Privacy Commissioner releases 3 international money determinations

March 2, 2015

The Privacy Commissioner has released 3 international money determinations Read the rest of this entry »

The impact of Data breaches, breaches of privacy and the need for mandatory data breach notification laws

Data breaches are bad enough.  Often disastrous for an organisation and the customers.  They are sometimes caused by hackers breaching sophisticated cyber defences.  Usually they are the product of inadequate protections, out of date programs, poor maintenance and poor understanding of what data security means and woeful practice manuals and a lack of training.  To the extent that data breaches are brought to the attention of the Privacy Commissioner they may be a breach of Australian Privacy Principle 11. The problem is that without mandatory data breach notification it is a matter of good/bad fortune that the Privacy Commissioner finds out about such lapses or intrusions.  That is a flaw in the legislative structure.  In the United States even though there is no Federal mandatory data breach notification laws there are such laws in most of the States and Territories.  if anything the States are increasing their data protections laws, most recently amendment to the Wyoming Data Breach Notification legislation (see bill here).  To show how data breaches have an impact on businesses and consumers read the Cyber angst: Orange County companies zero in on data breaches. Read the rest of this entry »

Interesting article on the legal practice in cybersecurity

February 27, 2015

The New Jersey Law Journal has published a very interesting and illuminating article in Read the rest of this entry »

Privacy Commissioner to investigate SIM card hack

Yesterday the Privacy Commissioner issued a brief, general and somewhat opaque  statement saying he would “make preliminary enquiries”into the hack of Gemalto which likely resulted in compromise to the SIM cards.  There is a clear privacy implications and it would be caught under the Privacy Act.  It would be Read the rest of this entry »

Privacy article on the Drum website

February 26, 2015

The mandatory data retention debate is deeply political. The opponents and advocates eye each other off across a great political chasm.  It is not a right v left debate either.  For example Read the rest of this entry »

Information Commissioner’s Office takes action for poor data security which resulted in a hacking attack and fraud

The Federal Trade Commission in the United States of America and the Information Commissioner’s Office in the United Kingdom are building up a significant number of enforceable undertakings and fines/monetary penalty notices which gives form and substance to the legislative regimes regulating privacy.  Given the Read the rest of this entry »

The UK criminalises revenge porn. Some privacy protections.

February 25, 2015

Social media and more, usually offshore, salacious sites provide a ready means for a spurned ex or malacious current to place unauthorised private sexual photographs or videos of their opposite number on line for the purpose of humiliation and worse.  The moniker given to this invariably hideous and usually cowardly behaviour is revenge porn.

There is a need for some form of protection from authorities.  The impact of this behaviour is significant and longstanding, and usually affects women.  This is clearly seen in Read the rest of this entry »

Smart phones and privacy

February 24, 2015

The World Today story Alleged hack of world’s largest SIM card manufacturer Gemalto could affect Australian mobiles highlights several currents running through the protection of data and privacy.  The first is finding the best way to keep data secure. Technologically encryption is increasingly a minimum requirement.  Privacy guidelines make it clear that encryption of key data is good privacy practice.  However Read the rest of this entry »

US Federal Aviation Authority release proposed rules on drones and the US President issues a directive restricting surveillance by drones

February 16, 2015

The US Federal Aviation Authority (the “FAA”) has just released its long awaited rules on the use of small unmanned aerial vehicles, known as drones to most. On the same day the US President has issued a directive on the use of drones which will place limits on surveillance. The combination of these two developments Read the rest of this entry »

Privacy Commissioner gives speech on privacy governance; forshadowing assessment of 21 online privacy policies of entities

February 13, 2015

The Privacy Commissioner has just posted his most recent speech, titled Privacy Governance to the iappANZ on 11 February 2015.  The Commissioner’s prose tends to the general and intentions and directions, when voice, are couched in such opaque terms that it would be easier to Read the rest of this entry »