There have been a few  articles on “the end of privacy” in the recent past including The Monthly and Thomas Friedman.  While it is useful to have an ongoing discussion on privacy, in particular the legal concept and protections, all to often the commentary and reportage is reduced to a jeremiad about how privacy is lost and never to be regained.  Generally good copy on an emotional level but analytical dross.

In the Monthly’s The end of secrets, Privacy is fast becoming a quaint old-fashioned thing while trying to be an interesting overview of the concept of privacy, the role of government surveillance, its abuse, the cult of celebrity and its conflict with privacy it ends up being a very well written jumble.  It daintily steps onto the various touchstone issues and then moves onto the next.  But well polished sentences do not a strong analytical piece. It is at best a taste of the issues.

It provides:

On a Sunday afternoon in late April, in a grand old ballroom in Melbourne, I read aloud a love letter I’d written to a man I call “my mysterious stranger”. The man, never named in the letter, was not present. I have never shown it to him. I wrote it to share with some 400 other strangers, mysterious in their own right but all aware that what goes on in the ballroom stays in the ballroom. No recordings, no tweets. Such are the ground rules of Marieke Hardy and Michaela McGuire’s Women of Letters events: though open to the public, they’re gloriously private. Read the rest of this entry »

There have been privacy proceedings against Google in Europe from both individuals and regulators with a frequency bordering on regularity. The most famous case of recent origin was the right to be forgotten case (Europen Court of justice media release here and the cae of Gonzalez v Google is here)

The Age reports in Google to face privacy lawsuit in the US tbat Android phone users are taking action against Google in what is framed as a breach of contract and fraud claim but really relates to a privacy related course of conduct.  Unfortunately the constraints on privacy protection through the privacy tort are significant so often it becomes necessary to Read the rest of this entry »

The Information Commissioner’s annual report for the 2013/14 provides some sobering statistics including:

• receiving 14,738 data protection complaints in the past year.  It received 13,760 in the previous year.
• resolving 15,492 data protection complaints in the last 12 months.
• half of all the data protection complaints related to the alleged mishandling of subject access requests.
• of  17% were directed at lenders, 12% at local government agencies and 10% at health bodies.
• the ICO launching an investigation into  1,755 data protection cases  and imposing fines totalling £1.97 million for serious breach of the Data Protection Act.
• more than 260 reports from communication service providers about personal data security breaches they suffered.

It is relevant to note that pursuant to the EU’s directive on the notification of personal data breaches data breach notification is mandatory to inform the ICO within 24 hours of detection of a personal data breach.  With that notification the ICO should be supplied with categories of information about the breach, including Read the rest of this entry »

There is a red faced court reporter in Ohio at the moment.  The hapless person lost a laptop computer and usb stick from an office inside the Summit County Courthouse as is reported in Laptop with sensitive information stolen from Summit County Courthouse.

 Losing computers and flash drives is a moment of annoyance and possibly a hit to the wallet. It gets more serious when the devices contain sensitive information about ongoing court cases.  Then it is a serious privacy breach.

Portable devices are notorious weak points in data security and Read the rest of this entry »

Anonymous communication is an important feature of the internet.  It finds little favour with older users and organisations.  But APP 8 of the Privacy Act makes it clear that except where the exceptions apply (and they can be broad ranging in some areas) an individual should have the right to communicate anonymously or pseudonymously.

Apps are notoriously dangerous from a privacy perspective.  The security architecture is often weak, the means by which they transfer data insecure with poor privacy policies let alone protocols, programs and training to deal with privacy breaches.

It is then curious that a company called Secret has developed an app to let users post messages anonymously, even on Facebook as reported in Secret, an app for posting anonymously lets users tap into Facebook.  Of course, as with many apps. the price for using the product for free is Read the rest of this entry »

A constant problem in the digital age is deleting data stored on digital devices. Computers, photocopiers, scanners, printers and smart phones have, to a greater and lesser extent, storage capacity.  They are devices that are readily turned over, sometimes for resale.  Personal information stored on those devices is as much the responsibility of an organisation if it is covered by the Privacy Act or state legislation.  Documents are Read the rest of this entry »

The current edition of the Economist has a special report on cybersecurity.  For those practising in privacy law it should be mandatory reading.  It gives a brilliant synopsis (as the Economist can do so well) of the key issues and future developments. For those just interested in cyber security it should also be mandatory reading.

In the series of articles:

• Defending the digital frontier
• Hackers Inc
• Zero-day game Read the rest of this entry »

The Privacy Commissioner has conducted an own motion investigation into Pound Road Medical Centre. The investigation applied to the Privacy Act prior to the amendments taking effect on 12 March 2014.  

FACTS

On 23 November 2013, a shed located at 16 Amberley Park Drive, Narre Warren South was broken into.  There were boxes of medical records located in a locked shed.  During the break in the boxes, and therefore the documents, were compromised.  The medical records were created when PRMC operated as a medical centre at the site.  PRMC ceased operating the medical practice at the site from 6 April 2011, and since this date has conducted its practice from new premises.

In about October 2012, the records were transferred from a locked room inside the site to the shed so that renovations for sale of the site could occur. The  shed door was locked with three padlocks. PRMC believed that all the paper-based health records stored at the site were transferred to a locked store at its new premises.

A representative from PRMC initially visited the site two to three times a week and later once a week for purposes of maintenance, repairs and renovations to prepare the site for sale.

The Office of the Australian Information Commissioner (OAIC) was notified that there were boxes of unsecured medical records at the site on 25 November 2013.

The personal information compromised in the data breach consisted of:

1. patients’ ‘identifying particulars’, Read the rest of this entry »

House of Representatives Standing Committee on Social Policy and Legal Affairs has handed down the report Eyes in the Sky, based on its inquiry into drone technology.  It is a comprehensive report which hands down some very useful and sensible recommendations.  Including Recommendation 3 which recommends legislation which provides protection against privacy invasive technologies. It goes further and recommends creating a tort of serious invasion of privacy.  It is the latest in a long line of committees and Commissions to come to the conclusion, the inevitable logical conclusion, that there is a serious gap in Australia’s legal protections and a tort of privacy is required to fill that gap.  Governments of both persuasions have been avoided, ignored or just plain danced on the spot on the issue and abrogated their responsibilities.  But the technology develops at a pace and the issue looms large as a practical problem for more than academics.

The Committee’s press release provides:

New privacy laws might be needed Read the rest of this entry »

On the human side of data security maintaining strong passwords is a continuous challenge.  As Wired reports on How to Teach Humans to Remember Really Complex Passwords the use of “password” is depressingly common.  As is “qwerty.”  A recipe for disaster.  The Wired article reports on an experiment that will be held to teach people to remember complicated passwords and passphrases.  That is one key way of minimising the chance of hacking.  Long string almost randomised passwords cost hackers Read the rest of this entry »