• HOME
• ABOUT US
• CLIENTS
• SERVICES
• OUR NETWORK
• :: PUBLICATIONS
• CONTACT
• BLOG

PUBLICATIONS

IIS has produced the following types of publications:

• Significant presentations, white papers and thought leadership
• Invited International Presentations
• Other publications and speeches
• IIS one page thought pieces and brochures
• Blogs and online discussions

Significant presentations, white papers and thought leadership

IIS has produced a number of publications and papers for clients on a range of topics including:

Identity management

• "User centric identity management: an oxymoron or the key to getting identity management right" (presentation and background paper and video) Managing Identity in New Zealand, Identity Conference 2008, Wellington, New Zealand, 29 April 2008
• "Use Cases for Identity Management in E-Government", IIS with Colin Wallis, NZ State Services Commission, in IEEE Security and Privacy March/April 2008, Volume 6, Number 2.
• "Global Strong Authentication Study" - IIS coordinated a unique survey of the intentions of bankers in North America and Europe for strengthening identity authentication.

Privacy regulation and reform

• "International Cooperation on Trust and Security Research: An Australian Perspective" - a background paper for the Trust in the Information Society conference, León, Spain, 11 February 2010
• "A Possible Way Forward: Some Themes and an Initial Proposal for a Privacy and Trust Framework" - a working paper for the Privacy and Trust Partnership seminar & workshop, The State Library of New South Wales, Sydney, 4 December 2007
• "A New Approach to Trust and Privacy in the Information Age" - a paper for the Privacy and Trust Partnership conference convened in the Parliament House of NSW, Sydney, 4 July 2007
• "How Accountability via Government oversight works in Australia" - Paper prepared for seminar organised by the Chinese Academy of Social Science and Chinese government officials.

E-government

• "Safe to Play: The trust framework in the Connected Republic" Public Services Summit December 2007, hosted by City of Stockholm and Cisco. This white paper started a debate around a draft of the same title written by the Global Public Sector Practice, Internet Business Solutions Group and Cisco, for which IIS was the lead consultant. The paper was originally posted on www.TheConnectedRepublic.org and then published in the July 2008 edition of World Data Protection Report.

E-health

• "Cutting Through": Using Health Information Technology for Effective Chronic Care Delivery" - The Health Information Exchange Project, a policy paper prepared by IIS for the Health Information Exchange Sub-Committee to report to the Australian National Consultative Committee on e-Health, February 2009

Cross border data flows

• "The Australian Dodo Case: an insight for data protection regulation", World Data Protection Report, Vol. 9, No. 1, Jan 2009, BNA International Inc, London
• "Report of First Technical Seminar on International Implementation of the APEC Privacy Framework: 2007/SOM1/ECSG/DPS/005" and "Report of Second Technical Assistance Seminar" - The Australian Government Attorney-General's department and the APEC secretariat hired IIS to design and facilitate workshops in Canberra in January and Cairns in July 2007 aimed at developing and implementing Cross Border Privacy Rules for the APEC region. This included developing three regulatory model options for discussion to cover cross-border data flows in the APEC region.

Malcolm Crompton's Invited International Presentations

• 2010
• 2009
• 2008
• 2007
• 2006
• 2005
• 2004
• 2003
• 2002
• 2000
• 1999

2010

• Paris, France, 10 March 2010 - "Notes for remarks by Malcolm Crompton", prepared for the Roundtable to mark 30^th Anniversary of the OECD Privacy Guidelines convened by the Organisation for Economic Cooperation and Development, OECD
• León, Spain, 11 February 2010 - "International Cooperation on Trust and Security Research: An Australian Perspective" (presentation and background paper), Trust in the Information Society conference, organised by the Information Society & Media Directorate-General of the European Commission, The National Institute of Communication Technologies of Spain and the Spanish Electronics, Information Technology and Telecomunications Industries Association

