A global war on terror was declared, and the terror won; just as in the war on drugs, the drugs have pretty much won. What we've got was more terror, but we've also got more responses to that: it became an authoritarian ratchet, where every time the power is given it is never taken away. And the problem is never resolved because it is a war on an abstract noun. You can't win one of those, but it is very convenient for someone who wants to accumulate power."
You can watch the whole video here: EFA Talks: Stepping Stones to Dystopia

Bob, 18 August 2021

We can't be too careful with our privacy, especially in Australia. While everyone is busy surviving this pandemic and vaccine shortages courtesy Australian government, the same government pushed through a hideous surveillance bill that shocked the free democratic world. With the new Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021, Australian police and intelligence services can hack your computer or any other devices. They can access, collect, delete, modify and falsify your data, and take over your social media accounts, and all that without a judge warrant.
Australia became a prison colony once again. Anyone can now potentially be framed for a serious crime by ACIC or AFP. There are no safeguards in the law that can stop them from simply changing your data to suit their agenda. There are no limits, no oversight.
As usual, it was done under the anti terrorism, drugs and child exploitation pretext, nothing new there! But really isn't it about keeping the rich powerful? An arm of government or a multi-billion corporation that is breaking laws, tired of human rights defenders, or inconvenienced by some investigating journalist could get the police to hunt people down using government-sponsored malware, break into and plant things on people's phones, and make all corporate and political problems go away.

Anonymous, 1 September 2021

Mass surveillance is not about the hackneyed terrorists or pedophiles, it is about having control over every single person in the country. Very convenient for the government and for those who line their pockets.

Rick M., 2 September 2021

Does anyone have any doubts that today's Auckland supermarket attack will be used by New Zealand government for levelling our laws with Australia? The timing of events is unbelievable. A few days ago Australia amends their surveillance laws to a draconian extent, and suddenly New Zealand desperately needs to do the same. The most heartbreaking part is how ordinary people are always at loss. We already lost almost all privacy to our government's anti-terrorism travesty, and yet we are still getting stabbed when we go shopping!

Anita, Auckland, New Zealand, 3 September 2021

It still seems impossible to get covid vaccine without online booking, which requires that we must to provide unique email address and mobile number that have not been used to register before. My husband and I share one email account that is a paid service hosted in Australia. This means only one of us can get the vaccine. Contacting the government health department was a waste of time. Their response was that we should create another email account on Gmail, Outlook or Yahoo. Which is them basically saying, go and give your personal data and private correspondence to an overseas corporation that will spy on you. This is totally unacceptable! Email address or phone number should not be mandatory for any taxpayer-funded vaccine or service.

Anonymous, 6 September 2021

As Moderna vaccine is coming to Australian pharmacies, stay away from booking through the Pharmacy Guild of Australia sites www.guild.org.au and www.findapharmacy.com.au. According to their policy, they can use your contact details for marketing and promotional spam. It's a pity that some turn the pandemic emergency and desperation into data abuse for profits, which damages people's trust in pharmacies and vaccination program.

Anonymous, 17 September 2021

"Informed consent is a fallacy if the person cannot alter the consent they are giving; or if the consent is locked in a point of time, which allows the consent given today to be used for a different reason later." Electronic Frontiers Australia

H.S., 7 October 2021

It is all about personal data and control, always has been. Thousands of people die every year in Australia because of the fear or reluctance to see a doctor due to privacy concerns. Does the government and the medical system do anything about it? Do they offer an option to get medical help anonymously? Are they decreasing their demands for personal data? Nope! Instead they want to grab more data and share it with every arm of government that wants it. MyHR, MyGov, Medicare, ABS... That's in addition to forcing many patients into booking medical appointments online, through commercial booking systems, which of course are only too eager to grab all the personal data as well.
But...a few hundred people die FROM covid during the whole pandemic (not talking about those who died WITH covid, which the government still counts as covid fatalities), and the powers see it as an opportunity to turn this country into a prison colony, lock everyone in, force to undergo vaccination (which by the way didn't bring back our normal way of life), grab everyone's latest and freshest personal and contact data through travel passes, vaccinations and covid tests, and get DNA sample through covid tests as well. If they were allowing anonymous on-the-spot testing, that would at least be believable that it was done ONLY for medical reasons. But no, they want full name, dob, home address, medicare number, id, email, phone number,... so that they have a full file on each person.

