Peter A Clarke

Another case of compare and contrast between privacy regulators.  In the UK the Information Commissioner’s Office has announced the finding of investigations involving the use of personal information provided to Facebook by Cambridge Analytica.  The size of the breach of the Data Protection Act is enormous involving up to 87 million users worldwide.  The UK Information Commissioner commenced it investigation into Facebook in February.  It now announces its intention to fine Facebook a maximum of £500,000 as well as Read the rest of this entry »

The Australian in Facebook hit by Australian compensation case for data theft reports that the litigation funder IMF Bentham have lodged a representative complaint with the Office of the Information Commissioner arising out of the Cambridge Analytica use of personal information gleaned from Facebook.  One of the more egregious breaches of privacy by Facebook in recent times.  Which is saying something!  The story is also picked up by the Guardian in Compensation sought for Australians caught up in Facebook privacy breach.

Representative claims before the Information Commissioner is a rarely used provision.  The IMF Bentham quite lengthy statement relevantly Read the rest of this entry »

The Australian Government Agencies Privacy Code came into effect yesterday.  That is effectively today.

As the Privacy Commissioner notes on its media release under the Code agencies are Read the rest of this entry »

There is a regularity with certain types of breaches.  I posted on 11 September 2014 about the privacy problems with mobile apps.  Privacy controls are generally terrible.  The HealthEngine app, marketed as Australia’s biggest online doctors appointment booking service is reported to have used personal information Read the rest of this entry »

In the Sydney Morning Herald today in The dark side of personal data and why it pays to care about it  highlighted a warning by Jim McKelvey, and co founder of Square, on the misuse of personal data and the people’s loss of control in their information.  This is an growing problem with data brokers and algorithms resulting in personal information finding its way to unintended and unwelcome sources to a worrying Read the rest of this entry »

Policy development Australian style.  Barnaby Joyce now wants an enforceable tort of privacy.  Or so it seems from the Fairfax piece Barnaby Joyce regrets paid television interview,  the Australian in Barnaby Joyce calls for privacy law overhaul, defends actions after altercation with photographer, on the AM program today  and by ABC in Barnaby Joyce wants privacy laws, denies argument is hypocritical after opposition to abortion clinic safe zones. Presumably that means a statute based cause of action as recommended by the Australian Law Reform Commission.  It is relevant to note that in 2008, when the Australian Law Reform Commission recommended a statutory cause of action for serious invasion of privacy Joyce was a senior member of the opposition front bench and in 2013 when the Australian Law Reform Commission again made a similar recommendation in its report Serious invasions in the Digital era Joyce was a member of Cabinet.  He did not voice any support for such a cause of action during either time.  In 2011 the only open support came from the Greens and Paul Keating.

In 2011 the Home Affairs Minister instigated the second inquiry by the Australian Law reform Commission on the benefit and need for an statutory right of action of serious invasion of privacy.  The need for this second inquiry was always questionable.  The facts had not changed between 2008 and 2011. A tort of serious invasion of privacy could have been enacted at the same time as the Privacy Act was amended in 2011.  There was no legal basis for not taking action then. It was a failure of political will and public policy.  There is a big question mark as to Read the rest of this entry »

The Australian Cyber Security Minister Angus Taylor has flagged legislation to give agencies the ability to access encrypted data of individuals who are suspected of committing certain crimes or undertaking certain activities.  It is something of a mystery how the legislation will be framed although the suggestion is that telcos or platforms, such as Facebook, Apple and Google will be required to co operate. The Australian summed it up with Encrypted data access plan, but no detail.  There are three dangers.  The first is Read the rest of this entry »

There are signs that the complicated Data Breach Notification laws are having an impact.  PageUp, a human resources firm has been hit by a data breach.  It’s general statement is masterful in its vagueness providing:

As part of our commitment to keeping our global community of users and partners informed, we wish to advise you of unauthorised activity discovered on the PageUp system.

On May 23, 2018, PageUp detected unusual activity on its IT infrastructure and immediately launched a forensic investigation. On May 28, 2018 our investigations revealed that we have some indicators that client data may have been compromised, a forensic investigation with assistance from an independent 3rd party is currently ongoing.

We take cyber security very seriously and have been working together with international law enforcement, government authorities and independent security experts to fully investigate the matter.

There is no evidence that there is still an active threat, and the jobs website can continue to be used. All client user and candidate passwords in our database are hashed using bcrypt and salted, however, out of an abundance of caution, we suggest users change their password.

We apologise for any concerns and inconvenience this incident has caused and have developed the below FAQs to help address any queries the community may have. These FAQs will be updated as any new information arises, and should serve as the central destination for updates about this matter. Thank you.

Even with the woolly language it is clear Read the rest of this entry »

The UK Information Commissioner’s Office has once again shown how it should be done.  The Bayswater Medical Centre left highly sensitive medical information unsecured in an empty building for more than 18 months.

The Centre vacated a building which it leased in July 2015 after moving to new premises, but continued to use it as a storage facility.  Another local GP surgery, NHS West London CCG, was interested in taking over the lease of the empty building.  It had access from June 2016.  Employees of NHS West London CCG informed the Centre that there were unsecured ‘Lloyd George Records’ on the site. The Centre acknowledged that was the case.  Foolishly the Centre did nothing about the records even when Read the rest of this entry »

The implementation of the GDPR has been followed by the enactment of the new UK Data Protection Act 2018.  The Act highlight the increasing sophistication of data protection laws in the UK/Europe sphere.

The Act contains provisions will which allow for continuation of the GDPR and also implements the EU Law Enforcement Directive, setting Read the rest of this entry »