Patient in NZ hospital breaches privacy of other patients

October 1, 2014

Health care facilities, especially hospitals, hold sensitive information (as defined in the Privacy Act).  They are also quite prone to data breaches.  There are a number of reasons for this, poor systems, reasonably regular turnover of staff, a large number of individuals concentrated in a small space often in quite busy (if not chaotic) environment and often a culture which is not given to more modern strictures on data handling.  In Hospital patient takes peek at info of others Stuff NZ reports on a patient in Hutt’s emergency department using Read the rest of this entry »

Report reveals 75 million records compromised so far in 2014

At the 3/4 mark in the 2014 calendar year the Identity Theft Resource Center reports that 75 million records have been compromised in 568 breaches.  This has been reported by SC Magazine in Report: 75 million records compromised so far in 2014.  With no mandatory data breach notification legislation it is difficult to assess how many breaches there are in Australia.  That is Read the rest of this entry »

Seller of spyware app charged with selling a surreptitious interception device

September 30, 2014

That mobile apps are a privacy worry has moved from speculation through to allegation and are moving into the realm of a truism.  Regulators have known about this for years and have in 2013/14 raised concerns, conducted reviews and surveys to highlight the problems with mobile apps.  Those problems include non existent to poor privacy policies, failure to notify users of what will be done with their personal information, generally poor security, inadequate protections when transmitting information across wifi networks and poor quality software.  In US man charged for selling spyware phone app the problem is even more concerning, an app designed to be installed by another person for the purpose of intercepting communications, including Read the rest of this entry »

Privacy Commissioner issues statement about BASH/Shellshock/Bourne Again vulnerabilities and need to protect IT systems

The Privacy Commissioner has today issued a statement about the Bourne Again Shell (BASH) vulnerability that has caused more than a few waves within the IT community in the last week or so.  The statement Read the rest of this entry »

Shellshock flaw and obligations under the Privacy Act

The Shellshock flaw has sent more than a ripple through the IT industry. There is a data protection regulation issue involved as well.  The genesis of the problem is a flaw in longstanding software, Bash, which was first installed in 1989.  Given the software enables users to issue commands to computers an exploitable weakness is of particular concern.  Exploitable flaws in ubiquitous software which is now part of the structure of many operating systems pose immediate cyber security threats and require immediate response when detected.  The Age in  Shellshock: The latest security superbug explained provides an exellent explanation.  In addition there has been coverage at Shellshock flaw ‘intertwined’ with modern internet, may affect some Mac usersShellshock: How to protect your Unix, Linux and Mac servers,  Shellshock makes Heartbleed look insignificant and Shellshock flaw ‘intertwined’ with modern internet, may affect some Mac users.

The seriousness of the threat has prompted the Information Commissioner’s Office in the United Kingdom to issue a release under the heading ICO highlights need to apply security updates after Shellshock flaw discovered which provides:

The Information Commissioner’s Office is urging organisations and individuals to make sure that their IT systems are up-to-date.

The warning comes after the identification of a flaw, referred to by the researchers who discovered it as Shellshock, which has been found in a software component called Bash. Bash is a part of many Linux systems, as well as the OS X operating system used by Apple Macs. The flaw potentially allows any computer with the vulnerability to be taken control of remotely. Read the rest of this entry »

Drones go showbiz and an article on drones and privacy

September 26, 2014

Two articles, Cirque du Soleil Is Incorporating Drones and Filmmakers Get Permission to Use Drones in the U.S. highlight how ubiquitous drones are becoming; becoming part of a show and another way to get that perfect angle for a movie.

An article in the Smithsonian titled The Invention of the “Snapshot” Changed the Way We Viewed the World draws the comparison of the onset of drones and their privacy intrusive capabilities with the invention of Kodak’s personal camera.  It is a very useful historical comparison between the advent of an early valuable piece of technology which had an impact on privacy and the latest development.  The rapid take up of Read the rest of this entry »

ACMA finds Channel Nine Queensland breached privacy and accuracy guidelines

September 25, 2014

ACMA announced that Channel Nine breached the factual accuracy and privacy clauses of the Commercial Television Code of Practice.

The media announcement

The announcement provides Read the rest of this entry »

Home Depot confirms massive data breach with potential unauthorised access of credit card details of to 56 million customers

September 24, 2014

Home Depot’s announcement of a massive data breach highlights the need for proper data security. The announcment Read the rest of this entry »

Google funding to Stanford is tied to not doing privacy research

Pro publica in Stanford Promises Not to Use Google Money for Privacy Research  reports on Google providing funding to Stanford University’s Centre for Internet and Security provided that it does not use it to undertake privacy research.  Tied grants are usually Read the rest of this entry »

Rise in drone usage prompts privacy calls

RINF in Drone Nation: 300 companies and public bodies using arial surveillance tech (not my spelling of aerial)  and the Independent in Drones are filling Britain’s skies: Look up now to see what is looking back down at youreports on the soaring, pun intended, use of drones in British skys and the consequential call for greater privacy protections.  The reportage is consistent with earlier reports and articles, that the increasing affordability of drones and their constantly improving ability to remain aloft for longer and longer and perform more and more functions make them a valuable tool for many businesses and governmental authorities. The problem has always been the inability of government to set out coherent and enforceable regulations to allow their use but also protect competing interests and rights of others.  Clearly privacy is Read the rest of this entry »