Ole, WA Australia, 6 November 2021

As the attendance tracking apps with QR codes are now mandated by every state and territory, they became a part of the most extensive mass surveillance operation on Australian soil. Yet the laws that protect personal data are weak, vague, inadequate, and in some states non-existent. For example, Queensland still hasn't introduced the laws that would ban unauthorised access to that data. But then, what else can we expect from the state that practises forced hospitalisations of everyone who tests positive?
To have any public trust and cooperation, the whole country must have uniformed laws:
The collected personal information must be limited to the minimum necessary for achieving the stated legitimate purpose.
The data collected under the pandemic pretext must never be used for anything else or combined with any other data. No if-s, no but-s. No exceptions for police, ASIO and the rest of that wonderful bunch.
This data must be securely stored in Australia.
All pandemic-related apps and other software must be open source.
This data must be completely and irreversibly deleted once it is no longer needed for the purpose it was collected for, including all data from QR-code check in apps and vaccine status certificates.
All surveillance systems and tools must be dismantled when the state of emergency has been lifted.
The state of emergency must not continue beyond what's absolutely medically necessary.
There must be severe punishments for the governments and their employees for breaching these laws. There also must be severe penalties for employers, business operators and anyone else who abuses any data from covid tests, vaccine certificates or contact tracing apps.
Individuals must have the right to sue for breach of their privacy. Otherwise, the governments will continue do as they please without any repercussions.
And these have to be legislation/laws, not regulations. Because regulations can be changed by any minister at any time, while legislation changes must go through the parliament, which is the foundation of democracy.

Anonymous, 17 November 2021

Australian governments, federal and state, but especially state, have turned COVID into a policing issue, not a health issue. They've got unprecedented powers across all aspects of people's personal lives. It truly is scary how Australia managed to get to this point with virtually no challenge. Compared to the rights and protections they have in the EU and US, Australia is an undemocratic police state.