2009

• Singapore, 2 July 2009 - "Trust, Transparency & data Governance: Challenges in the APEC privacy framework & the EU directive" (presentation and abstract), Workshop on International data sharing & Biometric identification: Ethical Issues in an Asian & International Context, convened by HIDE, a Seventh Framework Programme project funded by the European Commission and others
• Hradec Králové, Czech Republic, 7 April 2009 - " Identity & privacy in the future digital society: Electronic ID in a Europe without barriers", High Level Conference on "eID and Public Registers", hosted by the Czech Presidency of the European Commission
• Oxford, England, 2 April 2009 - "User Centric, Layered and Global: What sort of policy and legal framework?", a Briefing Paper for the Workshop on a Policy and Legal Framework for Identity Management convened by the Oxford Internet Institute
• Madrid, Spain, 1 April 2009 - "Identity Management, Privacy & how global cooperation would benefit these important research areas", INCO-TRUST Workshop on International Co-operation in Trustworthy Systems
• Quezon City, Philippines, 18 February 2009 - "A brief to Senators and Members, Congress of the Philippines on a draft privacy law", Batasan Pambansa

2008

• Wellington, New Zealand, 29 April 2008 - "User centric identity management: an oxymoron or the key to getting identity management right" (presentation and background paper and video) Managing Identity in New Zealand, Identity Conference

2007

• "Safe to Play: The trust framework in the Connected Republic" Public Services Summit December 2007, hosted by City of Stockholm and Cisco. This white paper started a debate around a draft of the same title written by the Global Public Sector Practice, Internet Business Solutions Group and Cisco, for which IIS was the lead consultant. The paper was originally posted on www.TheConnectedRepublic.org and then published in the July 2008 edition of World Data Protection Report.
• Cambridge, Massachusetts, USA, 24 August 2007 - "Future Proofed" Regulatory Frameworks for Privacy" Plenary Speech to the Privacy Summer Symposium
• "APEC & Privacy: why bother; what's happening in 2007" Audio Conference hosted by the International Association of Privacy Professionals (IAPP)
• Beijing, China, 16 June 2007 - "How accountability via government oversight works today in Australia" Seminar organised by the Chinese Academy of Social Sciences
• Washington DC, USA, 8 March 2007 - "The APEC Privacy Framework: Creating Trust in developing Cross Border Privacy Rules. A Progress Report" - Privacy Summit 2007, International Association of Privacy Professionals
• McLean, Virginia USA, 7 March 2007 - "Privacy: Why Bother; what's happening in Asia" Seminar with Graduate Management Admission Council®

2006

• Brussels, Belgium, 24 October 2006 - "APEC Privacy Framework: review, impact and progress" Conference on International Transfers of Personal Data organised jointly by the Article 29 Data Protection Working Party (Article 29 WP), the independent EU Advisory Body on Data Protection and Privacy, and the US Department of Commerce's International Trade Administration
• Beijing, China, 17 June 2006 - "Overview of Asian Privacy Law Lessons Learned and Possible Ways Forward" - Seminar organised by the Chinese Academy of Social Sciences
• Hannover, Germany, 9 March 2006 - "The Revolution of RFID - Challenges and Options for Action: a consumer perspective" - Seminar at CeBIT 2006 to launch 'Europe's RFID debate' hosted by the European Commission
• Hanoi, Viet Nam, 20 February 2006 - "APEC Information Privacy Framework (review, impact, and progress)" APEC Symposium on Information Privacy Protection in E-Government and E-Commerce
• Vienna, Austria, 9 February 2006 - "Respecting people, their individuality and their personal information: The key to Trust in the Net, but where's the keyhole?" High Level Research Seminar on "TRUST IN THE NET" organised by the European Commission

