30 ways you can improve your privacy protection online and in real life

...Those who surrender freedom and privacy for convenience and security will have neither.

Have you ever found it annoying that too often it is impossible to do something basic without compromising your privacy? With alarmingly increasing frequency, people have to give out their name, address, email, phone number, fill a form, create an account, subscribe, register, enrol, join, or become a member when it is completely unnecessary or irrelevant to the service in question. For many privacy-conscious customers such attempts to harvest their personal data are one of the main reasons for walking away, seeking the same goods or services elsewhere, or rethinking the need for the service altogether. The good new though, the more people vote with their feet, wallets and votes, the sooner businesses and government departments will get the message that their invasion of privacy has gone too far.

One may not realise, but we are making decisions about our privacy all the time. Whether we are shopping, using bank cards, applying for a job, using social media, participating in a survey, using government services, or being pestered by direct marketing — anything that wants or has our personal information, has a potential to misuse that information, deliberately or out of simple negligence. In today's world of digital technologies, information became a valuable asset: it is worth big money, it brings more money, and that is the main reason why we are pushed to give out our personal information more often than ever. The rapid development of information technologies also made identity theft and fraud easier than ever, yet, unfortunately the frequent, excessive and often unnecessary collection of personal information by government institutions and private enterprises left people vulnerable to scam and identity theft. That is why we can never be too vigilant and cautious with our personal data.

Identity theft, fraud, blackmail, scam, manipulation, and many other crimes are only possible because someone obtained personal, private or sensitive information about another person. Most victims do not disclose their personal information willingly, knowingly or directly. The data is usually stolen, misplaced, misguarded, misused, or wasn't properly disposed of by someone else who was trusted to hold that information. There is no such thing as an absolutely secure system. Nobody can guarantee that their network or database will never be broken into by hackers, or that all their employees are diligent and sufficiently trained in data security. The only sure way to guarantee privacy and security is to not collect personal information in the first place: one can't lose what they never had. Which means that:

  1. Government agencies, departments and contractors, and also private companies and corporations should not ask people to disclose their personal information unless it is absolutely necessary and there is no possible way to do whatever they are doing without every single piece of the information they are asking for.
  2. As the former is not likely to happen (actually, the contrary is happening and is getting worse), every individual should safeguard their own privacy as much as possible and not hesitate to ask why each bit of their personal information is required in each case.

The following list of privacy improvement ideas is most relevant to Australia, but many points are applicable worldwide. By checking and rethinking these aspects you can greatly increase your personal safety, and the safety of your family and friends. Remember, each person is not only responsible for their own safety, but also for the safety of everyone they keep in their contact list.

Disclaimer: the following is a list of ideas and suggestions. Only YOU can decide what is right for you and which of them you wish to adopt.

Become aware of privacy issues and their causes

One of the most disturbing revelations in recent history is that the biggest potential threat to human rights, freedoms and privacy comes not from those who break the laws, but from those who make them. No matter how sophisticated scammers and hackers are, none of them has access to all personal information of every citizen. But governments do, just as they have the capacity to change the laws and remove privacy protections at any time. The consent you gave for the use of your personal data today may be used for a completely different purpose tomorrow.

The good news is that in a democratic society any governmental misdeed can (at least in theory) only go as far as voters allow it. Therefore it is an important obligation of every voting citizen to be aware of what the governments are doing, which privacy-affecting legislations get passed, under what pretext, for what purpose and with what likely outcome, and keep all that in mind when deciding who to vote for next time.

The “if you've got nothing to hide, you've got nothing to fear” is a very detrimental fallacy. Dignity and autonomy are basic human rights, and they cannot exist when a person cannot live their daily life free from surveillance, censorship and manipulation.

Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.

Edward Snowden
(Ironically, there is no explicit protection of freedom of speech in the Australian Constitution.)

Vote for the right people

The past two decades have proven that neither the Labor nor the Liberal party are interested in privacy protection. The legislation introduced and passed by them has been watered down and inadequate, designed to maintain the status quo, or paving the way for even more extensive invasion of our privacy and exploitation of our personal data.

If Australians wish to salvage what they still call “privacy” and “rights”, they should take election times seriously and vote for the smaller parties and independent candidates who take these issues seriously and genuinely have human rights, civil liberties and privacy protection in their policies.

Avoid facial recognition technology whenever possible

Despite the absence of clear regulations and guidelines on the use of facial recognition technology, Australian government and businesses are pushing ahead with its use. Retailers like Bunnings, Kmart and The Good Guys capture and store unique biometric information of the largely unsuspecting shoppers, while the government and police are building the national facial recognition database to which some states and territories have already dumped our driver's license data. In addition to the potential future abuse of our biometric data with no adequate oversight, accountability and privacy protections, this already abuses the driver licensing system itself. The purpose of a driver's license ID is to confirm that a certain person is licensed to operate an appropriate motor vehicle on public roads, not to give the government an opportunity for slurping up such highly sensitive data as our faces as use it for unrelated, vague or undisclosed purposes.

Never give out more information than necessary

If someone wants to collect your personal information, ask questions and make them justify their need for the data: Why do they need it? What will they do with it? How will they store and protect it? Who will they share it with?... This applies to any business, organisation, health care provider or government agency. If each person starts fighting for every bit of their personal data, data collectors will have to reconsider their appetites. Most often their demands for data are a mere effort to harvest as much information as they can and keep it until some future time when they discover a use for it. Unfortunately, a routine fishing expedition by marketers — collecting information for loyalty schemes and marketing databases — exposes consumers to greater risks when that data is sold or stolen. Even big companies with huge IT budgets lose control over the data they collected. Privacy and security experts say the increased demand for personal data creates an arms race: as identity fraud worsens, companies want to gather more evidence to establish a customer's identity, which in turn exposes more information to the risk of abuse or theft.

Use cash, at least sometimes

Increasing numbers of people are switching to cashless payments, paying for everything by card, or worse, by using an app on their smart phone. This may feel quick and convenient, but it also means that the bank, the payment processing companies, and potentially numerous third parties watch nearly every step of the person's life: from where and when they boarded and got off their commuter train to where and when they had a cup of coffee. In addition, the mere act of downloading the payment app onto the phone most likely means the person had to create an Apple App Store or Google Play account, which inevitably means giving your personal details to those corporations as well.

Unfortunately, the decreasing cash use gives governments an excellent excuse to start talking about abolishing cash altogether, which will not only take away the last option to have any financial privacy, but will also mean that the whole country can be easily paralysed by a hacker attack, or that nothing can be purchased during internet and/or electric power outage. Think of all those times when Australia has a cyclone, a storm, a flood, a bushfire... Power lines are down? Mobile tower burned? Broadband node flooded? Too bad: no food or fuel for you. Not so “quick and convenient” anymore, is it?

Or a much more mundane scenario: someone who decided to be ultra-modern and carry no wallet: no cash, no cards — everything is in their phone, which they accidentally drop in the toilet. Classics. Now what? They can't pay for anything, can't get anywhere, can't even call anyone to ask for help. Will that be the point where some futuristic fantasy proponent suggests we have implanted chips for human tracing and payments? ;)

Don't let your ID documents to be scanned or copied

When staying at hotels or other lodging facilities

Unlike some other countries, there is no legal requirement in Australia for hotels, motels and other accommodation providers to ask for identity documents, let alone copy them and retain those copies. Any Australian hotel demanding a photo ID does it at its own initiative.

As this practice creates a high risk of personal data misuse and identity theft, it has guidelines issued by the Office of the Australian Information Commissioner. In particular, it is advised that a business can scan a customer's ID or collect information from that ID by any other means only if:

OAIC also states:

Collecting unnecessary personal information is a breach of the Privacy Act. A business should not scan or copy a customer's ID, if sighting it would be sufficient for the purpose the business requires it for.

www.oaic.gov.au

Therefore, if someone wants to copy your ID, yet cannot explain what exactly it is needed for, how securely it will be stored and who will have access to it, they are acting unlawfully. So, do you really want to give your ID to someone who is breaking the law?

Research also indicates that the more relentless a hotel is in demanding a photo ID, the more likely it is to have customer data misused or stolen. And the larger the hotel or hotel chain, the larger the privacy breaches. For example, Marriott hotels insisted (and still insist!) on collecting excessive volumes of guest personal information, scanning their IDs, and retaining the data long after the guests left. In 2018 their network was hacked and thus compromised the personal information of 500 million people who stayed at their hotels since 2014. The stolen data included card numbers and expiration dates, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, and more. If Marriott can't afford a secure system, then a smaller hotel can't either. The only way to guarantee customer data safety would be to refrain from collecting it in the first place.

Check the privacy policy of the prospective accommodation before booking, and give your preference to those hotels who are either contend with merely sighting your ID, or care about their customer data safety enough to rely on other measures for their own security, such as credit card details, advance payments, bonds or cash deposits.

Also, beware of websites and online services that ask you to send them a copy of your ID, for any reason. If they don't trust you, why should you trust your ID to them? Sending a copy of your identity documents is unsafe, as the copy of your ID will not only be kept and used by that site for an unknown length of time and uncontrolled purposes, but can also be harvested along the way by email providers and other systems or apps.

When visiting clubs or other entertainment venues

Many clubs scan patron's ID upon entry, taking “you either do as we tell you or get lost” stance, giving zero explanations and disregarding legal requirements for this procedure. Not surprisingly, there have been numerous incidents when customer personal data collected by night clubs was misused or sold to dubious third parties without customer consent.

When paying with a credit card

“May I see your ID?” — you may never give a second thought to such request for identification when you pay with a credit card at a store or a hotel. While all credit card networks allow a merchant to ask for identification, Mastercard and Visa explicitly prohibit retailers from requiring an ID to accept a properly signed card. Merchants can ask for an ID, but you can refuse to show it and they still must accept the card. Some business owners are not aware of this or disregard card issuer restrictions on requiring an ID, and set their own policies that violate the rules, ostensibly to make sure the card indeed belongs to the person. It is also unclear how some merchants get away with pushing further and insisting on copying the ID instead of just having a look at it. Knowing your PIN is enough for getting cash out of any ATM, so it should also be sufficient for a card payment.

Close and delete all unnecessary accounts

There is no guarantee that once you have closed your account and requested that the company deletes your data, the company will actually do so. Too often companies prefer to hold onto customer data long beyond necessary, just in case they come up with a way to monetise it somehow in the future. However, cancelling, closing and deleting all the accounts, memberships and subscriptions that you no longer use or need gives you a chance that at some point your information will be removed from that system and thus will stop being an entry point for hackers and scanners into your life.

Opt out

Whether it is ticking all marketing “opt out” boxes on a paper form or opting out of online health record system, each step will contribute to security of your personal data.

Australian “My Health Record” system is still developing, and nobody knows whether the patient control over the stored data is going to be eventually restricted or removed. There is also no guarantee that the sensitive and/or identifiable health information won't be disclosed to third parties, stolen by hackers, shared for a research, or used for any purpose other than direct benefit for the health of the person — all without the explicit consent of the patients. In fact, in 2015 the Australian Bureau of Statistics announced that it will keep people's names and addresses collected during the 2016 census and link census data to health records.

Don't give your personal information to social media, cloud storage, AI devices, or Google

Once something has been uploaded to the Internet, it cannot be 100% deleted. It may be marked as “deleted”, or hidden from view, but it will keep being stored somewhere. Don't put important private information or large amounts of personal data on social networking sites. Uploading your data into cloud storage services like iCloud means you almost certainly lose your control over its privacy and confidentiality. Don't upload photos of people, yourself included, to Facebook and other social media sites: facial recognition technology is evolving extremely quickly and can be used for tracking you across online platforms and in real life.

