Privacy experts from afar afield as the United Kingdom met with the federal government this week to examine weaknesses in the Privacy Act which is currently under review.

Government representatives met with Hewlett Packard (HP) scientist and co-author of the TrustGuide, Stephen Crane, and Australia's former privacy commissioner, Malcolm Crompton.

The TrustGuide is a joint venture with British Telecom which was sponsored by the United Kingdom Department of Trade Industries' research facility Science Wise.

Research undertaken for the TrustGuide recommends privacy policy should be amended so that it is based on public demand for individual control of personal information.

A second study is now underway called TrustGuide 2 which examines risk associated with technology and law.

Crompton said functionality is a big problem when it is imposed on the user.

"Companies used to use CRMs to see how much data they can get behind [customer's] backs before they scream," Crompton said.

Labelling Australia's Privacy Act as weak, he said privacy infringements occur through 'functionality creep', where companies add information-distribution features to services without customer consent, such as the Facebook fiasco.

"The hypocrisy of one-way authentication is destroying user confidence in privacy because institutions are demanding more authentication yet are providing very little to satisfy the consumer," he said.

Crompton said while privacy legislation needs to be built to Australian requirements, the most effective policy will eventually become a global standard.

For example, the International Chamber of Commerce (ICC) is working to develoop standards for international data transfers.

At the Asia Pacific Economic Cooperation (APEC) conference in 2004, the ICC was inolved in the adoption of the APEC Privacy Framework.

The framework was developed for APEC member economies and aims to protect personal information and cross-border data transfers.

ICC, in cooperation with the APEC Business Advisory Council, has been promoting this framework throughout its development and implementation, including the upcoming rollout of a pilot project.

Stephen Crane said a working solution lies in user-controlled release of information.

"At the moment, under the current legislative environment, we release too much information and just hope for the best," Crane said.

"In TrustGuide 2, we gave respondents a virtual smart card which allowed them to allocate sharing and deletion of their information [and] we found most users were willing to have their information stored.

"Because current ID management has a habit of migrating risk rather than resolving it, the user will suffer if they fail to authenticate themselves for any reason."