Anonymous, 3 December 2021

There is virtually no data privacy within Australian medical system. Let's follow this example from scratch:
Suppose you have (hopefully not!) a health issue that requires hospital treatment.
First, you will have to see a general practitioner. For that, you will need to make an appointment. These days, many GP places want their patients to use online booking systems. You will need to create an account and enter a load of your personal data, which will become a part of this system that is made and maintained by some other company, stores your data in an unknown location and makes it available to an unknown array of people. If you entered your email address, then your email provider will be privy to your health communication as well. If it is something like Gmail, Google will add all medical information from your emails to a profile it has on you. It will also mean that Australian and overseas spying and surveillance agencies get access to that information as well.
Then you get to your appointment and have to fill another load of forms handing over yet more of your personal data. That data will be entered into the medical practice system, and most likely will be stored on a remote server belonging to the company that provides that system, or even uploaded to some cloud storage that may be overseas. Your data is also likely to be entered to the reminder system that will go on pestering you about screening and follow up appointments.
If you need any medical laboratory tests, like a blood test, your data will be given to the pathology lab. It gets entered into their system, uploaded to their cloud storage and disclosed to various third parties "as required or authorised by law". Those pathology labs often are big chains with thousands of people working for them. Who and when has access to your information, anyone's guess.
If you have a notifiable disease, ranging anything from cancer, through measles, to laboratory-confirmed influenza, your personal and contact details will be immediately reported to the government.
If you need any diagnostic imaging, like X-ray, CT scan or MRI, your data goes to the imaging provider, their system, their cloud and their related parties.
Then your GP will send you to a specialist, and your data will be added and proliferated through the medical and accounting systems that the specialist uses.
If during your appointment the doctor makes some notes on their personal computer, your personal and medical data is likely to end up somewhere in Apple iCloud or Google Drive, which means overseas and accessible by overseas agencies.
Then if you need to be admitted to hospital for a surgery or other procedure, your will need to fill the hospital admission forms. Again, these days they want you to create an online account and enter all your info there. This of course adds your data to yet another system of an unknown scope. If it is a public hospital, your data can become a part of a massive behemoth with thousands of employees. If it is a private hospital, your data will become the property of a private business, which may be foreign-owned.
If during the hospital procedure an anaesthetist was required, your data goes to them as well, then to their accountants, their computer systems and their cloud storage. If assistive imaging was used, then your data goes there. If histology analysis was requested, your data goes to a pathology lab, which is likely to be different to the one that got your details earlier.
If you felt too rotten after the procedure and forgot to pay at least one of the numerous bills, your personal information may be sold to the debt collector mob.
If you use Medicare card, then the government keeps tabs on you every step of the way. If you have private health insurance, then your data is collected, stored, shared and used for making money by yet another business, in addition to talking large sums of money directly from your purse.
So, by the time you are done with just this one health issue, your personal, private and sensitive information is entered into hundreds of databases, stored on hundreds of servers all over the globe, accessible by thousands or maybe millions of people, and dozens of corporations are making money from it. Can you call this "privacy"? I certainly can't! And the worst part: you can't do anything about this. You have zero say and zero power. The only time you will find your own data behind a brick wall is when you yourself try to get full access to it or delete it. It is either impossible, or there are so many obstacles along the way that you will eventually give up.
In most cases, in Australia it is impossible to bypass the GP, or to get any medical services anonymously, even if you pay 100% out of your pocket. The only way to prevent or at least to lessen this personal data dissemination is to stay away from the medical establishment altogether. Which of course can be detrimental to your health. And who would benefit from that? The same government and corporations! They win no matter what you do.
If you give up your privacy and let your data to be scattered all over the world, they will use, misuse, abuse and sell it ten times over and spy on you from cradle to grave.
If you decide to avoid all doctors, then you are likely to shorten your lifespan, which is a win for the system too. Because you will still have to pay Medicare and all other taxes spent on healthcare despite being unable to get any use from it. And while it may sound shocking, but in reality neither the government nor private businesses like health insurance companies want to see you living past your retirement age. Their ideal scenario is when people live, work and pay taxes and fees, and then die the moment they can't do that anymore, before they become older and therefore a higher cost for them.

Anonymous, 6 April 2022

A worrying tally, that's true.
In addition, if in the meantime the person was prescribed any medication, their personal data would also end up with a chemist. And if that was one the massive groups, such as Chemist Warehouse, My Chemist, Amcal, PharmaSave, Discount Drug Stores, National Pharmacies, Priceline or Terry White, that's several thousand more potential data access and leak points.

While the immortality of the soul is questionable, the immortality of our data is a frightening fact in the modern world. That's why people should be at least as fanatical and serious about guarding their privacy as they are about their faith.

Anonymous, 22 June 2022

In addition to privacy issues, what bugs me the most about this ceaseless data-grabbing is that all government departments and businesses alike are very quick and eager to grab our personal data, but they are absolutely hopeless in making sure they enter and keep it correctly.

I've had to deal with errors made in my details by medicare, centrelink, dept of foreign affairs, immigration, transport dept, local council, banks, phone providers, utility companies and credit reporting agencies. Some of those errors costed me significant losses and stress, and yet those were their errors it my data that they demanded to have. I've had enough of losing my time, money and sanity, and on two occasions being threatened with fines and court. They never show you all the data they have on you, so you can never make sure it is all correct. You are never safe from the next blow.

Now I avoid giving my data to anyone, whenever it is only possible. Or give the absolute minimum. The less they have on you, the lesser the chance they will screw it up. Because they simply grab your data, do with it as they like, profit from it or spy on you, all the while any their mistake is your problem.

Happy Bastille Day!! Vive la Liberté!