Be mindful when creating an account on some websites, like Facebook. They often set a trap by initially allowing you to sign up with minimal personal details, let you use the account for some time, and later start demanding that you give them more information, like phone number or a government-issued ID. They won't let you access your profile until you give them that data. Before you sign up, search for online complaints like “Facebook suddenly requests my phone number” and see what you are getting into.

Using Google for all your Internet searches and Gmail for all your communication is another sure way to have no privacy at all. In addition to watching, analysing and recording everything you do online, Google is notorious for suddenly locking people out of their accounts (allegedly for “security purposes”) and not letting to log in even with a correct password until the person gives Google more personal data, such as mobile phone number or home address. Consider using other search engines, like DuckDuckGo, for at least some of your browsing, to avoid letting Google spy on you 24/7. And don't use Gmail for some or all of your correspondence, to prevent Google from knowing everything about your work, family, friends and other personal interactions. Many other email service providers snoop on their users too, but, unlike Google, they are unable to supplement that information with a detailed dossier on all your other online activities. You may like to consider a privacy-driven email service, such as Protonmail or Tutanota.

Think really well before getting a so-called smart home device, or any artificial intelligence technology, that is connected to the Internet, like Google Home, Amazon Alexa or Echo. They harvest enormous amounts of information about you and your daily life, end up knowing more about you than you could imagine, and send all that data to their vendors. Nobody can tell how and when this data will be used in the future.

Don't keep personal information on your mobile device

Many use their smart phones to store their own, their friends' and their family members' personal info, such as names, phone numbers, home addresses, email addresses, birthdays and online profile links in the contact list, sometimes supplemented by logins to your various accounts and copies of important documents. It may be handy, but don't forget that mobile phones are easily lost or stolen. In addition, the phone's OS or apps can gather and transmit all that personal information to an interested company or agency. Given that they can also collect information about the websites you visit, photos you take, your geolocation coordinates, contact lists, sms texts, email contents and phone calls history, and have an in-built “intelligent virtual assistants”, like Siri, that listen to everything you say, they may know about your private life more than you realise. Also, think twice before synchronising your mobile phone data with any sort of “cloud”. Even if you adopted “I've got nothing to hide” attitude about your personal life, are you sure that all the people in your contact list are happy for their personal details to be handed over to the company that owns the “cloud”?

If you must sync your contacts with a cloud storage, consider using short names or nicknames for your contacts, and avoid adding extra information about them, such as their photos or birthdays.

Use SIM PIN

Set a SIM PIN on your phone in addition to a passcode. A passcode is essential, as it protects the information stored on your phone. However, it cannot stop the phone thief from taking your SIM card out, putting it into another device and then receiving your bank authorisation codes, login links and multifactor authentication codes. A SIM PIN takes care of that. Every time your phone it restarted or when your SIM card is put into a different device, the SIM will be locked until the correct PIN is entered. After three failed attempts, the SIM will be locked permanently and can be unlocked only with a PUK, which is known only to you and your telco provider.

Refrain from plunging into using new gadgets and online services without checking their privacy policy first

In the past, we lived with anticipation and curiosity about the technology evolution, we were wondering what a new, interesting and useful discovery will be implemented next. And those new implementations were indeed interesting and useful. Today, the world has changed. For the majority of people, the technology evolves too rapidly to follow it with deep understanding. Nearly every day we discover that now we have to do things differently. Sometimes we have a choice, sometimes we don't. Too often we are told that now we have to upgrade, sign up, install an app, create an account or login in order to be able do the same things we were dong before (for example, the infamous my.gov.au portal). The changes are always touted as “improvements”, as something faster, more efficient and convenient.

Everything advertised as “one click away” is in fact a profile full of personal data away. People suddenly need to create so many profiles and logins, fill so many online forms, and accept so many “Terms and Conditions” that it is virtually impossible to carefully research, remember and keep track of each one. Usually, the users just tick the ‘accept’ box and submit a load of private information to the service, which will store, analyse, merge, verify, disclose, sell and use the personal information to its advantage in any way it sees profitable. Every bit of personal information we give away means we are tracked, targeted, profiled, and subjected to surveillance for “safety and security reasons”, at the same time increasing the danger of theft of our identity. The database with our data may be misguarded, misused, hacked or leaked, our identity may be forged or stolen, and once the information is passed into someone else's hands, there is no way back (hello Optus, hello Medibank!).

Freedom, privacy and safety are worth spending some extra time researching the true benefits and drawbacks of a new trinket or service before rushing into using it. Very often, the old trusty cash, cheque or paper form is more secure than all the “new and improved” apps and online frills. It also very beneficial for one's health to pick up a pen every now and then to exercise the fine motor skills with the old-fashioned writing rather than tapping the screen or pushing the buttons.

Don't install unnecessary apps

In recent years, some businesses and even some government services began requiring their customers to install an app. Vast majority of such apps fall within the range from pointless nuisance to technological discrimination. They do not offer any new functionality beyond what until recently was available through a website, but they require the person to have a compatible device, to get an account with Apple or Google, and to use the service on a tiny phone screen instead of a much larger laptop or a desktop computer monitor. This severely disadvantages the elderly, the visually impaired, and the privacy-conscious users.

It is easier and cheaper to create one web-page that would work in any browser on any device that to develop multiple apps for different platforms and then jump through hoops and hurdles in Apple App Store and Google Play Store. So why do business and government departments take their webpages down and peddle their apps instead? Most likely, because (a) they think that their useless app is cool and modern; (b) an app can show ads that most browsers successfully filter out; (c) an app can harvest much more personal data about the user and do much more tracking than any browser.

If whatever you are dealing with still has a web-browser alternative, use it! Otherwise we will soon be forced to keep getting the latest smartphones and installing hundreds of apps that will track everyone 24/7.

Ditch the companies that force you to use their apps

Some banks, insurance companies, telecommunication providers and other companies now require their customers to download their apps (e.g. my Optus app, myBOQ app, ANZ Plus app, etc) in order to be able to log in and manage their accounts. These companies must be too insensitive, too lazy or too greedy to hire decent IT specialists and create secure interfaces for proper desktop browsers for their online systems. They don't care that their customers may not have the latest phones, or be able too see all the important information on a tiny phone screen, or wish to compromise their privacy by giving their personal information to Apple or Google because an App Store or Google Play account is mandatory just for the chance to download such apps.

If you don't want to be forced into creating unwanted accounts with overseas corporations for the sake of being able to use an unwanted app, the solution is easy: leave the company that puts this pressure on you, that gives you no other choice besides their app. There are still banks, mobile operators and insurers that care about the privacy, security and comfort of their customers enough to offer desktop interfaces or even in-person/in-branch service options. The more customers they see switching to them for that reason, the greater is the chance that in a few years we won't all become slaves to mobile phones, apps, Apple and Google.

Beware of low quality apps and software

Unfortunately, programmers and IT specialists are not chosen from geniuses and brain elite anymore. Companies are cutting corners and are happy to outsource programming jobs, which means they are getting lower quality for lower cost. They know that everyone is pretty much forced to use online services these days and will have to put up with bugs and errors because too often there is no alternative.

Rapidly growing IT industry also means time pressure — to be quick, to be the first. New websites, apps, online shops, e-government services and internet banking systems are rolled out as quickly as possible, often skipping the thorough testing stage in the software development process. Illogically, companies don't mind spending extra time and money on unnecessary, fancy-looking design features, and would rather cut costs of proper security and testing. After all, a pretty interface is what gets the majority of new customers in. Once they signed up — the target is achieved, it will be too late when the customers discover the poor quality and unacceptable level of security of the system, their data is already in the system.

Promises of secure server connection or encrypted data transfer do not guarantee that your data will be securely stored and correctly used once it has passed through that connection. Solemn mentions of long cipher key, strongest industry standard encryption technology or military grade security have nothing to do with long-term safety. The system is as secure is its weakest component; and the vast majority of breaches happen because there are holes and errors in badly tested software often made by cheap, outsourced software developers, and because of poor security training or negligence of human staff using that software.

Beware that “deleted” doesn't always mean deleted

Once the information is entered into a database, it hardly ever gets deleted, even if you were told it has been. In modern databases, the information gets marked as no longer in use, but it may be kept in the database for a long time. The disk space is very cheap these days, and database management programs are very nifty and fast: anything can be kept indefinitely and restored at any point. Companies no longer run out of space on their archive shelves for paper documents, so no information needs to be destroyed, no matter how old and outdated. The best way to make sure your data in not stored forever in some database is not to let it to get there in the first place.

Don't use one email address for everything

Set up separate email accounts for different purposes. At the very least, have a “junk” account for anything you don't trust entirely, for example for subscribing to “newsletters” and “special offer” notices. If possible, don't enter your real name, date of birth or mobile phone number when creating an account for that.

Avoid surveys, competitions, prize draws, registering product purchases

Essentially, all these are baits in the fishing expedition for your personal data. Many companies use various win-whatever appeals as a way of obtaining customer personal information for their marketing research. No business does anything really for free: if they are offering a prize, it only means that the information they are expecting to collect from the participants will bring them more money than the worth of the prize they are promising.

Too often the purchased products come with a paper form or a link to an online page that you supposedly should fill on order to “register your warranty”. This is another smoke-screen for obtaining your personal details. Under the Australian Consumer Law, automatic consumer guarantees apply to products and services you buy regardless of anything else the supplier says. If the purchased product can be covered by a warranty, it is covered without any need to “register” anything. To guarantee the quality of the product, the supplier doesn't need to know your name, email address, phone number, where you live, how much you earn, how many children you have, and a tonne of other personal information, as this example of a ridiculously intrusive warranty registration form from Barbeques Galore demonstrates.

Be skeptical about loyalty programs and rewards cards

These are not about rewarding the customers, they are about spying on the customers. These schemes usually offer very little value while collecting huge amounts of customer personal information for data mining. The main objective of any business is to create a profit. So a business will never do or offer anything unless it yields more than it costs. Suppliers are always in search for strategies to sell us more than we need, or to cut corners in production and delivery. Targeted marketing is the most effective tool for that. And, as a result, we are not getting the best goods, only the best marketed goods.

By signing up for a rewards or loyalty card, you share your name, address, gender, age, interests, income range, and other information about your family and household. Then, every time you shop and use that card, you essentially tell the retailer what, when and how much you buy. All that data is collected, analysed, added to your profile, used to predict your next move, shared with other businesses, and sometimes even sold to third parties for even bigger profits. Next time when you are wondering how an ad, packaging design or a “special discount” managed to convince you to buy some rubbish you never needed, don't be surprised: marketers know about you and your behaviour way more than you do. They know how to target you when you are most vulnerable and susceptible.

Be careful with the medical system: it doesn't always act for the benefit of the patient

Within medical system, “privacy” usually means that the patients never get to see the full information about them that is collected and shared, while many other people and institutions have unlimited access to it.

Australian federal, state and territory authorities are continuously trying to ramp up the collection, matching and sharing of medical data on every person in Australia. From My Health Record, which people luckily can opt out of, through state systems like the HealtheNet in NSW, ieMR in Queensland or Clinical Information Portal in Victoria, which grab and share a massive array of private and sensitive data without giving people the ability to opt out completely, to the booking and patient management systems used by hospitals and small medical practices.

In each instance, patients can lose control over what data is collected about them, whom it is shared with, where it is stored, what it is used for now, and what it can be used for in the future. This severely undermines people's trust in the medical system, destroys the confidentiality between doctors and patients, and discourages people from seeking medical help.

