Research Essay Topics - 2001

Graham Greenleaf , Nigel Waters and Chris Connolly, revised10April 2001

Formal requirements
Suggested essay topics ...

1 Case study of surveillance practices and impact of privacy law
2 Direct marketing
3 Data matching
4 Internet privacy

If you want to suggest your own essay topic ...

Formal requirements

See the Objectives and Assessment Statement for the formal requirements for the mid-session Research Essay.
The due date is Thursday 7 June at 4pm (Wk 14). You may, however, submit the essay at any time from Thursday 3 May, and we will attempt to mark and return it within 2 weeks (so that you can finish some assessment early if you wish).
If you wish to write on one of the suggested essay topics, you do not need to have the topic approved by the class teachers (except for Topic 1, where your proposed case study needs prior approval). See the list of suggested topics below. If you have written an essay on a similar topic for another subject, you do need prior approval.
If you wish to write on any other essay topic of your own choice, you must obtain approval in advance. Please email <g.greenleaf@unsw.edu.au> with a suggested topic, and we will approve it (or not) or suggest amendments.
Length: The maximum word length for the research essay is 3500 words, excluding citations and bibliography, but including any discursive footnotes.
Citation of Internet resources: Where resources on the world-wide-web have been relied on, it is sufficient to cite them in the following form (assuming the page referred to is dated): 'Smith, J 'A list of privacy-protective technologies', 30 June 2000 <http://privacyhelper.com.au/smith/technologies.html> (visited 1 May 2001)'. However, if the site on which the document is contained has a name, it is good practice to give the name of the site, and perhaps a sub-part of the site: 'Smith, J 'A list of privacy-protective technologies', 'Smith's Technology Column', 30 June 2000 on PrivacyHelper Web <http://privacyhelper.com.au/smith/technologies.html> (visited 1 May 2001)'.
Form of submission: Essays must be handed in, in print form, at the Level 10 desk, so that a receipt may be obtained as is normally the case with essays. Essays may not be submitted as e-mail attachments, and if so submitted will be ignored. If a student will be overseas at the time of submission, then an exemption from this requirement may be requested in advance.
If a student wishes to provide a copy of the essay in hypertext form on the world-wide-web, so as to assist the teachers to link to URLs in footnotes and bibliography if the teachers wish to check any of them, then the URL where the essay is located may be indicated on the front page of the essay. The print copy is the copy which will be assessed, and the hypertext version (if any) may or may not be referred to. (This is not a course on course on creating web resources, so no extra credit can be or is given for attractive or inventive web presentations. Do not waste time doing this.)

Suggested essay topics ...

Topic 1 - You need approval for your proposed case study if you choose Topic 1:

1 Case study of surveillance practices and impact of privacy law

The organisational scope of your case study may be: (i) a specific business; (ii) a specific government agency; or (iii) a class of businesses or agencies (an 'industry sector'). The organisation(s) concerned must be principally organisations located in Australia.

Your case study must include the following elements:

(i) A brief (1,000 word maximum) description of the main practices of the organisation(s) concerning personal information, including an analysis of the types of surveillance techniques that these practices comprise.

(ii) A brief description (500 words maximum) of any laws that require, authorise or facilitate these practices ('data surveillance laws').

(iii) An analysis of the impact of Australian privacy laws (whether or not they are yet in force) on the organisation(s) concerned, which should mention (but is not limited to) the following:

Changes to existing practices which will be required, and their significance.
Legislative provisions important to the organisation(s) where the correct interpretation is contentious, and your arguments in relation to the correct interpretation.
Any exemptions from compliance that are relevant.
How collection practices will be justified.
How any external disclosures practices and secondary use practices will be justified.

(iv) A brief (500 word maximum) assessment of how effective these privacy laws are (or are likely to be) in finding an appropriate balance between the interests of the individuals concerned, the organisation(s), and the public.