2005

• Stockholm, Sweden, 9 December 2005 - "The Trust Cluster: Dealing Effectively with Security, Privacy, Identity and Authentication at the Heart of Connected Government"; "Respecting people, their individuality and their personal information: The Key to Connected Government, now and in the future" Public Services Summit hosted by City of Stockholm and Cisco Systems
• Brussels, Belgium, 2 December 2005 - "TRUST & the Net: some first thoughts" Staff Seminar on Framework 7 Research Information Society & Media Directorate-General
• Manchester, UK, 29 November 2005 - "Data Protection: The Next 21 years? The operating environment" "Data Protection: The Next 21 years" - Seminar organised by the UK Information Commissioner
• Mexico City, 24 November 2005 - "Respect your Customers and Build Your Business: Principles for designing privacy into software using the APEC Privacy Framework" Encuentro PROSOFT 2005
• Montreux, Switzerland, 15 September 2005 - "Are comparisons possible? A Framework for assessing the performance of data protection supervisors" (paper published in Jusletter 3, Oct 2005; presentation) - 27th International Conference of Data Protection and Privacy Commissioners
• Taipei, 24 June 2005 - "Trust, Security and Connected Government: The Evolution of e-Government - From Policy to Practice" CIO Forum for the Research, Development and Evaluation Commission, Executive Yuan

2004

• Zürich, 4 October 2004 - "Proof of ID required? Getting Identity Management Right" Zurich Information Security Center (ZISC) of the Swiss Federal Institute of Technology
• London, 27 September 2004 - "Implementing a New Privacy Regime: Reflections from Australia" British Institute of International and Comparative Law, 2004 Data Protection Research and Policy Group Series Workshop
• Wroclaw, Poland, 15 September 2004 - "Short Notices - why the Sydney resolution was adopted and progress in Australia since September 2003" - 26th International Conference on Privacy and Personal Data Protection
• Washington DC, 23 June 2004 - "Proof of ID required? Getting Identity Management Right" Privacy and American Business 10th Annual National Conference
• Kingston, Ontario, 15 June 2004 - "Proof of ID required? Getting Identity Management Right" Queen's University multi-disciplinary "The Surveillance Project"
• Ottawa, 12 June 2004 - "Halt! Who goes there?! Anonymity & privacy 4 years after the dot crash & 2 years after 11 September" Team Meeting, University of Ottawa multi-disciplinary research project "On the Identity Trail, understanding the importance of anonymity and authentication in a networked society"
• San Francisco, 9-11 June 2004 - "The Future of Privacy Technology"; "Privacy on the International Stage: A Vision of the Future"; "International Privacy: Managing Privacy in a Global Organisation - Identity, HR, Security & more" Privacy Futures, Symposium convened by the International Association of Privacy Professionals (IAPP) and TRUSTe
• Palo Alto, 8 June 2004 - "Setting Public Policy" - Conference Board Council of Chief Privacy Officer
• Tivoli, Italy, April 2004 - "Privacy & Identity Challenges" - IBM Identity Management Summit
• Santiago, Chile, Feb 2004 - "The Nature of Modern Information Management & Its Impact on Privacy Protection" APEC Symposium On Data Privacy Implementation Mechanisms: Developing The APEC Privacy Framework

2003

• Seattle, May 2003 - "Online security in a connected world: public and private sector collaboration" - Microsoft Government Leaders' Summit 2003
• Wellington NZ, March 2003 - "Under the Gaze, Privacy Identity & New Technology" - 3rd Privacy Forum
• Washington DC, February 2003 - "International Privacy: The Australian perspective" 3rd Annual Privacy Summit, International Association of Privacy Professionals

2002

• Seattle, September 2002 - "Security vs Privacy" - Internet Law & Policy Forum 2002
• New York, March 2002 - "New Ground Rules for a Post 9/11 World?" - Scientific American's Summit on Preserving an Open Society in an Age of Terrorism

2000

• The Hague, December 2000 - "Building Trust in the Online Environment: Business-to-Consumer Dispute Resolution" - OECD, Hague Conference on Private International Law & International Chamber of Commerce
• Venice, September 2000 - "Which rules? Integrating different tools in a global perspective" 22nd International Conference on Privacy & Data Protection
• Washington DC, September 2000 - "Global Policy Makers" - Global Privacy Summit
• Toronto, April 2000 - "A Socratic Dialogue by Privacy Commissioners" Computers Freedom & Privacy Conference

1999

• Singapore, November 1999 - "Privacy Issues with Pervasive Computing" IBM Pervasive Computing Conference