Results of many medical tests, together with the patient's personal details, are reported to various government-run health surveillance programs and entered into screening registers and recall-and-reminder systems. The management of some of those systems and registers involves commercial third parties. For example, the National Cancer Screening Register is operated by Telstra. This personal information disclosure can happen without the clear knowledge and explicit consent of the patient. Or the patient is informed about this but given no choice and no option to stop their personal data from being distributed throughout the system. Other times, there is an opportunity to opt out of this data sharing and medical surveillance, but the patients are not told about it in advance, before the privacy of their data has been taken out of their control.

If you strongly prefer to make your own health decisions and wish to minimise the propagation of your personal data through the medical system and beyond, before consenting to any tests tell your doctor that you don't want your information to be shared with anyone. If your personal data has already been dumped into any of those systems or registers, there are ways to opt out of some of them.

For example, you can fill these web forms to opt out of the National Bowel Screening Program if you are aged 45–74, and opt out of the National Cervical Screening Program if you are a woman aged 25–74. Until 2023, providing your email in these web forms was optional. Now it became mandatory. If you do not want to give your email to the Screening Register, you can opt out by calling them on 1800 627 701 or by downloading, printing and mailing the relevant PDF opt-out form(s). When choosing the forms, pay attention to the options. The “cease contact and correspondence” form will stop the nagging messages, but the new information about you will keep being recorded in the register. Whereas the “opt out” form will stop the nagging and prevent any further information about you from being collected by the NCSR.

According to the NCSR “privacy policy”, the data that they have already collected will not be deleted, only made “inaccessible”, whatever that means in their terms. When screening registers were run by states, they were offering an option to delete the collected information. In the new national register, such option is absent. Instead, their policy says, your information may be used by the NCSR or given to other parties, such as professional disciplinary authority, child protection officers, enforcement bodies, court or tribunal proceedings, coronial inquiry, research, investigation, health promotion and planning purposes, and where the use or disclosure is required or permitted by that state's or territory's law — whatever this clause may encompass at any given time. Therefore, if maximum privacy is your priority, you may conclude that it is best to avoid being added to these databases in the first place.

Perhaps one day the government will realise that significantly more people would participate in such tests and programs if they could do it completely anonymously — the only way that can truly guarantee privacy and security. As of now, unfortunately, collecting personal data and spending taxpayer money on promotion campaigns seems to be the preferred modus operandi of the Australian government and healthcare system.

Stay vigilant when using memberships, clubs, doctors, dentists, pathology laboratories

A customer database is one of the most valuable assets of any business or institution. It is used for profit-increasing strategies and is sometimes shared with other companies for money or other benefits. The most unfair aspect in this arrangement is that this information is not only extracted from the customers for free, but the customers are given no choice, and are often charged admin / joining / new customer / new patient fees for that. Shops, clubs, gyms, entertainment venue ticket sellers, doctors, dentists, optometrists — all demand large volumes of personal information without ever explaining why it is necessary. As most of us know, it is impossible to visit a dentist or get a new pair of glasses from an optometrist without being later bombarded with reminders, marketing messages and special offers.

For example, optometrists obtain customer details under the pretext of being “healthcare providers” under the Health Practitioner Regulation National Law (which, by the way, says nothing about personal data collection and usage), and then use that data for marketing and spam. The customers are never given the choice of not being included into the mailing lists, or for their data not to be shared with numerous third parties, including mailing list services, which often are foreign third parties. The only option is to opt out once the spam starts coming. Unfortunately, opting out at that stage doesn't erase personal data from the marketing databases or stops its further disclosure and misuse, it only stops the unwanted communications, sometimes only for a limited time.

Medical establishments have become frequent targets of hacker attacks and honeypots for identity fraudsters: doctors and other medical professionals collect and keep huge volumes of highly personal and private data, yet have no skills or expertise to keep it secure. How many people dare to question why a medical centre is asking for certain personal information and what they are going to do with it? People simply comply and supply. Medical centres often engage other companies too look after their technology needs (which means those companies have access to your health information without being bound by healthcare privacy laws), or use third-party software for managing bookings, medical records and communications. That software is often made overseas and uses cloud facilities located in other courtiers, which means nobody knows what happens to your data and who has access to it.

Clinical pathology laboratories are data accumulation and sharing machines within Australian medical system: they obtain the patient personal details, add clinical test data to it, and then keep and share this information with medical practitioners, can disclose it the government or enter it into disease screening registers without asking for the explicit patient consent or offering any way of opting out of this. From the patient perspective, pathology labs operate one way: they take data from the patient without ever giving anything back, except for the bills if the certain tests aren't covered by Medicare. For any useful information the patients are forced to go back to the medical practitioners.

Be careful and vigilant every time you are filling a form, and keep in mind that the company is most likely going to use all this data for marketing purposes, and in case of a medical or semi-medical establishments, pass information about you to the government systems, which can share it with other government branches or link it to census and other data. If some information is demanded as “mandatory”, ask why. If there is no satisfactory answer, ask yourself whether you still want the “service” on these terms? Is it really worth the loss of control over your personal information, privacy and safety?

Be careful with financial borrowings: credit cards, loans, mortgages

Once you have made a loan application or borrowed any funds, your personal and financial information goes into the credit history and is shared with all sorts of third-party companies and credit reporting agencies, which may use this data in any way their policies allow. Credit providers, such as banks, may also share your personal information with credit reporting bodies for a pre-screening assessment. That is when the bank wants to decide whether you are a suitable person to bombard with spam about credit cards, loans and mortgages, even if you have never asked for any of those.

By borrowing money you not only enter the financial slavery and enable the lending institutions to make money off the interest you play, you are also forced to supply a load of your personal information which will be used by other companies to make money off selling or sharing access to it without your control or explicit consent. Given the fact that credit reporting agencies like Veda (now rebranded to Equifax) can easily navigate their ways around the law, can they be trusted to do a decent job of safeguarding your privacy?

It is also worth noting that many credit reporting agencies, such as illion, Equifax and Experian, which receive your personal information from your banks, utility services and phone provides without giving you any choice in the matter, are foreign-owned companies. Not only they may accumulate, store and share your data overseas, but they are also subject to massive hacker attacks, security breaches and data theft. The whole business and huge profits of those agencies are based on acquiring and using your personal data.

After the disastrous hacking of Optus and Medibank in 2022, many Australian were given advice to setup fraud alerts with credit reporting bodies. However that inevitably means giving those credit reporting bodies more of your personal and contact information. The problem wit this that nobody will ever guarantee that your data won't be stolen by hackers from those credit reporting bodies themselves. It is a vicious circle, and the main losing party on it are the ordinary people.

The fewer organisations have your personal data, the safer it is.

Rethink your usage of money management and budgeting tools offered by banks

Personal online budgeting services and software are actively advertised by banks as invaluable services to help the customers take control of their money and develop a better understanding of where they are spending and how much they are saving. Sounds great, but keep in mind that first of all, banks always help themselves.

The online personal finance planners have sophisticated transaction analysis engines for organising and categorising user data. Along with promising their customers to take all of the headache and guess work out of budgeting, tracking money and saving for goals, the banks are able to run rich customer analytics, for example by customer segment for more targeted marketing and to get valuable insights to our customers, for example, to see a comparison of spending patterns to others like them. Customers who use money management tools are providing the bank with a live picture of their financial situation at any point in time. When you use the budget planner or the “what if” scenario analysis option, you are giving your bank the important insights on your future plans. If you would rather keep your plans for your future to yourself, you may want to avoid using these tools. If your bank made it impossible to disable these tools, at least avoid adding more data to them.

By monitoring your financial transactions, banks continuously watch what you are doing, where you are staying, working, holidaying and shopping, what you are choosing and buying, who your insurers, doctors, friends and family are... Your everyday life is monitored, analysed, and that information being used by the banks and their partners. The only sure way to avoid being watched, analysed, categorised and targeted is to pay in cash whenever possible.

Shred

Shred all paper documents before throwing them out. Don't just crumple the paper up or tear it in half! Cut the paper to small pieces across the lines or text, paying special attention to the areas where your personal details are printed. If you have a garden compost bin, it is the best place for the paper shreds. Compost worms can be trusted with your privacy better than any human. :)

Don't skip the fine print

They are usually deliberately long and boring, but worth a look. Make note who your private information may be disclosed to. The fact that the company you are dealing with promises to protect your information doesn't necessarily mean that the third parties it shares your information with are going to do the same. Don't deal with a company if their privacy policy is vague, or you are not satisfied with its conditions. This also includes government agencies — they are notorious for passing personal information further. For example, Australia Post supplies customer details to Australian Electoral Commission and the Department of Transport, Australian Medicare passes data to Immigration Department, Immigration Department gives it to Australian Bureau of Statistics, state governments let information brokers sell driver licence, vehicle/property ownership and court information, and so on; and yet each department swears in their privacy policy that your privacy is very important to them.

Rethink your travels to or through certain countries

Watch out for travel authorisation requirements, such as ESTA, ETIAS or ETA. These are systems that an increasing number of countries are implementing for the purpose of collecting a wide scope of personal and sensitive data about travellers while purporting that they “don't require a visa”.

Countries collecting biometric data from visitors

What was once a procedure reserved for criminals, is now becoming a “normal” part of holiday travels. One by one, countries begin demanding tourists and visitors to submit their fingerprints, iris scans or photographs for facial analysis under the same overused pretexts: counter-terrorism and national security. It remains unclear how, by looking at fingerprints, the border security is going to tell who is a potential terrorist and who isn't; yet it is clear that this process harms civil liberties and invades privacy.

Countries demanding excessive personal information

For example, the US require all visitors to supply their parents names, all current and past citizenships, details of all past travels, national identity documents ever issued by any country, all present and past email addresses, phone numbers and social media accounts. Travellers are also obliged to supply passwords for any of their mobile devices or accounts to allow all the data to be searched and copied by security forces. The same is demanded from transit travellers who have no intention of leaving the airport! This violates not only the privacy of the travelling individual, but also the privacy of their family, friends and colleagues who ever shared any private messages, pictures or documents with that person. Doctors, lawyers, scientists and business people may be forced to break the law and moral obligations by disclosing sensitive information about their patients, clients, research or business to border agents; and after Snowden and Manning revelations, every person has solid grounds to distrust the US government promises or intentions regarding the data. These demands also severely undermine the freedom of speech, which is absolutely essential for a democracy, as people who have to travel to or through such country will be forced to censor everything they ever publish online, and because the US authorities do not give any explanations as to why the entry to the country was denied, any criticism of anything relating to the country can potentially impede the person's movements at any point in life. Unfortunately, the US disregard the much-quoted words of their very own Benjamin Franklin: Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.

If you do not wish to be treated like a criminal and be forced to supply your biometric and personal data for a foreign regime to keep and use in any way they see fit, you may want to research the entry or transit requirements of the countries before making your travel plans and instead spend your tourist money in the countries who don't think they are entitled to damage civil liberties and jeopardise personal safety of innocent individuals. Sadly, the choice is steadily narrowing.

Australian Border Force

Australian Border Force (ABF) has very broad and intrusive powers to search personal digital devices, such as mobile phones and laptops, and copy electronic information. An ABF officer can force you to hand over your phone and its passcode, take the device away for any length of time, look at and copy any information that you have on your device, share this information with other agencies — all this without having to have a warrant, explaining anything, giving you any reasons for what they are looking for and why, or informing you what information was examined and copied. Because of this lack of transparency and public accountability, it is unknown how often travellers are subjected to this violation of privacy, whom exactly ABF targets and based on what. People might be targeted because they are journalists, or privacy advocates, or whistle-blowers, or were simply born in a “wrong” country. We just don't know! The absence of federal charter of human rights in Australia means that in reality Australians have very few rights in such situations.

