Notwithstanding poor data security and inept regulation data breaches have a very significant impact on both reputation and bottom line, oftentimes one being tied in with the other.  British Airways suffered a data breach, by means of a cyber attack by criminal hackers, sometime between 21 August and 5 September 2018 which compromised personal and financial information, being credit card details, of more than 380,000 customers.   Unfortunately British Airways has been hacked before with its Executive Club being hacked in 2015.

Properly advised and motivated it is possible to contain the damage from a data breach, even one as large as that of British Airways.  The key is Read the rest of this entry »

I previously posted on the passage of the Enhancing On Line Safety (Non consensual sharing of intimate images) Act 2018.  The E Commissioner issued a media release today highlighting the powers the office now has to take enforcement action to force removal of image based abuse material.

The Act was assented to on 31 August 2018.  It commenced on 1 September 2018.

There is much to be said for a regulator to have powers to take require non consensual intimate images be taken down from sites.  It won’t Read the rest of this entry »

There is controversy surrounding the Victorian Government’s tabling of 80,000 documents relating to the actions of the now Opposition Leader, Matthew Guy, when he was Planning Minister.  The underlying motive for the release seems to be more about politics than law which is of little interest to this blog.  What is interesting is that in tabling these documents there is a likelihood that it disclosed personal information relating to individuals, including health information. The nature of the personal information included the name of a lawyer, her mental health, her financial and familial details .  Initially published on line they have now been removed. That of course does not mean that personal information was not downloaded, copied or reproduced elsewhere during the time in which it was on line. And it appears that the rash action has resulted in significant scrambling by the Government in terms of apologies and the like.  That of course only goes so far, as in nowhere, in terms of liability. It claimed that the privacy breach was inadvertent.  That will cut very little mustard if put under forensic scrutiny in a court.  The tabling of a document in Parliament is as advertent as one can get.

That may be a breach Read the rest of this entry »

Phishing and spear phishing have been mainstay tools in the armaments of hackers and cyber criminals.  With proper privacy and data protection training they should not be particularly effective.  However they are because many organisations and agencies pay scant regard to training staff properly which is paradoxical given they generally spend a fortune on physical security and usually have reasonable to very good cyber security programs.  None of that helps if a hacker obtains a password and log in details.

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details (and money) by often impersonating a  trustworthy entity such as a fellow staff member or through a well disguised electronic communication.  Phishing often involves the use of psychological techniques to build trust and confidence.  Spear phishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.  

The Australian Competition and Consumer Commission last week released a media report highlighting the new development used by phishers to get access to computer and bank accounts.  The twist is that the scams involve impersonation of police or business people who are supposedly trying to stop a scam.  In 2018 alone that Read the rest of this entry »

There is something of a myth propogated by those who would prefer less not more privacy protections, that there is no need for improved privacy protections and the community is not clamouring for more protections.  It is an entirely paternalistic approach to public policy that rarely squares with the evidence.  When surveyed there is a concern about lack of privacy protections and use/sharing of personal information.  For example the Pew Research Center in 2014 found that 91% of Americans agreed or strongly agreed that people have lost control over how personal information is collected.  Last year Pew found Read the rest of this entry »

Staff accessing personal information is a chronic problem in the health, police and financial services sector.  In Victoria the Victoria Police’s Leap data base, which contains personal information of most Victorians, has been misused on a depressingly regular basis with inadequate sanction for those breaches.  Only in the financial services sector does enforcement action tend to be swift and decisive.

In the health sector the culture is poor and breaches tend not to result in significant sanction.  And the private health sector is most vulnerable to data breaches.  And there are so many ways that those in the health sector can cause data breaches including in the last week a mailing error which resulted in releasing children’s health information in Missouri,  in the UK a hospital worker accessed the medical records of her boyfriend’s ex partner.  She used the details obtained to text obscenities to the victim of this privacy breach.  Given the nature of the breach and the subsequent misuse of the information it is not surprising that the health worker is no longer employed by the NHS. And a nurse at the Texas Children’s hospital was fired after posting on social media information about a rare measles case involving a boy aged between 1 – 3 years of age.  All of these cases involved human error at increasing levels of stupidity and incompetence.