P., 14 July 2022

"Where it is required or authorised by law" or "where the use or disclosure is required or permitted by that state's or territory's law" ... it really pisses me off to see these lines on every page that wants to snatch your personal information. What's the point of this lousy clause if we all know that the law requires, permits and authorises hundreds of organisations to access our private info? What choice are we given? To disagree? To opt out? Gladly! Can we then purchase a mobile phone without identity documents? Can we access all the government services we've been already taxed for without being told to create a mygov account? Can we submit tax returns in mytax without a phone number? Can we download any government apps without being forced to give our contact data to overseas corporations like apple and google? Can we unenroll from medicare and stop being taxed for it, to end its snooping through our health records? Can we refuse to fill the census? Or should the authorities just stop pretending that we have any privacy left?

Anonymous, 27 July 2022

Amazing that nobody's saying anything about this. But because we're constantly told to download this app or other by our banks, Medicare, Mygov, phone providers and so on, Google and Apple have obtained personal details of nearly the entire adult population!
Because we can't download apps without a Google or Apple account. And Google now wouldn't allow to create an account without a mobile phone number. And we can't get an Australian mobile number without identification....
Do you see where all this is going??

Anonymous, 30 July 2022

This lousy excuse really p*sses me off -> you are not qualified to interpret your own medical test results, therefore you can't request such tests yourself privately or get the results directly from the lab.

The doctors and lab technicians may not be qualified in computer and internet security. But that doesn't stop them from grabbing a tonne of my highly private and sensitive information and entering it there. Or worse - giving my data to a third party to manage, like Hotdoc or even some other app made and hosted overseas.

Jonny, 29 August 2022

It's time Australians began voting for the parties and independents who are serious about privacy protections! Of course the lower house is hopeless, same old same LIB<=>LAB, both supporting the worsening situation with privacy violation and mass surveillance. But in the Senate there is still hope.

People please! don't be lazy before each election. Go to each candidate or party site, open the 'policies' page and search for the word 'privacy'. It's super quick and easy to do this online. You don't even have to lift your bum off the couch. Just take a bit of time, do your research, and vote for the candidates who truly stand for your rights, freedoms and privacy. Your and your children's future is at stake!

Ali, 8 September 2022

Here we are: Optus got hacked. And now thanks to Australian government's obsession with collecting data "to prevent crime", over 9 million Australians lost their personal information and have their identity in jeopardy. And why is it only Optus being blamed for this? If the government didn't require telcos to collect names, addresses, birthdates, driver license and passport numbers, there wouldn't be much for hackers to steal.

Angry Customer of Hacked Optus, 23 September 2022

How does this incessant data harvest and perpetual storage prevent crime??? It only facilitates it! When will our police state learn that the only 100% secure data is the data that you haven't been given to anyone?

Angry Customer of Hacked Optus, 23 September 2022

To add insult to injury, the government 'solution' will most likely involve collecting even more personal data, not less.

T., 24 September 2022

Yep! Hacked Optus is the consequences of govt's requiring ID for every phone number, and then requiring a phone number for everything else.

Mykaela, 25 September 2022

This government and telco data greed doesn't stop criminals and terrorists, but it aids them alright. If a terrorist wants to get a mobile phone, they will get it with a fake ID. And now they have 9 million IDs to choose from! Only ordinary people will suffer.

Anonymous, 26 September 2022

The Australian government will never learn. Because they don't want to. Keeping everyone under surveillance is more important to them than the safety of their citizens.

Why can't we have prepaid SIMs anonymously? And if we must show our ID to get a SIM, then it should be sighted|checked but NEVER recorded. Otherwise we all will become victims of identity theft eventually because of our government's data greed.

It's a vicious spiral. First they asked everyone name and address. Then that information became public knowledge thanks to the AEC giving out electoral roll to everyone who wants it. So they began asking birth date and phone number. Over time this data got leaked|stolen|disclosed too. So they began asking ID numbers. This now got stolen by hackers as well. So what's next? Compulsory biometric data collection?? No thank you!!

Anonymous, 28 Semtember 2022

Write a Comment

Source:  annystudio.com