Nick Sarafa’s Post

𝐏𝐫𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐥𝐞𝐬𝐬𝐨𝐧 𝐟𝐫𝐨𝐦 𝐭𝐡𝐞 𝐀𝐮𝐬𝐭𝐫𝐚𝐥𝐢𝐚𝐧 𝐏𝐫𝐢𝐯𝐚𝐜𝐲 𝐂𝐨𝐦𝐦𝐢𝐬𝐬𝐢𝐨𝐧𝐞𝐫 𝐨𝐧 𝐅𝐑𝐓 𝐝𝐞𝐩𝐥𝐨𝐲𝐦𝐞𝐧𝐭 The OAIC’s recent determination against Kmart company is a strong reminder that necessity and proportionality must guide the use of intrusive technologies such as facial recognition technology. In this case, FRT was used across 28 stores to tackle refund fraud, capturing the biometric data of every customer. The Commissioner found that: +The collection was indiscriminate and impacted thousands of individuals not suspected of wrongdoing. +Less privacy-intrusive alternatives were available. +The limited effectiveness of the system did not justify the scale of privacy intrusion. The outcome? Collecting sensitive biometric data for this purpose was disproportionate and in breach of the Privacy Act. What stands out is how the Commissioner balanced the legitimate aim (fraud prevention) with the privacy risks, applying a proportionality analysis similar to GDPR standards in the EU. https://lnkd.in/dudYmjEs

Australia’s Privacy Commissioner has found that Kmart breached the Privacy Act 1988 by using facial recognition technology (FRT) to combat refund fraud. Between June 2020 and July 2022, the retailer captured the biometric data of every customer entering 28 of its stores without their knowledge or consent. The Privacy Commissioner determined that Kmart’s actions were disproportionate and unlawful.

Australia’s Privacy Commissioner has found that Kmart breached the Privacy Act 1988 by using facial recognition technology (FRT) to combat refund fraud. Between June 2020 and July 2022, the retailer captured the biometric data of every customer entering 28 of its stores without their knowledge or consent. The Privacy Commissioner determined that Kmart’s actions were disproportionate and unlawful.

Last month, the privacy commissioner determined that retail giant, Kmart broke privacy laws when using facial recognition technology back in 2022. What can we learn from this - see SPAAL's Industry News page for a summary. https://lnkd.in/gEVxUvgC #security #facialrecognition #privacy #compliance

👁️ Facial recognition tech under scrutiny in Australia On 18 September 2025, the OAIC (Office of the Australian Information Commissioner) published new insights on the use of facial recognition technology (FRT) — and issued a decision on Kmart’s past use of FRT to combat refund fraud. 🔑 Key points from the Privacy Commissioner: Sensitive data: FRT collects biometric information, classed as sensitive personal information under the Privacy Act. Transparency & consent: Use of FRT must be proportionate, transparent, and generally requires consent (unless a clear exception applies). The Kmart case: Collecting biometric data from everyone entering stores to tackle fraud was ruled disproportionate and overly intrusive — particularly as less invasive alternatives existed. Assessment factors: When reviewing FRT use, OAIC will weigh individuals’ privacy expectations in different settings and whether other, less intrusive measures could reasonably be used. 💡 Takeaway: Businesses using (or considering) FRT should carefully assess proportionality, necessity, and transparency — and be ready to justify why less privacy-intrusive options are not feasible. 🔗 Read the OAIC article here:

👁️ Facial recognition tech under scrutiny in Australia On 18 September 2025, the OAIC (Office of the Australian Information Commissioner) published new insights on the use of facial recognition technology (FRT) — and issued a decision on Kmart’s past use of FRT to combat refund fraud. 🔑 Key points from the Privacy Commissioner: Sensitive data: FRT collects biometric information, classed as sensitive personal information under the Privacy Act. Transparency & consent: Use of FRT must be proportionate, transparent, and generally requires consent (unless a clear exception applies). The Kmart case: Collecting biometric data from everyone entering stores to tackle fraud was ruled disproportionate and overly intrusive — particularly as less invasive alternatives existed. Assessment factors: When reviewing FRT use, OAIC will weigh individuals’ privacy expectations in different settings and whether other, less intrusive measures could reasonably be used. 💡 Takeaway: Businesses using (or considering) FRT should carefully assess proportionality, necessity, and transparency — and be ready to justify why less privacy-intrusive options are not feasible. 🔗 Read the OAIC article here:

📰 Collecting biometric data without transparency has consequences. Kmart’s ruling shows why governance, proportionality, and privacy safeguards are non-negotiable in deploying new tech. Read full article here: https://lnkd.in/gYShwvk3

Billions of people now use #MobileWallets, and every new device or merchant that stores payment credentials creates another potential attack surface. Provisioning fraud alone accounted for an estimated $450 million in global losses in 2023. #Tokenization and #biometrics improve security, but without transparency, consumers are left in the dark about where their credentials are stored and who can use them. Our #TokenCockpit solution changes that. It gives users real-time visibility into all devices and merchants linked to their credentials, and lets them instantly revoke access if something looks wrong. The result: fewer #fraud risks, stronger trust, and a more engaged customer base. Read more about it here: https://lnkd.in/dX6tShQX #DigitalPayments #FraudPrevention #PaymentSecurity #SecurityTech

I am diving into Ping Identity's "2025 Consumer Survey: Bridging the Trust Gap in the Age of AI," and the findings are a real call to action. That feeling you get when you hesitate before clicking a link or providing your details? That internal question of, "Can I actually trust this company?" That's the norm now. The survey calls it the "trust nothing era," and it’s no exaggeration; a mere 17% of consumers have full trust in the organizations that manage their identity data. The stakes are high. Consumers are so concerned that they're willing to make major trade-offs: 40% would give up social media, and 33% would quit online shopping, just to avoid identity theft. If your business relies on #digital engagement, the full report will help you catch the shifting of the customer expectations. #AI #Cybersecurity #DigitalTrust #ConsumerTrust #IdentitySecurity #Authentication #CX #BrandLoyalty #PingIdentity

Addisons Insight | Kmart Australia breaches the Privacy Act 1988 with its unlawful use of facial recognition technology Australia’s Privacy Commissioner recently determined that Kmart Australia Limited’s use of facial recognition technology in 28 stores between June 2020 and July 2022 unlawfully interfered with individuals’ privacy under the Privacy Act 1988 (Cth). In Addisons’ latest Insight, Special Counsel Cate Sendall and Partner Donna Short cover the key legal issues. https://lnkd.in/gjyJT3t7 #addisons #privacylaw