Other Publications and Speeches

• 2010
• 2009
• 2008
• 2007
• 2006
• 2005
• 2004

2010

• "Privacy by Design: An Oxymoron, An Impossibility or The Way To Go?", presentation at a Big Picture Seminar, convened by National ICT Australia (NICTA), Customs House, Queen Street, Brisbane, 1 June 2010. To watch a video of Malcolm's presentation, click here
• "Exploring NBN Security & Privacy Issues", presentation to AusInnovate 2010 @ CeBIT Australia, Sydney Convention and Exhibition Centre, Sydney, 24 May 2010
• "VET E-portfolios Privacy Impact Assessment Research Report and VET E-portfolios Draft Guidelines", undertaken for the Australian Flexible Learning Framework and first published by the Framework on its E-portfolio Resources page, March 2010
• "Future trends in consumer credit and privacy", presentation to D&B Consumer Credit 2010 conference, hosted by Dun and Bradstreet, Dockside, Cockle Bay, Sydney, 3 March 2010

2009

• "The Security versus Privacy paradox: a virulent fallacy under challenge", World Data Protection Report, Vol. 9, No. 7, July 2009, BNA International Inc, London; An earlier version of this article first appeared as a blog on Open Forum
• "Privacy Impact Assessment Report: Personal Property Securities Register Project", undertaken for the Attorney-General's Department of Australia, and first published online by the Department on its consultations page for Personal Property Securities , Canberra, July 2009
• "Web 2.0 in Government: the key issue of privacy", presentation to frocomm Web 2.0 in Government Conference 2009, Watersedge, The Rocks, Sydney, 24 June 2009
• "Trust & user centric ID management at the human level: implications for systems design", a Seminar for the School of Computer Science & Engineering, University of New South Wales, Sydney, 3 June 2009
• "‘Cutting Through’: Using Health Information Technology for Effective Chronic Care Delivery" - The Health Information Exchange Project, a policy paper prepared by IIS for the Health Information Exchange Sub-Committee to report to the Australian National Consultative Committee on e-Health, February 2009
• "The Australian Dodo Case: an insight for data protection regulation", World Data Protection Report, Vol. 9, No. 1, Jan 2009, BNA International Inc, London
• "Australian business consider a role for risk ratings in new thinking on privacy and trust", The Privacy Advisor, Vol. 9, No. 1, Jan 2009, a distilled report on the papers published by the Privacy and Trust Partnership on Open Forum

2008

• "Review of Australia's privacy laws - grist for privacy globally", World Data Protection Report, Vol. 8, No. 9, Sep 2008, BNA International Inc, London
• "Major changes to Australia's privacy law on the horizon", Regulatory Review, Financial Services, Sep 2008, a publication of Deloitte Touche Tohmatsu, Sydney
• "Two approaches to Cross Border data flows", a background paper for Meeting privacy challenges - the ALRC & NSWLRC Privacy Reviews, a Seminar, Faculty of Law, Panel Session 4: "How well do the ALRC/NSWLRC proposals contribute to meeting international standards for cross-border data transfers?", University of New South Wales, Sydney, 2 October 2008
• "Use Cases for Identity Management in E-Government", IIS with Colin Wallis, NZ State Services Commission, in IEEE Security and Privacy March/April 2008, Volume 6, Number 2.

2007

• "A Possible Way Forward: Some Themes and an Initial Proposal for a Privacy and Trust Framework" - a working paper for the Privacy and Trust Partnership seminar & workshop, The State Library of New South Wales, Sydney, 4 December 2007
• "Privacy Challenges and New Technology: Towards the 4th way" - Futures, A Microsoft Technology Policy Publication, Asia Pacific Region 2007 Vol 2, Issue 2, Sep 2007
• "A New Approach to Trust and Privacy in the Information Age" - Closing Remarks by the Chair, Malcolm Crompton, at the Privacy and Trust Partnership conference convened in the Parliament House of NSW, Sydney, 4 July 2007
• "A New Approach to Trust and Privacy in the Information Age" - a paper for the Privacy and Trust Partnership conference convened in the Parliament House of NSW, Sydney, 4 July 2007
• "Report of First Technical Seminar on International Implementation of the APEC Privacy Framework: 2007/SOM1/ECSG/DPS/005" and "Report of Second Technical Assistance Seminar" – The Australian Government Attorney-General's department and the APEC secretariat hired IIS to design and facilitate workshops in Canberra in January and Cairns in July 2007 aimed at developing and implementing Cross Border Privacy Rules for the APEC region. This included developing three regulatory model options for discussion to cover cross-border data flows in the APEC region.