Today there is another confirmation that the problem in the health sector continues unabated in Australia is a report from Perth Now that between 2014/15 and 2016/17 there were 40 breaches of patient confidentiality under West Australia’s health Act.  The actual number of data breaches are likely to be greater given Read the rest of this entry »

The High Court in Trkulja v Google LLC [2018] HCA 25 upheld an appeal from the Victorian Court of Appeal regarding a summary judgment application. It is a very significant decision in relation to pleading the of defamation when the imputations arise from search engine results.

FACTS

While not enamoured of the drafting the Court noted that the Appellant’s (Trkulja”) Amended Statement of Claim was  sufficiently comprehensible to convey that Trkulja alleged that:

• Google defamed him by publishing images which convey imputations that he:
  • “is a hardened and serious criminal in Melbourne”, in the same league as figures such as “convicted murderer” Carl Williams, “underworld killer” Andrew “Benji” Veniamin, “notorious murderer” Tony Mokbel and “Mafia Boss” Mario Rocco Condello;
  • is an associate of Veniamin, Williams and Mokbel; and
  • is “such a significant figure in the Melbourne criminal underworld that events involving him are recorded on a website that chronicles crime in [the] Melbourne criminal underworld”[3].
• Google published the defamatory images between 1 December 2012 and 3 March 2014 to persons in Victoria, including several named persons, upon those persons accessing the Google website, searching for  Trkulja’s name or alias (Michael Trkulja and Milorad Trkulja), and then viewing and perceiving the images presented on-screen in response to the search [4].
• the allegedly defamatory matters  comprising two groups:
  • “the Google Images matter” and
  • “the Google Web matter” [5]
• some of the pages include an image that contains text stating, inter alia, “Google lawsuit in court”, “COLOURFUL Melbourne identity Michael Trkulja” and “Mr Trkulja an associate of Mick Gatto” [7]
•  the images matter and the web matter are defamatory of  Trkulja in their natural and ordinary meaning and  carry the following defamatory imputations:

Read the rest of this entry »

The Victorian Supreme Court in A G Coombs Pty Ltd v M & V Consultants Pty Ltd (in liq) [2018] VSC 468 considered and dismissed a plaintiffs’ application for injunctive relief to prevent an application under section 459 of the Corporations Act 2001 being made.

FACTS

On Friday 15 June 2018, the plaintiffs sought urgent interlocutory relief and final relief by way of an injunction to enjoin the defendant from making an application under s 459P of the Corporations Act 2001 (Cth) to wind up each of the plaintiffs in insolvency in connection with statutory demands Read the rest of this entry »

Universities and institutes of higher learning hold enormous amounts of intellectual property that is valued by foreign governments or those wanting to obtain financial advantage without the effort.  They are prime targets for cyber attacks.  As are law firms which often have data relating to intellectual property claims or litigation.

In March 2018 the United States filed indictments against Iranian Revolutionary Guards for hacking computers of 7,998 professors at 320 computers involving 144 universities as well as other institutions  over the last 5 years.  In early July 2018 the Guardian reported that the Australian National University was hit by Chinese hackers.  As did the Australian.

This week ARN reports in Seven Australian universities targeted in global hacking campaign reports that 7 Australian Universities as part of a global action targeting Read the rest of this entry »

Privacy breaches in the health industry are depressingly common.  Almost commonplace in hospitals.  The reasons are not hard to find; many access points to information from clip boards at a patients bed or in a rack at a counter to a click of a button at a computer accessed by many staff, a large number of staff and high turnover and a generally poor privacy culture by senior medical staff.   That is compounded by generally poor privacy protocols, inadequate training and an implied preference to be criticised for inevitable breaches rather than a root and branch change in policy and practice.  It helps not one bit that the State and Federal regulators are lackluster operators.

So it is not at all surprising to Read the rest of this entry »