Stop telemarketing

If you are tired of telemarketing, add your number to the Do Not Call Register. This should stop legitimate companies from annoying you with their unsolicited calls, however this will not have any effect on scammers and other criminals. For Australia, visit www.donotcall.gov.au. For other countries, do a search and see if there is an organised way to opt out.

Watch out for scammers

If you are unexpectedly contacted by someone claiming to be an insurance company, a bank, a government agency, a debt collector, no matter what the reason, never give them any of your personal details. You can't be sure who the caller really is. If they are really your insurance company, bank or a government agency, they already have all the necessary information. If they want to “confirm”, “verify” or “make sure everything is correct because they are updating their system”, they are either too dodgy to do the update properly without such verifications, or are scammers trying to steal your identity. The easiest way to check is to call back via an official contact number and ask whether such verification has really been required. Never call back using the phone number the stranger gave you without making sure that number really belongs to the company they claim to work for.

Learn to recognise mission creep

If you notice that a company or institution suddenly needs more personal information than they needed before for the same service saying that they “will be unable to provide you with the service” without that information, demand an explanation. This is common, and is a direct result of unnecessary data harvesting combined with inability to keep the harvested data secure. First they need your full name and address, which quickly leaks out because every Tom, Dick and Harry asked for this data and added it to their flimsy databases, contact lists and apps. So they want your date of birth, to “enable you to be identified securely”; which of course also leaks from social media, email provider snooping, or a database of any entity that has it. Now they want your photo ID details, which will of course eventually be leaked too, because nothing can be kept secure forever, especially if everyone demands to have a copy of your ID and keeps storing that information in their databases even when it is no longer needed. With all personal details leaked, email accounts hacked and phone communication snooped upon, what is next? What will people have to provide for secure identification? Fingerprints? DNA samples? You get the gist.

Be aware of the recent changes in the Australian Bureau of Statistics and the privacy issues with the ABS census and compulsory household surveys.

Check ABR and ASIC policies before starting a business

If you are thinking about becoming a small business owner or sole trader, check how Australian Business Register and Australian Securities and Investments Commission work. First, Australian Business Register (ABR) charges people for the registration of a business or a company. The free publicly available lookup in Australia Business Register and Australian Securities and Investments Commission (ASIC) disclose only limited information about a company or a business name holder. However, for a small fee, third parties can obtain a much more detailed set of data.

One may argue that business registration is not a private affair in Australia, yet all this unlimited information trading may be very disturbing for the owners of small business who have no choice other than providing their home address for business registration, which may jeopardise the safety of their families if made publicly available. This whole arrangement is discouraging small business while benefiting large corporations, which is discriminating and has negative impact on Australian economy.

The most effective way of controlling and protecting information about oneself is not to share it in the first place.

“We value your privacy”. Really?

Even if you are dealing with a government agency, it is still wise to read all the fine print, privacy policy, and ask questions. There is no guarantee that one day all the private and sensitive information entrusted by people to what once was a government agency cannot be privatised and sold. Look at CITEC: an organisation given a power to manage shared services for the whole of government, including a major consolidation of Queensland government data centres; an organisation given access to more than 40 government and commercial information sources, including the data in investigative reports, property registers, motor vehicle registers, traffic incident reports, crime incident reports, is not just already making money off the private information people had to provide for free due to the government's requirements, but it is also considered that it could be sold off as part of a revenue drive to bring the economy back into the black.

Nearly every privacy policy document of each organisation starts with the solemn words “we value your privacy”. Unfortunately, too often this value is measured in dollars the organisation can make off the possession, use and sale of your personal information.

Further reading:

ID protection at crisis point, Sydney Morning Herald

The Australian Privacy Foundation dedicated to protecting the privacy rights of Australians, it aims to focus public attention on emerging issues which pose a threat to the freedom and privacy and defend the right of individuals to control their personal information and to be free of excessive intrusions

Australian Information Commissioner, a government website dedicated to privacy issues with a special focus on information technology and the Internet

No one likes to see a government folder with his name on it.

Stephen King

Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficent. Men born to freedom are naturally alert to repel invasion of their liberty by evil-minded rulers. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding.

Louis D. Brandeis, Lawyer and Associate Justice of the Supreme Court of the United States

The right to be let alone is indeed the beginning of all freedom.

William O. Douglas, Associate Justice of the Supreme Court of the United States

Big Brother in the form of an increasingly powerful government and in an increasingly powerful private sector will pile the records high with reasons why privacy should give way to national security, to law and order ... and the like.

William O. Douglas

A desire for privacy does not imply shameful secrets; without anonymity in discourse, free speech is impossible, and hence also democracy. The right to speak the truth to power does not shield the speaker from the consequences of doing so; only comparable power or anonymity can do that.

Nick Harkaway, novelist and commentator

I don't like to share my personal life... it wouldn't be personal if I shared it.

George Clooney

Privacy is not something that I'm merely entitled to, it's an absolute prerequisite.

Marlon Brando

Comments

Write a Comment

There is a big difference between a company that DID something to earn its customers' trust, and a company that HASN'T DONE anything [yet/known] to lose the trust of its customers. For example, Apple actively pushes its users to create Apple ID and backup/sync all personal data to its cloud. It actually takes quite a bit of determination and vigilance to bar the numerous attempts of any iDevice to upload your data to Apple. There is no simple "don't touch any of my information" settings, and the is no option to create an Apple ID without giving them your name and contact details. Apple portray themselves as a defender of its customers' privacy, yet they haven't actually done anything to prove it. Simply popping up a screen saying "Apple believes privacy is a fundamental human right..." proves nothing. Believing is not enough, it's the actions that matter. Speaking of which, Apple quickly ditched its plans for end-to-end encryptions when FBI didn't like it. Had Apple say 'no', stood for its beliefs in the fundamental human rights, and, in an extreme case, moved their operations to a country that aligns with their beliefs, then we would have had grounds to trust Apple's promises. But since Apple only "believes" in human rights, but prefers to have an easy life and cooperate with secret and intelligence services, I will never use their iCloud, backup or syncing, and always try to reduce the amount of personal data I keep on any devices made by Apple. There is just no way of knowing who this data will be shared with. The only personal data I have on my iPhone is contact phone numbers and emails of my friends, family members and colleagues (I never add addresses, photos or birthdays there), but I loved your idea about avoiding using names for my contacts as well. Initials or nicknames are an excellent way to add a bit more privacy even if Apple grabs my contacts and uploads them to its cloud against my wishes.

Anonymous, 27 June 2019

Our family was one of the 500 million victims of the Marriott hack in November 2018. We received a canned apology from them and an ass-covering 'warning' that our private details might have been compromised because we stayed with them a few years prior. We were furious that they kept our data for so long! If they deleted our data after we checked out, it would not have been hacked. But the biggest shock was to discover that they still want visitors' ID upon check-in even after that breach. We said NO and found a place in another hotel. Having just read in the news that Marriott has been hacked again, we are so glad we went to another hotel then. Will never stay with them in the future.

Anonymous, 3 April 2020

We have an appalling situation with covid vaccination bookings in Australia. As if vaccine shortages weren't bad enough, now we are coerced by our own government into creating HotDoc accounts and signing up for third party crap just to be able to book the vaccination. Doctors decline to accept phone bookings and walk-ins, and demand that we book through HotDoc, which is a commercial organisation and should not be permitted to take advantage of this pandemic disaster to became a middleman between the taxpayer-funded government-run vaccination program and the taxpayers!

Anonymous, 7 August 2021

These Australian government and hotdoc online covid vaccination bookings are pure evil. You have to give them a phone number to be able to register. There is no way around it. And because a photo ID is mandatory for mobile phones in Australia, we have a situation that unless you give your ID data to a phone provider first, you can't get a vaccine. Telcos and commercial booking systems like hotdoc are in business, while ordinary Australians are in deep shit with zero privacy.

Chris, 11 August 2021

This is not a coronavirus pandemic. This is a data grab pandemic.
Want to get food? You must have a check-in app, and an email address, and a phone number.
Are you forced to have a phone number? You must give your photo ID to Telstra, Optus, Vodafone, or some other telco. And then wait and watch how all your communications become the property of ASIO spooks.
Are you forced to have an email address? You must give your personal data to Gmail, Hotmail, Yahoo, or some other overseas email provider, and let them read all your private correspondence.
Are you forced to have a check-in app? You must create an Apple or Google account to download it. And then watch how US secret services go through your personal data.
Are you forced to have a covid test? You must give your personal data, and of course you must have a phone number. And then wait and see how your personal data is used to lock you up.
Are you forced to have a covid vaccine? You must book online, enter your personal data, and you must have an email and a phone number. And then watch how you personal data and medical information is sold off by someone like HealthEngine.
Are you vaccinated and now forced to show a proof of vaccination or vaccine passport? You need a Medicare app.
Are you forced to use a Medicare app? You must have an Apple or Google account to download it. And then it must be tied to a mygov account.
Are you forced to have a mygov account? You must enter personal details and provide an email address.
Have you finally got your vaccine passport? Now you have to show your personal details and medical information to every Tom, Dick, and Harry who think they have the right to see it.
And the worst thing: none of this will end even when this pandemic is over. The government will find another excuse why the status quo must remain.

Anonymous, 12 August 2021

One explanation why people are not allowed to test for covid anonymously is that these test samples can be used by the authorities for DNA profiling. It is exactly the same procedure when police collects DNA samples for criminal investigations. Only with covid it is much more convenient for them, no consent is needed. People are queuing up to provide the samples voluntarily. Nowhere in the paperwork it guarantees or even mentions that your covid test sample will never under no circumstances be used for anything else. Anyone who questions this are labelled conspiracy theorists, sure enough, as if the government has never lied or covered anything up before! Having everyone's DNA data is a dream of governments, insurance companies and financial corporations. Why would they pass on such a perfect opportunity?

Anonymous, 14 August 2021

A brilliant quote from one of the Electronic Frontiers Australia talks:
"Power is enacted for a particular reason, but then it is used in a different context. And we've seen this time and time again with the legislation that gets passed; a lot of if is the legislation since 2001. A global war on terror was declared, and the terror won; just as in the war on drugs, the drugs have pretty much won. What we've got was more terror, but we've also got more responses to that: it became an authoritarian ratchet, where every time the power is given it is never taken away. And the problem is never resolved because it is a war on an abstract noun. You can't win one of those, but it is very convenient for someone who wants to accumulate power."
You can watch the whole video here: EFA Talks: Stepping Stones to Dystopia

Bob, 18 August 2021

We can't be too careful with our privacy, especially in Australia. While everyone is busy surviving this pandemic and vaccine shortages courtesy Australian government, the same government pushed through a hideous surveillance bill that shocked the free democratic world. With the new Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021, Australian police and intelligence services can hack your computer or any other devices. They can access, collect, delete, modify and falsify your data, and take over your social media accounts, and all that without a judge warrant.
Australia became a prison colony once again. Anyone can now potentially be framed for a serious crime by ACIC or AFP. There are no safeguards in the law that can stop them from simply changing your data to suit their agenda. There are no limits, no oversight.
As usual, it was done under the anti terrorism, drugs and child exploitation pretext, nothing new there! But really isn't it about keeping the rich powerful? An arm of government or a multi-billion corporation that is breaking laws, tired of human rights defenders, or inconvenienced by some investigating journalist could get the police to hunt people down using government-sponsored malware, break into and plant things on people's phones, and make all corporate and political problems go away.

Anonymous, 1 September 2021

Mass surveillance is not about the hackneyed terrorists or pedophiles, it is about having control over every single person in the country. Very convenient for the government and for those who line their pockets.

