E Sports entertainment Association suffers data breach which results in publication of personal information when it refuses extortion demand

January 9, 2017

Sometimes a data breach is just the beginning of a company’s problems.  As reported in ESEA hacked, 1.5 million records leaked after alleged failed extortion attempt the theft of personal information can be used to make extortion demands.  As E Sports Entertainment Association discovered correctly Read the rest of this entry »

Doctor fined for filming men in the shower but scope for civil action limited

January 7, 2017

State governments have been enthusiastic about criminalising surreptitious photography of a sexual nature, in response to the questionable practice of upskirting (taking photographs from shoes or ground level of women’s’ underwear) and revenge porn, the posting on-line of naked or intimate photographs by a spurned ex partner. The use of this legislation is reported on in Doctor fined for filming men in shower, where the accused engaged in utterly appalling behaviour in filming men showering in public bathrooms in Brisbane.  The article provides:
Read the rest of this entry »

National Institute of Standards and Technology releases a report on privacy engineering and risk management for US Government. Relevant principles in Australia

The National Institute of Standards and Technology  (“the NIST”) provides a valuable resource Read the rest of this entry »

Children’s pictures and social media and privacy

December 30, 2016

Early in his presidency, in 2009, President Obama gave sage advice to teenagers about putting their personal information on line.  In his own way he repeated the modern truism “what goes on line stays on line”. Put another way, the internet is forever and that includes pictures posted on line.  In Australia the right to be forgotten is but a dream held mostly in academic circles.

The Conversation in  Think again before you post online those pics of your kids returns to the theme of posting personal information on line, but this time regarding those of children.  Putting aside Read the rest of this entry »

Increased sales of drones highlights privacy concerns and lack of support.

December 27, 2016

The privacy problems with drones has long been recognised.  I have posted on it regularly (here, here, here, here and here just for a few examples). The  Australian has reported in Sharp rise in drone sales ramps up pressure to protect privacy on the Federal Government that the Federal Government has yet again eschewed a strong recommendation to increase privacy protections, in the form of a civil cause of action for breach of privacy.  It is a retrograde step. It makes little policy sense and Read the rest of this entry »

Yes Virginia there is a Santa Claus….Merry Christmas

December 24, 2016

As is my tradition, just before Christmas I post a wonderful piece of journalism which is in keeping with this joyous festive season.  It is the editorial “Yes, Virginia, There is a Santa Claus”, a wonderful Read the rest of this entry »

Law Council of Australia launches campaign against cyber threats, better late than never

December 16, 2016

The Law Council has announced a campaign to assist law firms against cyber threats.

This has been a significant issue overseas for years.  I have posted on the subject ( here).  It has been and remains a critical issue for law firms.  Law firms hold an enormous amount of personal information relating to their clients.  They also Read the rest of this entry »

National Australia Bank has an own goal in data handling as it breaches the privacy of 60,000 customers. banking details

The National Australia Bank (the “NAB”) has form when it comes poor data practices.  As a customer of the NAB several years ago, my business banker sent to me another customer’s personal information, loan information and details about an impending investment.  Twice.  On consecutive days.  When I raised the clear breach of the Privacy Act with the Privacy Officer at the NAB the response was defensive when not mealy mouthed.  Hardly an example of good data management Read the rest of this entry »

National Institute of Standards and Technology issues paper on De identification of Government Data sets

National Institute of Standards and Technology (the “NIST”) has released the second draft of its paper on the De identificatoin of Government Data Sets.  Given the recent introduction by the Federal Government of the problematical Privacy Amendment (Re – identification Offence) Bill 2016 it is a timely release. The NIST produces some world class work in the technical standards area. Given the proposed re identification prohibition will involve some considerable technical considerations, as well as determining what is the scope of intent, an element of the offence, this draft and the final product could be a useful resource.

NIST press release provides:

De-identification removes identifying information from a dataset so that the remaining data cannot be linked with specific individuals. Government agencies can use de-identification to reduce the privacy risk associated with collecting, processing, archiving, distributing or publishing government data. Previously NIST published NISTIR 8053, De-Identification of Personal Information, which provided a survey of de-identification and re-identification techniques. This document provides specific guidance to government agencies that wish to use de-identification.

In developing the draft Privacy Risk Management Framework, NIST sought the perspectives and experiences of de-identification  experts both inside and outside the US Government.

Future areas of work will focus on developing metrics and tests for de-identification software, as well as working with industry and academia to make algorithms that incorporate formal privacy guarantees usable for government de-identification activities. Collected input will be used to correct technical errors and expand areas that are unclear.

Yahoo hit by another massive data breach, this time affecting 1 billion accounts

December 15, 2016

It would be fair to say that 2016 has been an annus horribilis for Yahoo. In September it announced a data breach, stretching back to 2014, which affected 500 million accounts.  Today it announced a breach which occurred a year earlier, in August 2013. The information taken includes names, dates of birth, hashed passwords and some security questions and answers.  It is a disastrous Read the rest of this entry »