If the organisation you propose might come within an exemption from a privacy law (eg the 'small business operator' exemption), you must not only analyse whether it will come within the exemption, but also the implications of whether it will or it will not.

Procedure: Send an email giving a brief description of the organisational scope of your proposed case study to <g.greenleaf@unsw.edu.au>, and we will approve it or discuss it with you. Do not write a case study without obtaining prior approval.

Topics 2-4 - These topics may be chosen with no further approval required.

2 Direct marketing

Analyse the extent to which the Privacy Act 1988 regulates direct marketing practices in the private sector, including marketing by mail, telephone and Internet. Include in your answer an assessment of whether the legislation is sufficient and effective to protect the interests of the individuals concerned, and of the businesses concerned, and make recommendations as to how the law should be changed (if at all) in light of your analysis. You should take into account that the Australian Direct Marketing Association (ADMA) is likely to seek approval of an industry code of conduct under the Privacy Act, and should refer where applicable to the existing voluntary ADMA Code Include in your essay consideration of the small business exemption as it relates to direct marketing.

3 Data matching

Write a critical analysis of the extent to which legislation an d guidelines applying to public sector agencies in the Commonwealth and in New South Wales controls the practice of 'data matching'. Include in your answer an assessment of whether this regulation is sufficient and effective to protect the interests of the individuals concerned, and the public interest, and make recommendations as to how the law should be changed (if at all) in light of your analysis.

4 Internet privacy

How will the Privacy (Private Sector) Amendment Act 2000, when it is fully in force, affect the operation of web sites on the Internet? You should cover both (i) The operators of commercial web sites based in Australia, in relation to both their Australian customers and their overseas customers; and (ii) The operators of overseas web sites who have customers in Australia.

In your answer you should consider the position of web sites that make use of such information concerning visitors to their sites as IP addresses, email addresses, information obtained using cookies, and information obtained from third parties. Include a brief assessment (less than 1000 words) of any changes that are needed to the Australian legislation in order to ensure appropriate privacy protection to Australian users of the Internet

If you want to suggest your own essay topic ...

Here is a short list of other subject areas from which topics could be developed for approval . These are not approved topics, merely starting points for you to develop your own topic and obtain approval. The class teachers are willing to help develop an essay topic in one of these areas if a student is particularly interested in writing on the topic. The approved essay topic would then be advertised on the class list, and would also be available to other students.

The relationship between technological protection of privacy and legal protection. Review the development of so called privacy enhancing technologies (PETs) and the institutional mechanisms that have been devised to make them available and usable. Discuss how well these tools meet the requirements of privacy laws, and in what ways they may offer better protection than legal requirements.
The pros and cons of codes of conduct under Australian privacy legislation. What are the different characteristics of the various types of codes of conduct or practice? Do they complement privacy laws; strengthen or weaken `default' statutory requirements; or potentially offer additional protection? What are the advantages and disadvantages of codes (a) to data users (organizations), and (b) to data subjects (individuals)?
The operation of data export provisions in Australian law.
A comparative analysis of law enforcement exemptions in Australian privacy laws. What pattern (if any) do these exemptions reveal about the acceptance of intrusion into privacy when justified for law enforcement? Analyse the safeguards that apply to these exemptions, referring to published statistics on law enforcement activity, and discuss how effective these safeguards have been.
A comparison of Australian laws on workplace surveillance.
Controls on the use of criminal record information.
An analysis and categorisation of Australian 'data surveillance laws' - laws that require, authorise or facilitate particular techniques of data surveillance.
The notion of 'panopticism' and its relevance to understanding data surveillance and data protection.
An analysis of Australian privacy laws from the perspective of Rule's 'efficiency criterion'.
'Missing privacy principles' - An analysis of where privacy principles in Australian legislation fall short of the principles contained in international privacy agreements and other national legislation.

These are only intended to be a few examples of what may be suitable essay topics if further work is done to make them somewhat more precise.