Rick M., 2 September 2021

Does anyone have any doubts that today's Auckland supermarket attack will be used by New Zealand government for levelling our laws with Australia? The timing of events is unbelievable. A few days ago Australia amends their surveillance laws to a draconian extent, and suddenly New Zealand desperately needs to do the same. The most heartbreaking part is how ordinary people are always at loss. We already lost almost all privacy to our government's anti-terrorism travesty, and yet we are still getting stabbed when we go shopping!

Anita, Auckland, New Zealand, 3 September 2021

It still seems impossible to get covid vaccine without online booking, which requires that we must to provide unique email address and mobile number that have not been used to register before. My husband and I share one email account that is a paid service hosted in Australia. This means only one of us can get the vaccine. Contacting the government health department was a waste of time. Their response was that we should create another email account on Gmail, Outlook or Yahoo. Which is them basically saying, go and give your personal data and private correspondence to an overseas corporation that will spy on you. This is totally unacceptable! Email address or phone number should not be mandatory for any taxpayer-funded vaccine or service.

Anonymous, 6 September 2021

As Moderna vaccine is coming to Australian pharmacies, stay away from booking through the Pharmacy Guild of Australia sites www.guild.org.au and www.findapharmacy.com.au. According to their policy, they can use your contact details for marketing and promotional spam. It's a pity that some turn the pandemic emergency and desperation into data abuse for profits, which damages people's trust in pharmacies and vaccination program.

Anonymous, 17 September 2021

"Informed consent is a fallacy if the person cannot alter the consent they are giving; or if the consent is locked in a point of time, which allows the consent given today to be used for a different reason later." Electronic Frontiers Australia

H.S., 7 October 2021

It is all about personal data and control, always has been. Thousands of people die every year in Australia because of the fear or reluctance to see a doctor due to privacy concerns. Does the government and the medical system do anything about it? Do they offer an option to get medical help anonymously? Are they decreasing their demands for personal data? Nope! Instead they want to grab more data and share it with every arm of government that wants it. MyHR, MyGov, Medicare, ABS... That's in addition to forcing many patients into booking medical appointments online, through commercial booking systems, which of course are only too eager to grab all the personal data as well.
But...a few hundred people die FROM covid during the whole pandemic (not talking about those who died WITH covid, which the government still counts as covid fatalities), and the powers see it as an opportunity to turn this country into a prison colony, lock everyone in, force to undergo vaccination (which by the way didn't bring back our normal way of life), grab everyone's latest and freshest personal and contact data through travel passes, vaccinations and covid tests, and get DNA sample through covid tests as well. If they were allowing anonymous on-the-spot testing, that would at least be believable that it was done ONLY for medical reasons. But no, they want full name, dob, home address, medicare number, id, email, phone number,... so that they have a full file on each person.

Ole, WA Australia, 6 November 2021

As the attendance tracking apps with QR codes are now mandated by every state and territory, they became a part of the most extensive mass surveillance operation on Australian soil. Yet the laws that protect personal data are weak, vague, inadequate, and in some states non-existent. For example, Queensland still hasn't introduced the laws that would ban unauthorised access to that data. But then, what else can we expect from the state that practises forced hospitalisations of everyone who tests positive?
To have any public trust and cooperation, the whole country must have uniformed laws:
The collected personal information must be limited to the minimum necessary for achieving the stated legitimate purpose.
The data collected under the pandemic pretext must never be used for anything else or combined with any other data. No if-s, no but-s. No exceptions for police, ASIO and the rest of that wonderful bunch.
This data must be securely stored in Australia.
All pandemic-related apps and other software must be open source.
This data must be completely and irreversibly deleted once it is no longer needed for the purpose it was collected for, including all data from QR-code check in apps and vaccine status certificates.
All surveillance systems and tools must be dismantled when the state of emergency has been lifted.
The state of emergency must not continue beyond what's absolutely medically necessary.
There must be severe punishments for the governments and their employees for breaching these laws. There also must be severe penalties for employers, business operators and anyone else who abuses any data from covid tests, vaccine certificates or contact tracing apps.
Individuals must have the right to sue for breach of their privacy. Otherwise, the governments will continue do as they please without any repercussions.
And these have to be legislation/laws, not regulations. Because regulations can be changed by any minister at any time, while legislation changes must go through the parliament, which is the foundation of democracy.

Anonymous, 17 November 2021

Australian governments, federal and state, but especially state, have turned COVID into a policing issue, not a health issue. They've got unprecedented powers across all aspects of people's personal lives. It truly is scary how Australia managed to get to this point with virtually no challenge. Compared to the rights and protections they have in the EU and US, Australia is an undemocratic police state.

Anonymous, 3 December 2021

There is virtually no data privacy within Australian medical system. Let's follow this example from scratch:
Suppose you have (hopefully not!) a health issue that requires hospital treatment.
First, you will have to see a general practitioner. For that, you will need to make an appointment. These days, many GP places want their patients to use online booking systems. You will need to create an account and enter a load of your personal data, which will become a part of this system that is made and maintained by some other company, stores your data in an unknown location and makes it available to an unknown array of people. If you entered your email address, then your email provider will be privy to your health communication as well. If it is something like Gmail, Google will add all medical information from your emails to a profile it has on you. It will also mean that Australian and overseas spying and surveillance agencies get access to that information as well.
Then you get to your appointment and have to fill another load of forms handing over yet more of your personal data. That data will be entered into the medical practice system, and most likely will be stored on a remote server belonging to the company that provides that system, or even uploaded to some cloud storage that may be overseas. Your data is also likely to be entered to the reminder system that will go on pestering you about screening and follow up appointments.
If you need any medical laboratory tests, like a blood test, your data will be given to the pathology lab. It gets entered into their system, uploaded to their cloud storage and disclosed to various third parties "as required or authorised by law". Those pathology labs often are big chains with thousands of people working for them. Who and when has access to your information, anyone's guess.
If you have a notifiable disease, ranging anything from cancer, through measles, to laboratory-confirmed influenza, your personal and contact details will be immediately reported to the government.
If you need any diagnostic imaging, like X-ray, CT scan or MRI, your data goes to the imaging provider, their system, their cloud and their related parties.
Then your GP will send you to a specialist, and your data will be added and proliferated through the medical and accounting systems that the specialist uses.
If during your appointment the doctor makes some notes on their personal computer, your personal and medical data is likely to end up somewhere in Apple iCloud or Google Drive, which means overseas and accessible by overseas agencies.
Then if you need to be admitted to hospital for a surgery or other procedure, your will need to fill the hospital admission forms. Again, these days they want you to create an online account and enter all your info there. This of course adds your data to yet another system of an unknown scope. If it is a public hospital, your data can become a part of a massive behemoth with thousands of employees. If it is a private hospital, your data will become the property of a private business, which may be foreign-owned.
If during the hospital procedure an anaesthetist was required, your data goes to them as well, then to their accountants, their computer systems and their cloud storage. If assistive imaging was used, then your data goes there. If histology analysis was requested, your data goes to a pathology lab, which is likely to be different to the one that got your details earlier.
If you felt too rotten after the procedure and forgot to pay at least one of the numerous bills, your personal information may be sold to the debt collector mob.
If you use Medicare card, then the government keeps tabs on you every step of the way. If you have private health insurance, then your data is collected, stored, shared and used for making money by yet another business, in addition to talking large sums of money directly from your purse.
So, by the time you are done with just this one health issue, your personal, private and sensitive information is entered into hundreds of databases, stored on hundreds of servers all over the globe, accessible by thousands or maybe millions of people, and dozens of corporations are making money from it. Can you call this "privacy"? I certainly can't! And the worst part: you can't do anything about this. You have zero say and zero power. The only time you will find your own data behind a brick wall is when you yourself try to get full access to it or delete it. It is either impossible, or there are so many obstacles along the way that you will eventually give up.
In most cases, in Australia it is impossible to bypass the GP, or to get any medical services anonymously, even if you pay 100% out of your pocket. The only way to prevent or at least to lessen this personal data dissemination is to stay away from the medical establishment altogether. Which of course can be detrimental to your health. And who would benefit from that? The same government and corporations! They win no matter what you do.
If you give up your privacy and let your data to be scattered all over the world, they will use, misuse, abuse and sell it ten times over and spy on you from cradle to grave.
If you decide to avoid all doctors, then you are likely to shorten your lifespan, which is a win for the system too. Because you will still have to pay Medicare and all other taxes spent on healthcare despite being unable to get any use from it. And while it may sound shocking, but in reality neither the government nor private businesses like health insurance companies want to see you living past your retirement age. Their ideal scenario is when people live, work and pay taxes and fees, and then die the moment they can't do that anymore, before they become older and therefore a higher cost for them.

Anonymous, 6 April 2022

A worrying tally, that's true.
In addition, if in the meantime the person was prescribed any medication, their personal data would also end up with a chemist. And if that was one the massive groups, such as Chemist Warehouse, My Chemist, Amcal, PharmaSave, Discount Drug Stores, National Pharmacies, Priceline or Terry White, that's several thousand more potential data access and leak points.

While the immortality of the soul is questionable, the immortality of our data is a frightening fact in the modern world. That's why people should be at least as fanatical and serious about guarding their privacy as they are about their faith.

Anonymous, 22 June 2022

In addition to privacy issues, what bugs me the most about this ceaseless data-grabbing is that all government departments and businesses alike are very quick and eager to grab our personal data, but they are absolutely hopeless in making sure they enter and keep it correctly.

I've had to deal with errors made in my details by medicare, centrelink, dept of foreign affairs, immigration, transport dept, local council, banks, phone providers, utility companies and credit reporting agencies. Some of those errors costed me significant losses and stress, and yet those were their errors it my data that they demanded to have. I've had enough of losing my time, money and sanity, and on two occasions being threatened with fines and court. They never show you all the data they have on you, so you can never make sure it is all correct. You are never safe from the next blow.

Now I avoid giving my data to anyone, whenever it is only possible. Or give the absolute minimum. The less they have on you, the lesser the chance they will screw it up. Because they simply grab your data, do with it as they like, profit from it or spy on you, all the while any their mistake is your problem.

Happy Bastille Day!! Vive la Liberté!

P., 14 July 2022

"Where it is required or authorised by law" or "where the use or disclosure is required or permitted by that state's or territory's law" ... it really pisses me off to see these lines on every page that wants to snatch your personal information. What's the point of this lousy clause if we all know that the law requires, permits and authorises hundreds of organisations to access our private info? What choice are we given? To disagree? To opt out? Gladly! Can we then purchase a mobile phone without identity documents? Can we access all the government services we've been already taxed for without being told to create a mygov account? Can we submit tax returns in mytax without a phone number? Can we download any government apps without being forced to give our contact data to overseas corporations like apple and google? Can we unenroll from medicare and stop being taxed for it, to end its snooping through our health records? Can we refuse to fill the census? Or should the authorities just stop pretending that we have any privacy left?

Anonymous, 27 July 2022

Amazing that nobody's saying anything about this. But because we're constantly told to download this app or other by our banks, Medicare, Mygov, phone providers and so on, Google and Apple have obtained personal details of nearly the entire adult population!
Because we can't download apps without a Google or Apple account. And Google now wouldn't allow to create an account without a mobile phone number. And we can't get an Australian mobile number without identification....
Do you see where all this is going??

Anonymous, 30 July 2022

This lousy excuse really p*sses me off -> you are not qualified to interpret your own medical test results, therefore you can't request such tests yourself privately or get the results directly from the lab.

The doctors and lab technicians may not be qualified in computer and internet security. But that doesn't stop them from grabbing a tonne of my highly private and sensitive information and entering it there. Or worse - giving my data to a third party to manage, like Hotdoc or even some other app made and hosted overseas.

Jonny, 29 August 2022

It's time Australians began voting for the parties and independents who are serious about privacy protections! Of course the lower house is hopeless, same old same LIB<=>LAB, both supporting the worsening situation with privacy violation and mass surveillance. But in the Senate there is still hope.

