CyberCX has released its annual Digital Forensics and Incident Response Year in Review Report for 2023 

REPORT A CYBER INCIDENT
TALK TO AN EXPERT
REPORT A CYBER INCIDENT TALK TO AN EXPERT
Privacy by Design Awards 2024

Privacy by Design Awards 2024

 

The Australian Privacy by Design Awards are back for a third year running with an exciting new format opening the awards to all organisations and government entities operating in the Australian market.

 

Book tickets

 

 

CyberCX and the Tech Council of Australia are proud to join forces to deliver an annual Insights Report and Awards Event recognising excellence in Privacy by Design.

Many organisations view privacy through the prism of risk management or regulatory compliance, but increasingly organisations are learning that privacy, done well, is a means of building trust with staff, customers, users and the public.

Privacy by Design aims to promote the virtuous cycle of data and user experience benefits for organisations, individuals and the community as a whole.

In 2024, the Awards will move to being nominations-based. CyberCX and the Tech Council of Australia are calling on all organisations, large and small, corporate and government, to showcase how they demonstrate one or more of the seven Privacy by Design Principles in managing personal information in their organisation.

decor
decor

Who can nominate

Nominations have now closed

  • Any organisation, being a small business, corporation or government that operates in the Australian market and manages personal information of Australians.
  • You do not have to be an employee of an organisation to nominate it for excellence in privacy by design, so long as you can demonstrate knowledge or provide evidence that an organisation is doing something to embody the Privacy by Design Principles in its function.

 

CyberCX and the Tech Council of Australia are excited to announce the finalists for the 2024 Privacy by Design Awards

Large Enterprise Category Finalists:
Canva, Google, NAB, QBE Insurance, and Woolworths Group

Small/Medium Enterprise Category Finalists:
BlueKee Identity and Protect, Cryptoloc Data Security, myprosperity, and pixevety

Government Category Finalists:
Digital.NSW (Department of Customer Service), Healthdirect Australia, and System Information and Analytics Branch, NSW Ministry of Health

 

The event

An awards event will be held in Sydney on Thursday, 2 May 2024 as a lead in to Privacy Awareness Week. 

The evening will feature:

  • Keynote presentations from Australian privacy leaders
  • 3-course dining and drinks
  • Awards ceremony to recognise leading brands in Privacy by Design

 

Dress code
  • Business attire

 

Tickets
  • Limited tickets and tables available for purchase. Book now to avoid missing out.

 

Who should attend?
  • Privacy, security, risk and data professionals, and other industry and government sector representatives. 

 

 

Our speakers

The Honourable Mark Dreyfus KC, MP, Attorney-General of Australia

Privacy Commissioner, Carly Kind

Jacqui Davy, Global Head of Privacy and Product Counsel, Canva

Alastair MacGibbon, Chief Strategy Officer, CyberCX

Book tickets

 

decor
decor

Meet the Privacy by Design Awards Judges

 

Anna Jaffe – Director of Regulatory Affairs and Ethics, Atlassian

Ryan Black – Acting CEO, Tech Council of Australia

Adam Ford – Managing Director ANZ, International Association of Privacy Professionals

Min Livanidis – Head of Digital Trust, Cyber and Data Policy, Amazon Web Services

David Batch – Executive Director, Privacy Advisory, CyberCX

John Pane – Chair, Electronic Frontiers Australia

Johanna Weaver, Director – Tech Policy Design Centre, Australian National University

decor
decor
Winners of the 2023 Privacy by Design Awards
decor
decor

Examples of previous winners of Privacy by Design Awards include:

 

The Australian Broadcasting Corporation (ABC)

The ABC was awarded for a leading demonstration of Privacy by Design Principle 7: Respect for user privacy – keep it user centric.

We all love to hate cookie banners. With the introduction of the cookie law in Europe in the 2000s we saw an explosion of cookie banners on websites that were either European based or which operated in those jurisdictions. It’s probably fair to say this law was passed with little real direction on what good would look like, and in the main, businesses reluctantly introduced this measure to meet the new regulatory requirements, but designed them in a way which would encourage a user to either accept no privacy as a default, or make choosing privacy so difficult that people would choose no privacy out of frustration. Dark patterns ensued which had the practical effect of making the whole existence of a privacy banner pointless.

Privacy practice has since progressed, and brands are now discovering how to make the process meaningful and frictionless.

Of course, in Australia we don’t have a similar direct regulatory requirement for such a measure, but it can be quite reasonably argued that poorly designed cookie banners, particularly those that encourage or mislead people into making bad choices, do not meet our consent requirements. Despite this, there aren’t many good examples of one-click, dark-pattern-less cookies banners in the Australian market that give visitors to websites an informed and easy choice not to be tracked for marketing and analytics purposes.

The ABC, however, demonstrated as close to good practice in this field. As at May 2023, its cookie banner:

  • Gives the user a one-click choice for ‘Accept all cookies’ or ‘Necessary only’ – no need to move to a secondary page to opt-out.
  • Doesn’t highlight the ‘Accept all’ in any way to encourage people to choose less privacy, otherwise a common ‘dark pattern’ in cookie banners.
  • Doesn’t stop you from navigating the webpage.
  • Links through to further information on the cookies used on the site for anyone seeking it.
decor
decor

Google

Google was awarded for its comprehensive user privacy dashboard, which are great demonstrations of both:

– Principle 3: Privacy embedded into the design, and
– Principle 7: Respect for user privacy – keeping it user centric.

Having solid data architecture, data management and data governance capabilities provides organisations with a real-time view of what data they hold, where it came from, why they have it and who it relates to. Most organisations, if they were to be honest, couldn’t answer these questions.

comprehensively across their data holdings. This is where digitally native businesses do have an advantage – they are relatively young and data has been at the core of their business model. Not all businesses in this category have taken advantage of these capabilities to offer self-service privacy management to customers and users. Google has, by building one of the most comprehensive privacy dashboards – a place where:

  • Individuals can go to manage data erasure, access to their data, correction of their data.
  • Can set permissions about what will be collected, and when.
  • Learn all about this brand’s privacy practices.
decor
decor

Commonwealth Bank of Australia (CBA)

The CBA was awarded for its Commbank iQ product implementation which demonstrated that privacy and data utility don’t need to be a trade-off, but can co-exist. This was a great example of Privacy by Design Principle 4: Full functionality: positive-sum, not zero-sum.

Personal information sharing between organisations has many legitimate benefits, but is not always done in a way that preserves privacy. The CBA demonstrated that the great lengths it went to not only ensure that the customer data they are sharing with a third-party was thoroughly de-identified, they were also being very transparent about what they have done, why they are doing it and how they have prioritised privacy as part of the data sharing arrangement. To do this, they created a dedicated webpage to explain the measures they had in place to preserve privacy, while extracting insights from personal information that enable organisations and policy makers to make informed economic and business decisions.