2006

• "Trust and the critical role of user centric ID management" (background paper; PDF 157KB) - Virtual Opportunity Congress IV on Identity & Access, Brisbane, Dec 2006
• "Multi-layered notices 12 months on - the work goes on" - Privacy Law Bulletin, Vol. 3, No 2, July 2006, LexisNexis Butterworths, Sydney
• "eHealth: Myth-Busting - Fact, Fiction and the Future" - Australian Medical Association 2006 Annual Conference, Adelaide, 27 May 2006

2005

• "Customer Lists" - Report commissioned by the Credit Union Industry Association , Dec 2005
• "Implementing the Privacy Framework: A New Approach" (with Peter Ford) - The Privacy Advisor, Vol 5, No 15, Dec 2005, International Association of Privacy Professionals, York, Maine, USA
• "How to hold regulators to account" - The Public Sector Informant (supplement to The Canberra Times), Nov 2005
• "Australia: State of play in a changing environment" - Data Protection Law & Policy, Vol 2, Issue 10, October 2005, Cecile Park Publishing Limited, London UK
• Peer Review, Information Commissioner's Office, UK - conducted for the UK Information Commissioner, Oct 2005
• "Final Report of the 2nd Technical Seminar on APEC Privacy Framework" - Electronic Commerce Steering Group II, Document No 2005/SOM3/ECSG/021, Gyeongju, Korea, Sep 2005
• "The Networked Society: Identity, Surveillance and Privacy" (background paper; PDF 529KB) - The Baycorp seminar for senior business, regulator, government and consumer thinkers: Setting the Scene, Aug 2005
• "If not Australia Card, what? Yes, there is a better way to an online identity solution" - Australian eCommerce Network, Melbourne, Aug 2005
• "Multilayered privacy notices - a better way" - Privacy Law Bulletin, Vol. 2, No 1, May/June 2005, LexisNexis Butterworths, Sydney
• "Privacy Regulators: Assessing Performance" - Data Protection Law and Policy, Vol. 2, Issue 5, May 2005, Cecile Park Publishing Limited, London UK

2004

• "Light Touch or Soft Touch - Reflections of a Regulator Implementing a New Privacy Regime" - Annual Governance Network & Regulatory Institutions Network Conference, Australian National University, Canberra, 8 Dec 2004
• "Proof of ID required? Getting Identity Management Right" - Public Lecture, University of Western Australia, Perth, 16 Nov 2004. The background paper is on the Privacy Commissioner's website
• "Privacy in Human Genetic Research: Public Assurance & Public Trust" - Genomics Directions: Bioethics & Beyond - a Bioethics Seminar, Perth, 16 Nov 2004
• "Data Linkage in Western Australia" - Telethon Institute for Child Health Research, Perth, 15 Nov 2004
• "eHealth - improving patient privacy and other health outcomes in an era of rising expectations" - Department of Health South Australia Seminar, Adelaide, 22 Oct 2004
• "Proof of ID required? Getting Identity Management Right" - A seminar in the Vital Issues Program for the Parliamentary Library, Parliament of Australia, Canberra, 4 Aug 2004. A synopsis paper was also circulated
• "Vision for Health Care" - Australian Medical Association 2004 Annual Conference, Brisbane, 30 May 2004
• "Is a 21st Century Australia Card a recipe for increased Identity Fraud?" - AusCERT Asia Pacific Information Technology Security Conference 2004, Brisbane, 24 May 2004

IIS one page thought pieces and brochures

• Information Integrity Solutions - introductory brochure (pdf)
• The IIS Approach to Privacy Impact Assessments (PIA) (pdf)
• IIS perspective on privacy (pdf)
• Trust and User-Centric Identity Management (pdf)
• IIS training capability (pdf)
• Data Breach Recovery Checklist (pdf)