People please! don't be lazy before each election. Go to each candidate or party site, open the 'policies' page and search for the word 'privacy'. It's super quick and easy to do this online. You don't even have to lift your bum off the couch. Just take a bit of time, do your research, and vote for the candidates who truly stand for your rights, freedoms and privacy. Your and your children's future is at stake!

Ali, 8 September 2022

Here we are: Optus got hacked. And now thanks to Australian government's obsession with collecting data "to prevent crime", over 9 million Australians lost their personal information and have their identity in jeopardy. And why is it only Optus being blamed for this? If the government didn't require telcos to collect names, addresses, birthdates, driver license and passport numbers, there wouldn't be much for hackers to steal.

Angry Customer of Hacked Optus, 23 September 2022

How does this incessant data harvest and perpetual storage prevent crime??? It only facilitates it! When will our police state learn that the only 100% secure data is the data that you haven't been given to anyone?

Angry Customer of Hacked Optus, 23 September 2022

To add insult to injury, the government 'solution' will most likely involve collecting even more personal data, not less.

T., 24 September 2022

Yep! Hacked Optus is the consequences of govt's requiring ID for every phone number, and then requiring a phone number for everything else.

Mykaela, 25 September 2022

This government and telco data greed doesn't stop criminals and terrorists, but it aids them alright. If a terrorist wants to get a mobile phone, they will get it with a fake ID. And now they have 9 million IDs to choose from! Only ordinary people will suffer.

Anonymous, 26 September 2022

The Australian government will never learn. Because they don't want to. Keeping everyone under surveillance is more important to them than the safety of their citizens.

Why can't we have prepaid SIMs anonymously? And if we must show our ID to get a SIM, then it should be sighted|checked but NEVER recorded. Otherwise we all will become victims of identity theft eventually because of our government's data greed.

It's a vicious spiral. First they asked everyone name and address. Then that information became public knowledge thanks to the AEC giving out electoral roll to everyone who wants it. So they began asking birth date and phone number. Over time this data got leaked|stolen|disclosed too. So they began asking ID numbers. This now got stolen by hackers as well. So what's next? Compulsory biometric data collection?? No thank you!!

Anonymous, 28 Semtember 2022

After this Optus hacking nightmare I had to replace my driver licence. And while filling the new licence form I began to wonder...why did driver licence application require the person's town and country of birth? I asked the government employee, and was told that it was just for identification.
But this doesn't make sense. They already have my name, date of birth and home address. This should be enough. I am convinced that for the purpose of driver licensing the place of birth is irrelevant. This information can only be used for deep surveillance and racial discrimination, and becomes additional data for hackers to get hold of.

Anonymous, 9 October 2022

Everyone is now talking about the Optus data breach and criticising the personal data collection by all other telcos. But nobody is saying anything about the grossly excessive data collection by doctors, medical practices, laboratories, centres and hospitals. This page seems to be a rare exception.

Any medical establishment has much more identity data than any telco, plus plenty of very private medical information. In many cases this data is entered and stored in patient management apps that are purchased overseas from shonky developers. And doctors get broken into by hackers all the time. But because each hacked doctor doesn't have 10 million patients, it all gets hushed and nobody attempts to curb their appetites for our data. I am convinced that Optus hack victims got so much attention and help only because 10 million people have been affected, including half of our government. But when hackers steal all your personal data from your local GP, nobody cares. Business as usual.

Why aren't Australians allowed to seek medical advice and medical help anonymously? If people can't use Medicare for that, ok. The government should at least let people do that by paying out of pocket. Enough of this medical surveillance from cradle to grave. The Optus hack showed us all that looking after one's privacy and personal data is just as important as looking after one's health.

Vanessa, 12 October 2022

Australian healthcare system does make an impression that collecting patient personal data is more important than respecting the patient's privacy and wishes. Luckily it so far hasn't implemented the UK model where each person has to register with one GP. In Australia people at least have the freedom to see several practitioners simultaneously if they so wish.

The fun continues. Now Medibank joins Optus at the cyber attack party. Another 4 million customers turned into potential hacker victims. First, our government blackmailed half of Australia's population into paying for private health insurance. Then the insurers grabbed customer money and personal data. And then they spent the money on idiotic ads instead of proper security.
I left Medibank 3 years ago and yet I received an attack warning from them. Why are they holding onto my data for so long? Especially if they are unable to keep it secure.
If the Australian government has half a brain, they should rewrite all privacy laws ASAP and mandate that all corporate dimwits delete all ex-customer data immediately after the customer had left. And by DELETE I mean wipe it out properly, without any chance or restoring it later. Not just mark it as 'hidden' or 'deleted' in their shonky apps.

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 14 October 2022

I've just received this message from Medibank, "Our ongoing investigation continues to show no evidence that any customer data has been removed from our IT environment. I want to reassure you we take the protection of your information very seriously, and this remains our key priority."
They couldn't make it more vague and useless.
The question isn't whether the data has been REMOVED from Medibank's environment. The question is whether it has been ACCESSED|COPIED|DOWNLOADED by the perpetrators.
I can well damn see that my info hasn't been removed from Medibank. How else have they been able to contact me?

Anonymous, 18 October 2022

I am totally pissed off by the advice given to data breach victims to set up a credit monitoring with Experian. To do that, you will have to give Experian more of your personal and contact data. And who will guarantee that it won't be stolen by hackers from there??

Anonymous, 18 October 2022

All companies and government services are data theft targets. All of them! And for us as customers it is their mandatory requirement to accept their "Privacy" Policy, which is actually designed to protect the companies and their sub-contracted third parties, not the customers!

We are given no choice but to hand over our personal data to those companies. And when ('when', not 'if'!) it gets stolen, we hear nothing but useless apologies and excuse stories.

Tina, 19 October 2022

After downplaying the impact of the breach, Medibank have finally revealed that the highly sensitive data their customers trusted them with has in fact been accesses and copied by hackers.
The most upsetting thing about this terrible incident is that out of 3.9 million Medibank customers, the majority were basically financially bullied by Australian government into taking up private health insurance. Under threat of Medicare levy surcharge, these people were forced to give their money and personal data to health insurance companies.
And now what we've got?
* The members of Australian government who came up with this policy, no doubt to for the benefit of their mates in the insurance industry, either have lucrative jobs or are comfortable retired.
* Medibank made billions.
* The government offloaded their healthcare spending while retaining and even increasing Medicare taxa.
* And ordinarily Australians lost their money, their personal data, and most likely also their safety for the rest of their lives. Because once personal data is stolen, nobody can know when, where and how criminals are going to use it.

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 20 October 2022

Unfortunately this seems to be the case. People are essentially forced into getting a phone number, because almost every company and government entity requires it as mandatory. And those with certain level of income are financially penalised by the government if they don't have private health insurance, which means that they are more or less forced into it as well. In Australia that means giving a lot of identity data to the companies like Optus and Medibank, where the data not only isn't protected properly, but it also looks like it isn't deleted when no longer needed, thus compromising the safety of ex-customers as well as all current customers.

Even more unfortunately, after these horrendous data breach incidents we get nothing but meaningless "I unreservedly apologise" or "I acknowledge the disappointment" from the companies' CEOs. It is highly unlikely that the government will put an end to excessive personal data collection, or mandate the swift deletion of unneeded data, or allow people to obtain phone numbers without giving out their identity. If there is any change, it will most likely be towards finding more excuses for even wider mass surveillance and even more intensive collection of personal information and data matching.

Haha I am so glad now that I've spent the past 10 years refusing to leave my details in unnecessary places, deleting my details from wherever possible and rejecting to create mygov and myhealthrecord. All that time people called me crazy and paranoid. Not so paranoid now, right?

Anonymous, 20 October 2022

Well done! Being vigilant in regard to one's privacy and personal data is what this page and a lot of this site has been about for almost two decades. Those whose laughed and mentioned paranoia were of course free to do so, but they don't seem to be laughing now.

And I am glad that I refused to pay my Medibank premiums via direct debit. Medibank contacted me several times trying to convince me how "convenient" that would be. I said NO and insisted on yearly invoices. Now I know that at least my credit card details haven't been stolen from Medibank, because I have never given it to them. Although of course a credit card can be easily changed, unlike name, address or date of birth. But it's still wise to protect every bit of data whenever possible. If the government and corporations can't do it, then we have to. And the most effective way for us to do it is to refuse to give out in the first place.

FC, 22 October 2022

It looks like Medibank had our data stolen from all its numerous brands. I am so angry about this! And I would really like to see every responsible member of Medibank staff to be held accountable, from the minor cretin who let his/her credentials to be stolen, all the way up to the CEO. Same for Optus and every surveillance-obsessed member of the government who mandated that telcos should collect and hold onto our data. Ideally they should be forced to have all their personal data published online, for all hackers and scammers to help themselves. Then they will understand how it feels to live for the rest of one's life in fear that at any moment someone can misuse your identity, rob you, or commit any crime in your name. The same should also be done to every member of the government who instituted this forced private health insurance system. Don't those corporate and political shysters get that it is impossible to compensate someone for the loss of their identity?

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 25 October 2022

Today's news: "Medibank has confirmed the criminal entity behind the cyber attack on the company has access to personal data and health-claims data of about 4 million current customers, and countless former ones too."
Why? Why?? Why??? Why do they keep the data of countless former customers?! Greedy swines!
It seems that in Australia if you want your data to be safe, you should never ever take out private health insurance or give your data to any company at all. Because ditching any one of that shitty bunch later is not enough. They never delete you data. They hold onto it forever, devising how to make more money from it. And as long as they hold your data, your privacy will always be in danger.

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 26 October 2022

This hacking business with Medibank is terrifying and extremely distressing.

All my life I have been super careful with my data. I took great care, and so there has never been a shred of my personal information online or in wrong hands. That's why I have never had any problems with scam, spam, or theft. I have never had to worry. Until now. All because I was forced by our own government to get health insurance and give my personal data to Medibank. And now Medibank by its gross negligence ruined it all.

I am also deeply insulted by Medibank's word play and corporate trickery during this whole incident. In every message they emphasise how transparent they decided to be. But the truth is that they didn't _decide_ it. The law requires them to. And they haven't been transparent. They have been downplaying the damage until they no longer could. Their definition of "no evidence that the data had been accessed" was that they hadn't had the hackers to prove it to them, not that they carefully analysed their system and were absolutely sure of data safety. What kind of security is that, to rely on hackers to prove otherwise???!!!

Now I wonder what else might have been stolen from them and all other companies over the years without anyone even knowing. Maybe that's why Australians get scammed so badly all the time. Corporations always blame ordinary users for that, while in fact the main threat to our data are our government and so-called legitimate businesses.

Anonymous, 26 October 2022

Now it looks like it's going to be a finger-pointing performance over the stolen data of ex-customers. The government reproaching Medibank and Optus for slackness and shitty security. While Medibank and Optus saying that the government required them to keep old data for years. Meanwhile the ordinary Australians have to wade through the shit all those well-paid bloodsuckers created.

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 27 October 2022

Perhaps if data security had truly been taken seriously by those companies and by the government, the former customer data would have been kept in a separate isolated system not connected to the internet. It would have satisfied the legal requirements, and at the same time it would have protected thousands of people from this disaster. But unfortunately the ultimate focus always seems to be on hoarding more data and making bigger profits.

In addition, if it is the Health Records Act that requires health insurers to hold onto former customer data for at least 7 years, it still doesn't explain why the data of those former customers who had never made a claim hadn't been deleted. The records of those customers do not contain any medical information, and therefore shouldn't be kept under the excuse of the Health Records Act.

