Privacy Commissioner relases Business Resource for small business

July 22, 2015

The Privacy Commissioner has released the Business Resource 10, regarding compliance by small business with the Privacy Act.

It is found here. A useful resource Read the rest of this entry »

Reinhart reportedly bringing privacy related action against Channel Nine

July 21, 2015

The Australian Financial Review in Gina Rinehart mounts privacy claim against Channel Nine that Ms Rinehart is seeking to bring a privacy related action against Read the rest of this entry »

Data breaches in the health system

July 7, 2015

Notwithstanding the critical importance of privacy in the health there remains chronic problems with maintaining proper data security in the sector. The BBC story East Sussex NHS Trust apologies over data breach which reports that in the UK a USB stick containing personal information collected by the National Health Service which was found by a member of the public.   Meanwhile in New Zealand, according to Swift apology after mental health privacy breach, a mental health support group revealed the email addresses of hundreds of people with anxiety disorders.  Poor data management is at Read the rest of this entry »

Another review of privacy protections

July 6, 2015

The Australian Law Reform Commission has looked into it twice, the New South Law Reform Commission once, the Victorian Law Reform Commission once and a House of Representative Committee and that of the Victorian Legislative Assembly has endorsed it.  Yet there is another pressing Read the rest of this entry »

Enhancing Online Safety for Children Act takes effect today

July 1, 2015

The Enhancing Online Safety for Children Act 2015 commences today.  It is legislation which potentially may have significant impact on social media.  It is quite Read the rest of this entry »

UK Cyber Risk Survey Report reveals weaknesses in business’ dealing with suppliers

June 28, 2015

As the Board of Target USA will attest, or those that remain, making sure suppliers have adequate cyber security controls are critical in maintaining a proper data security system.  Target’s massive data breach was instigated from a third party site which had poor data security. Businesses work their suppliers on line as much as in person.  And that interconnection is growing not subsiding.  According to a recent survey by an insurance broker Marsh, titled UK 2015 Cyber Risk Survey Report less than one in three companies surveyed review their suppliers cyber protection, or more accurately their exposure to a data breach.  This raises compliance issues for Read the rest of this entry »

Privacy Commissioner investigates alleged breach of iiNet data breach

The Privacy Commissioner has announced an investigation into the widely reported likely breach of iiNet.  Notably the breach occurred during the period in which the Privacy Commissioner has enhanced powers, that is after 12 March 2014. The sanctions can be significant, including Read the rest of this entry »

PG and Television New Zealand Ltd – 2014-090: Privacy breach

June 24, 2015

The New Zealand Broadcast Authority has upheld a privacy complaint against Television New Zealand Ltd in PG and Television New Zealand Ltd – 2014-090.

FACTS

During an episode of Water Patrol, a reality TV series following the work of the New Zealand Police,  footage of the complainant (PG) in his boat was shown . The footage Read the rest of this entry »

Optus reportedly hands over user phone numbers to third party websites

Itnews reports in Optus admits handing user phone numbers to websites that Optus has admitted to engaging in the practice of providing customer phone numbers to websites which are accessed by that customer.  As the article makes clear this practice has, understandably and with strong basis in law, raised privacy concerns.  There is no prior consent sought or notice of this practice.
Read the rest of this entry »

Mandatory data breach notification laws enacted in Canada

June 22, 2015

The Canadian House of Commons has passed (on 18 June 2015) the Digital Privacy Act, amending the Personal Information Protection and Electronic Documents Act.  The key provisions are mandatory data breach notification requirements whereby an organisation will be required to notify the Office of the Privacy Commissioner of Canada following a breach of security safeguards involving personal information under its control when there is a real risk of significant harm to individuals from the breach. Importantly the organisations will also be required to notify affected individuals. There will also be Read the rest of this entry »