Tumblr’s massive security breach has consequences

May 31, 2016

The consequences of a data breach can sometimes take an age to resolve.  The ongoing reputational damage can be excrutiating.  As Tumblr is discovering.  In 2013 there was a security breach into the Zendesk styem which resulted in data breaches into three of their clients; Twitter, Pinterest and Tumblr. This was reported by Wired in  Zendesk Security Breach Affects Twitter, Tumblr and Pinterest.

Tumbler has just notified its users Read the rest of this entry »

Information Commissioner prosecuting ex employee taking personal information from previous place of work

May 27, 2016

It is quite common for equitable claims for breach of confidence relate to private commercial information being taken by ex employees to be used by competitors.  A new take is Read the rest of this entry »

Reddit having to change passwords because of data breach

The need to keep proper data security comes into focus when the stories about the need to notify users that passwords have been compromised and need to be reset.  LinkedIn has been through that particular nightmare recently while Reddit has been forced to reset 100,000 passwords as reported in  Reddit Forced to Reset 100,000 Passwords After ‘Uptick’ In Hacked Accounts.

Compromised passwords mean Read the rest of this entry »

7.30 reports on the use of personal information by credit providers, potential issues with the Credit Provisions of the Privacy Act

May 26, 2016

The credit reporting provisiosns and protections incorporated into the Privacy Act in December 2012 and taking effect on 12 March 2014 are designed to provide real and detailed controls on the use and disclosure of credit information and improve the accuracy of data collected by credti reporting agency. This was part of the Read the rest of this entry »

Swift CEO calls for great cyber security for banks

May 25, 2016

Cyber attacks on banks are becoming a very significant problem alongside pervasive ransomware attacks.  Recently a cyber attack on  Bangladesh Central Bank resulting in a theft of $81 million.

This issue has been highlighted by the international financial network SWIFT’s CEO Gottfried Leibbrandt who delivered the keynote address at the 14th annual European Financial Services Conference in Brussels.  He announced Read the rest of this entry »

Email addresses sent with a Do Not Call Register notice in significant data breach

In Email fail at Do Not Call Register, thousands of contacts exposed CRN reports on a significant data breach involving the release of thousands of emails  when an email was sent on behalf of the Don Not Call Register.  Interestingly ACMA in DNCR: enforcement outcomes sets out the consequences of breaches of the Do Not Call Register.  As late as Read the rest of this entry »

The US National Telecommunications and Information Administration releases Voluntary best practice guide for use of drones.

May 23, 2016

The US National Telecommunications and Information Administration (the “NTIA”) has since February 15 2015 been involved in considering the privacy, transparency and accountability issues regarding the use of drones.  Through its processes it has released an Read the rest of this entry »

Linked In and the hacked IDs.

Linked In’s problems since its database was breached and personal information stolen in 2012 continues at a pace.  In January affected Linked In users settled their claim for $13 million.  The BBC, amongst others (eg see  Hackers selling 117 million LinkedIn passwords, Change your LinkedIn password right now), reports that Linked In IDs are now being advertised for sale. That has Read the rest of this entry »

Hong Kong Monetary Authority introduces new cybersecurity initiative for its banks

May 22, 2016

The Hong Kong Monetary Authority (HKMA) has introduced a new “cybersecurity fortification initiative” so as to increase raise the level of cybersecurity of Hong Kong banks.  As a result banks in Hong Kong will face stiffer cybersecurity obligations with  banks being required to implement the plans as part of their regulatory compliance duties.

The initiative includes:

  • a new framework to help banks assess the cyber risks that apply to their business and what steps they need to take to address them.
  • a new training and certification programme
  •  a new platform to enable industry-wide sharing of “cyber intelligence”.

Read the rest of this entry »

Privacy Commissioner releases draft Guide to big data and the Australian Privacy Principles

May 20, 2016

The Privacy Commissioner has issued a draft guide to big data and the Australian Privacy Principles.  The closing dates for submissions is 26 July 2016.

It relevantly provides Read the rest of this entry »