One would think that if those companies really cared about customer data safety, such critical identity data as passport numbers, driver licence numbers and Medicare card numbers would be either kept in a totally isolated data storage or not kept at all.

These number are either no longer needed after the initial identity check, or only needed extremely rarely for serious criminal investigations. And for such serious cases someone should be able to move their ass and retrieve the data for the police from a physically isolated secure storage.

And for medical insurance claims, Medicare number should be asked when the claim is made, and then immediately deleted once the claim has been finalised. Hackers can't steal the data that has been deleted!

But nooo... the likes of Optus and Medibank would rather rake in extra dollars in profits and save money by outsourcing. That's probably why all our critical identity data was available online. And of course the hackers just waltzed in and helped themselves.

Those companies made their billions, but we have to live in fear that someone may take out a loan, or open a bank account, or commit some crime using our names. Because the criminals now have sufficient personal data to do any of that at any moment.

Anonymous, 2 November 2022

I've never had more than one random opportunistic scam call per month. Now thanks to Medibank and to the government policy that forced me to take out PHI I am inundated with targeted scam! Dozens of calls every day. And they all know my full name, date of birth, home address, etc.
"The information was obtained after a criminal stole a password and username from someone with the ability to gain access to all of Medibank's customer data."
So how about we get to know who that 'someone' was, how that imbecile let their password to be stolen, and which superior imbecile hired the first imbecile for such a responsible position. Ans so on. All the way to the top.
They think that working for a large company that sits on the personal data of millions of innocent people is all about big salaries. They forget that it also requires solid qualifications, relevant experience and huge responsibility. They think that some lousy MBA degree and experience in sales or project management makes them experts in IT security. Clueless corporate idiots!

Anonymous, 9 November 2022

Uhuh, that's Australia's fair go. Forced to pay Medicare, forced to pay PHI, and now afraid to use either of them fearing that your private&medical info can end up in the hands of criminals. 100% profit for the govt and their mates at PHI.

Anonymous, 10 November 2022

There are class action processes against Optus and against Medibank. The problem is that in our anti-privacy and anti-individual-rights country those actions will either achieve nothing, or the offending companies will simply increase their prices and make the remaining customers repay back the money lost in fines and compensations.

S., 12 November 2022

Got this from Medibank today:

"Confirmation of data stolen in recent cybercrime
"Dear ***,
"We're deeply sorry to inform you that some data relating to your membership has been stolen in the recent cybercrime event. Based on our investigation, we can confirm the following data relating to your membership has been stolen:
• first name and surname
• gender
• date of birth
• email (where you have provided it to us)
• address
• phone number (where you have provided it to us)
• policy number
"We believe data that was stolen has been released by the criminal on the 'dark web'. The dark web is a closed online network, often accessed for criminal purposes. We strongly advise all affected customers to take the precautions outlined to safeguard their online identity. We recognise the distress this may cause you and we apologise."

The most insulting are those 'where you have provided it to us' remarks. As if Medibank gave us any option NOT to provide that information!

They made it MANDATORY to give them my phone and email! Otherwise I would have never given it to them.

I never ever give any of my personal data unless I am forced. That's why it all has been safe and secure until Optus and Medibank let the criminals take it. So now I am getting a barrage of scam calls and messages every day. And I am sure that millions of other victims are in the same situation.

And yes, big thanks to Medibank for the idiotic advice! I was perfectly capable to keep my data safe and secure until:
• We were forced by our government to buy this insurance
• We were forced by Medibank to give them our personal data
• We were forced to pay hefty premiums
• The corporate greed of Medibank spent more money on marketing than on security.
And now all we get are insincere corporate apologies and idiotic advice that it is now our responsibility to protect ourselves from criminals.

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 14 November 2022

Yeah yeah now we are getting a smokescreen of excuses. Now Russian hackers are to blame, not the morons from Medidumb and not the Aus govt. Did they really think that sitting on the personal data of 10 million people only means big profits? They've obviously forgotten that it also means big responsibility and an obligation to have top-notch security.

Anonymous, 16 November 2022

Totally agree! I am really getting pissed off with Medibank's and Australian government's fingerpointing at Russian hackers. What, didn't they know before that hackers exist, Russian or otherwise???

Hackers can only steal what's not secured properly. And in this case our data has been stolen only because Medibank grabbed it AND failed to keep it secure. And the Australian government is guilty of forcing PHI onto people and of not having proper legal protections for our personal data.

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 17 November 2022

Thanks to the morons at Medibank all our personal info is now available on the dark web! I can really confirm this! I have just received a scam email to the email address that I have ALWAYS used ONLY for the Australian government and Medibank! Nobody else had ever known it and I had never had any spam or scam there. Never. Until MB morons let it become known to all criminals in the world!

Jul-, 4 December 2022

@Jul-: Same here. I began getting spam and scam to the email that I have ever only given to myGov, Medicare and Medibank. I have always been super careful with my privacy and my personal information. I specifically had this one "safe" email, so that I could be sure that everything that comes to it was legit. Not anymore. Thanks f*ing Medibank!
It doesn't matter how careful and responsible a particular Australian citizen is. Australian gov and/or corporations will f*ck the his/her privacy & safety up.

Anonymous, 5 December 2022

Folks, beware! Now that thanks to Medibank and Optus all scammers on this planet have our phone numbers and home addresses, they became very cunning.

Because these days most people don't answer call from hidden numbers, and because Australian telco allow any scammer to show anything as the caller ID, the scammers have long been using caller ID spoofing. They simply picked any random number, sometines accidentally belonging to an unsuspecting individual in Australia, and other times totally fictitious, and showed it as their caller ID. Until now, scammers usually used Victorian and NSW landline numbers or Australian mobile numbers for these purposes. But smart people quickly learned not to answer interstate or out-of-town calls if they weren't expecting one.

But now, because Medibank and Optus provided the whole dark web with our full personal details, scammers have got a new trick. They began spoofing phone numbers that are geographically close to your home. I have never experienced this before, but in the past few days I have been getting numerous calls from all sorts of local numbers. Some belong to hotels, restaurants and other businesses in my area, others are just private local numbers. I have never given those places my contact details. In fact, I have never visited most of them. But after googling each caller ID I could see that it belonged to some place nearby.

So scammers now take your home address, find places that are close to you, and then start calling you pretending to be from those places. To many people such calls may appear more legitimate. They may be thinking that it's their doctor, dentist, childcare, school, accountant, etc is calling.

Please folks, be careful! Don't get fooled. Since Australian businesses and Australian government supply scammers with our data instead of protecting us, we have to do everything to protect ourselves.

Malcolm, 8 December 2022

Thank you Malcolm for this detailed warning!

I feel so distressed and let down by Optus, Medibank and the Australian government! I thought I was the most careful person and that my personal information was really safe, because:
- I have never used any social media.
- I have never had any avoidable online accounts with any commercial entities, not even apple or google.
- I have never "subscribed" for anything or anyhow shared my data with anyone online or in person.
- I have made sure that all my family and friends are very careful with all their personal data too.
- I have never given any of my personal information to anyone, except where I was forced by Australian laws, like giving my details to telco, insurance companies, banks and some government departments (e.g. for driver licensing).
The result: over 2 decades of perfect safety. Until Optus and Medibank screwed us all up big time. Now I am bombarded with spam and scam. I am absolutely devastated. This damage is irreparable.

Anonymous, 8 December 2022

Spot on about international travel! In recent years it morphed into the main avenue for harvesting biometric identifiers. Fingerprinting in Korea and Japan, iris scans in Emirates, facial biometrics at Australian SmartGates. It would be perfectly ok if those gates took an image, did the matching, and then deleted it. But nothing ever gets deleted, right?

Nowhere in the SmartGate privacy policy could I find any information about how long our photos are stored for, who has access to them, and for what other purposes they are used later.

Everything is added to a big fat file on each of us and is kept forever. And then of course the laws change and suddenly all that data is used for the purposes very far from those original purposes it was obtained for.

Every time you go through any Australian international airport, your face gets added to a massive searchable biometric database, together with all your identity data. Add to this the fact that airport security is outsourced to private companies, and all our most valuable data ends up in the hands of the government agencies AND in the hands of a private enterprise.

All the while we are fed the same bullshit mantra that "organisations must take reasonable steps to ensure the personal information they hold". Same bullshit that applied to Optus, and to Medibank, and to all other data-greedy corporations that got hacked. And what? Were the guilty named and got punished? Were the victims duly compensated? Did anyone get their safety and privacy back? Nope! Optus and Medibank keep making millions of dollars by exploiting us and our data, while we now have to deal with a barrage of scam calls and text messages every day.

When someone in the government decides that it's a good idea to collect everyone's data, put it in the cloud and share across multiple systems and governments, too many people get access to all that, making it an excellent target for hackers.

When you have all your personal and biological identity compromised and your life destroyed, it doesn't matter whether the organisation "took reasonable steps". After such breach you can't have your life back, ever.

You can cancel your credit card, you can change your password, but you can't change your name and date of birth every time one of those swines get hacked, and you certainly can't replace your face.

Anonymous, 12 February 2023

...not to mention the country-wide facial recognition database with our biometric data that our caring government assembled from all our driver's licence photos kindly provided by the state governments. The pretext was of course to enable the police to combat crime. But in reality it is for mass surveillance and population control.

You can test it yourself next time when someone snatches your bag on the train. Even if that person's face is clearly recorded by CCTV cameras, nobody will be found. Especially if the perpetrator is one of the precious "disadvantaged". Police will find nobody. Absolutely. Nobody. But just you try to do anything in protest against the abuse of our rights and civil liberties, and the police will immediately find who you are and where you live.

The primary reason why the state wants our biometric data is for surveillance and control, not for the wellbeing of individual citizens.

Anonymous, 12 February 2023

There has just been a class action launched against Optus over their 2022 data breach. Hopefully it will be a thorough lesson to all the data-grabbing corporations. But in my opinion this class action should be against both Optus and the Australian government. Because it is only thanks to the surveillance mania of the Australian government the telco had the opportunity and the obligation to harvest our ID, which subsequently was what led to such massive damages to people's privacy and data safety.

Rebecca, 23 April 2023

Precisely. No breach can leak the data that isn't there.

Medicare aka Services Australia is by far the largest spying and surveillance agency in Australia. They have the most money because they grab a portion of everyone's income regardless of whether the person uses them or not, and they collect data on everyone. They grab 2% of everything you earn, pay back a pittance, and harvest all your very private medical and personal information. And they share your data with many other agencies. I know this for certain because I once changed certain details in Medicare only, but soon many other agencies had my new information too. I was even contacted but some poxy researchers who obtained my data from Medicare. They knew my name, home address, other contact details, and they knew which medical tests and procedures I had done. I had never heard of those researchers before and have certainly never given my consent for this outrageous invasion of my privacy. Now I have zero trust in Medicare. I wish I could un-enrol from Medicare, make them delete all my data, and put a stop on their stealing my salary.
I also absolutely hate how the whole system is set up. Hardly any doctors bulk-bill now. So you end up with huge out of pocket expenses on top of what Medicare had taken from you and what you have been forced to pay to private health insurers. And you have to pay the whole amount immediately, then give Medicare your bank account details to get a fraction back.
If they really wanted to lower your medical bills, why not let you pay less straight away? Guess why not? Because then they may not get the detailed surveillance report on where and when you go, about which doctors you see and which exactly tests and procedures you have done. People would probably use pseudonyms for most medical appointments, to guarantee their own privacy. But with Medicare you get no privacy. Your medical history and your personal data is in their hands and is shared with others.

Anonymous, 7 May 2023

Isn't the real purpose of all eTA and ESTA to collect personal information on ordinary law-abiding people for subsequent discrimination? It has nothing to do with real crime or terrorism. Because when security agencies have substantiated suspicions that someone is linked with crime, they don't need any eTA to deal with that person.

And now sadly Europe is about to jump on this bandwagon with their ETIAS. The only reason why authorities would ask about your place of birth, birth name and the names of your parents is for ethnic profiling, stereotyping and discrimination. They of course swear that such discrimination is illegal and is not going to happen. But what else would they want that information for? There is no other use for it, because nobody can choose where to be born and to whom. So if these countries are not going to use that data for their travel authorisation decision-making, why ask for it? Full name + date of birth + current citizenship + match of the photograph are more than enough to uniquely identify any individual. And the countries that in addition to this also harvest fingerprints have no excuse here at all.

The most worrying thing about ETIAS is that a database that is shared between 30 countries and accessed by millions of bureaucrats, border force employees, security and surveillance agency personnel cannot possibly be kept secure. It will inevitably be abused, breached or hacked, thus leaking personal information of thousands of expatriates and political refugees to murderous dictatorship regimes. And because those victims are not citizens of the countries that had their ETA system breached, they will get no help and no protection.

Elias, 8 May 2023

Too right Elias!
I also think that this obsession with place of birth data is excessive and suspicious.
I once enquired at Queensland Transport Department as to why their driver licence application form wants to know the town, state and country of birth. How could this data possibly be relevant to my ability to be a safe driver? I can only see it being used for racial discrimination and surveillance. Otherwise what are the chances that a person with identical full name, identical date of birth and identical photo appearance lives with me at the same address?
One of their muppets actually responded, "It is for identification purposes only! For those rare freak cases when parents give their twins the same name."
I then asked whether he truly believed that in such cases the town/state/country of birth would be different and would actually help to differentiate those twins.
The muppet found nothing to say to that.

Anonymous, 18 May 2023

It's the same shitty situation everywhere. Every entity collects maximum information, but not for your benefit. Only for spying on you.

For example in banks. For international transfers, in addition to the account number (which of course is a perfectly legit requirement), they also want the beneficiary's full name and home address. What for?

The bank terms say, "We don't check names against account numbers. We won't be responsible and accept no liability for any transfers that are not sent to the intended recipient because incorrect details were provided."

So why do they demand the full name and address? Not to prevent mistakes or to make sure that you don't lose your money. They want that information only for spying on everyone!

Anonymous, 3 July 2023

Many countries introduced travel authorisations during the Covid pandemic. Allegedly only for health protection reasons, to deal with the virus. The pandemic is now well over, but of course all those authorisation requirements remained. So obviously the pandemic was only a pretext for installing these systems that increase data collection and surveillance of ordinary people.

Anonymous, 7 July 2023

It is extremely frustrating that we are held hostage by the companies and governments that demand our personal data but don't keep it safe.

Tania, 26 October 2023

This new ETIAS application requirement is going to be the reason why I will have to stop travelling to Schengen countries. I loved travelling to Europe for its history and the remnants of the cultural achievements of its past, but it looks like Christmas holiday 2023 will be my last trip to Europe. After that I will be holidaying in the countries that have much more respect for the privacy and security of my personal information.
I absolutely cannot understand why all my life we didn't need any "authorisation" to travel to Europe, but from 2024 we suddenly do. We are the same people. What has changed? The increase in the insatiable desire to hoard everyone's data and to spy on everyone? No thank you. I do not believe that ETIAS system will be able to keep our information secure. It is an impossible task. This system will be shared between 30 countries that can't agree even on the most basic political and economic points. I don't want my data to be held by them and potentially misused in the future when one of those countries has a sudden political tantrum.
An important point to keep in mind that ETIAS and EES will apply only to non-EU citizens/residents, who of course don't have the same rights and privacy protections as the EU citizens. EU keeps expanding to include the countries which I definitely wouldn't want to have any access to my personal data. Just think what will happen when it turns out that one of those countries siphons your data to some non-democratic regimes? Another lame "sorry, but you'll just have to suck it up"?
It's even more ridiculous considering that the EU let in millions of individuals whose personal and cultural values are incompatible with European law, order, and principles of democracy. That's where the majority of today's issues in Europe stem from. Definitely not from a few Australian and New Zealand tourists that travel to Europe for a holiday. So, from 2024 I will be spending my tourist money in the countries that haven't joined this data-grab charade.

Anonymous, 2 December 2023

Another thing that is absolutely infuriating about those data-grabbing forms that we have to fill is that they are almost always multi-page. You don't see in advance all the privacy-intrusive questions that you have to answer, so you can't decide in advance whether you want to even begin filling the form. On the first page they always ask you for your identity information: name, date of birth, passport number, phone number, etc. And only on the following pages you get to see the questions that make you decide to abandon the process. But by that stage you personal data has already been grabbed, sent to their cloud, and no doubt will never be deleted from there. And you never know how it will be stored and used.

Anonymous, 14 January 2024

A warning to everyone who is banking with NAB:

NAB have removed the Remitter Name (Payer Name) field from the Pay Anyone page in their Internet Banking. Now you have absolutely no say in which of your personal information gets passed to other parties. NAB now takes your full name, slaps it into the transaction description, and sends it to everyone whom you have to transfer funds to.

Clearly, NAB have learned nothing from the recent massive data breaches in Australia. Instead of protecting the privacy of their customers, they took steps to do the exact opposite.

I have always used only my last name for all funds transfer transactions. It was perfectly sufficient for the payee in identifying the payment, but it would be insufficient for identity theft. And I am sure that many people did the same. But now NAB robbed us of this opportunity to protect ourselves.

Angry Customer of Hacked Optus and Super Angry Ex-Customer of Hacked Medibank, 15 January 2024

This indeed can be a privacy issue for some customers. For example, for women who wish to keep their private life private by continuing making payments to some parties under their maiden name. In the past, they were able to enter the desired remitter/payer name for each transaction. But it seems that now NAB strips them of their privacy and announces their new name to everyone.

Presumably, this increasing disregard for customer privacy and the removal of the customer control over how their personal information is used is a part of the general shift of the banking system from providing financial services towards policing and surveillance. That's why we now often hear of the incidents where banks close someone's accounts without any apparent reason and without any explanation. Some risk assessment system within the bank makes a decision based on who knows what — and the person gets thrown out without ever being told why. The situation is becoming more difficult for ordinary people, as they are forced by the governments and private companies to have bank accounts, yet the terms are often unacceptable, and the accounts can be closed by the banks at any time with no transparency. "Terrorism" and "money laundering" became everyday pretexts for almost any action perpetrated by financial institutions against private individuals.

Another reason for this change may be the bank's move to Osko payments. Osko doesn't seem to offer the customers any choice or flexibility in this regard. It simply grabs the full name of the account holder and sends it out.

This is a really good article. As as I was reading it, I couldn't stop saying, 'yes, yes, yes...'
Personally, amongst the listed 'offenders' I find Australian medical system the most extensive invader of privacy. They collect the widest scope of very personal data while holding vital medical help hostage.
For example, in Australia it is virtually impossible to test for STI anonymously, even when paying fully out of pocket and not using Medicare. People are forced to give their personal information, and if tested positive, they get reported to the government!
Given the extreme sensitivity of the issue, this means that many people would not do such tests because they don't want to be forced to provide their personal information. But as Australian medical system is much more concerned with collecting personal information and reporting it to the government than with keeping people healthy and safe, thousands of people have to live with STD, damaging their own health and possibly infecting others - all because Australian system left them no other option for protecting their privacy.
We all know that the promises that the data will be kept "confidentially" and "safely" are worthless. Privacy laws can change at any time, the system can be hacked, and there are always numerous exceptions for when and how personal data can be disclosed and used for other purposes - just read thought any so-called privacy statement!
This obsession with data collection costs ordinary people their health and their lives.

Anonymous, 27 April 2024

It's been almost 2 years since the Medibank data breach, and its horrible consequences seem to be worsening. At first it was just a barrage of spam and scam calls and messages, but now I am getting notifications of various accounts registered in my name.

I know for certain that the Medibank breach is the cause if it, because the scammers are using my email address that was stolen from Medibank. I used it only for my insurance, banks and government services. Nobody else knew this email address, not even my friends and family. And none of the other places reported a breach.

The situation is extremely distressing. It is terrible to feel so violated and powerless, and to live the rest of my life not knowing where and how my details can be used by criminals. There is no way to solve the problem. I find the ubiquitous advice to request a credit report from credit reporting agencies very unhelpful for two reasons:
1. A credit report can only indicate that my data has been breached and that someone else was attempting to open some accounts or take out loans in my name. I already know that it is the case! The third parties who accessed my credit report as a result of the data misuse will not delete my personal data anyway. They all want to collect and hold maximum data about everyone, they don't care if that data was illegally obtained from criminals. So, report or no report, there is no way to get your privacy and safety back.
2. To provide a credit report, Equifax, Experian, and Illion all want my ID credentials, which would only increase the risk of further, more serious data breaches. At the moment, only my full name, address, date of birth, phone number and email address have been stolen from Medibank. Luckily, Medibank did not have any of my ID credentials. But if any of the credit reporting agencies get hacked (this has happened before, and it will happen again!), my ID credentials will be stolen as well, and with that, hackers can cause infinitely more trouble for me. Trying to deal with the consequences of one data breach by giving more data to more companies is an utterly stupid advice.

And by the way, if you are a data breach victim, and found yourself being contacted by debt collectors or any other entities, never give them any additional information about yourself. What they have on you is already bad, because it came from criminals. But your best defence is that they hopefully don't have a lot of your identity information and credentials, so you can prove that what they have was stolen by hackers, and that the company where the debt originated should have had better security checks.

Data breach victim, 6 July 2024

Always read privacy policies or ask who, why and how will collect, keep and use your data. If you don't think they need it, don't give it!
Never be afraid to say 'no'. Protect yourself fiercely. Because once your identity gets stolen, your life will turn into hell forever.

Anonymous, 8 July 2024

Excellent article. And good point on not letting your ID to be copied. Especially your passport! You have to be very careful and unwavering when travelling, especially when checking into hotels. GDPR do not allow hotels take copies of customer passports, but in some countries they still do it! Portugal, Spain, Italy and France are big offenders. Hotels in Paris are particularly bad. They keep scans of passports without any security on their computers. Once I even saw hotel staff taking photos of passports with their own phones! If this happens to you, brace yourself for a serious identity theft! A copy of your passport in the wrong hands can be extremely dangerous. Anything can easily be stolen by hackers in those hotels, or even sold to criminals on the dark web by unscrupulous employees.

L-, 5 August 2024

In Europe, the collection of ID documents details by hotels probably depends more on a particular hotel than a country. The best way to protect one's privacy might be to do some research before booking, to see if there are any online comments or reviews about a particular hotel mentioning that they requested passport details or made a copy of it, and to eventually find and book a hotel where they don't do such things.

Great point about paying cash!! Although it is getting harder to do it not only in Australian but also when travelling overseas. In some countries there are now many places that do not accept cash. This means that banks can spy on each purchase and know exactly where what we buy, but also slap a very unfavourable conversion rates on to p that, and some extra fees!! I really can't understand how it is allowed not to accept cash while it is still official currency of the country. Such "no cash accepted" signs should be illegal.

Anonymous, 17 September 2024

This is another reason for doing some research when planning an overseas a trip. Some countries are more 'cashless' than others. There can also be a big difference between large cities and a small towns within the same country. In Europe, for example, the Netherlands is quite bad in this regard (many places there do not accept cash, and often there are no warning signs), France is midway (cash is accepted in most places, but by default they expect a payment by card), Germany is great (cash is accepted everywhere)...

Write a Comment

Source:  annystudio.com