Canadian tax data stole through use of Heartbleed bug

April 17, 2014

In Canadian teen arrested for stealing tax data with Heartbleed the Age reports on a verifiable misuse of Heartbleed to steel personal data from the Canadian Revenue Agency.

It provides:

Canadian police have arrested a 19-year-old man and charged him in connection with exploiting the Heartbleed bug to steal taxpayer data from a government website.

In what appeared to be the first report of an attack using a flaw in software known as OpenSSL, the Canada Revenue Agency (CRA) said this week about 900 social insurance numbers and possibly other data had been compromised as a result of an attack on its site.

The suspect, Read the rest of this entry »

Hacking attack on UK medical group results in 480,000 patient records being accessed

The UK Telegraph reports in Hackers steal 500k patient records from Harley Medical Group that personal information relating to 480,000 patients of the Harley Medical Group have been accessed by hackers.  Medical records are defined as sensitive information in the Privacy Act 1988.  They are universally regarded as very confidential and the breach or misuse of medical files is generally regarded as in the category of the most serious privacy breaches.  Doctor patient confidentiality is part of the canon of medical ethics, has long been recognised at common law and, relatively, more recently received statutory recognition. That of course doesn’t prevent general practitioners and surgeons to make mistakes with patient records.  Where the real problems arise is the management of records by private health organisations, be they medical groups, insurers, hospitals or agencies and departments.  With those groups there is a danger of treating patient records as just another form of data.  Which they are most definitely not.  Regulators take a very dim view of data breaches of medical records.  As they should.  It will be interesting to see how the Privacy Commissioner exercises his newly acquired powers when there is a breach of medical confidentiality through a breach of security or other form of interferences with privacy.

The article provides:

The personal details of nearly half a million people considering cosmetic surgery may have been accessed by hackers Read the rest of this entry »

Heigal sues Duane Reade for breach of privacy arising from a retweet

April 12, 2014

The Washington Post in  Can Katherine Heigl really sue Duane Reade for tweeting her photo? Yes, and here’s why reports on Heigl suing Duane Reade for violating her privacy and using her image without her permission.

It provides:

If Katherine Heigl makes a Duane Reade run and the drug store’s Twitter account proudly tweets a photo of her in the act (in a “celebrities run errands, too, and at our fine establishment!” kind of way), can she sue them for $6 million?

The answer: Yes, she can. And she did. And she has a case.

“Love a quick run? Even @KatieHeigl can’t resist shopping ‘s favorite drugstore http://bit.ly/1gLHctI ” the Duane Reade account tweeted on March 18 with a link to gossip site Just Jared, which ran a paparazzi photo of Heigl outside the store in New York City carrying two shopping bags.

It makes sense if you Read the rest of this entry »

ACCC suffers privacy breach

April 11, 2014

The Age in Personal data exposed by ACCC security lapse reports on a privacy breach by the ACCC.

It provides:

Australia’s competition regulator has been hit with an embarrassing security lapse after its confidential email subscriber list was accidentally displayed on the internet.

The Australian Competition and Consumer Commission said Read the rest of this entry »

Heartbleed causing significant heartburn for internet security

April 9, 2014

There has been a major alert and scare about a discovered flaw in OpenSSL cryptographic software library which is used by a large number of websites.  It is reported in Web security in doubt after discovery of ‘Heartbleed’ flaw and Newly discovered encryption flaw a ‘big deal’, say security experts.  It has also been reported in the Drum in somewhat apocalyptic terms in A civilisation built upon software isn’t safe, which provides:

Go onto the web to check your bank balance Read the rest of this entry »

Facebook page on sneak photos of women eating on the London Tube raises serious privacy concerns

April 8, 2014

The Washington Post reports, in A Facebook page of sneaky photos of women eating on the Tube creeps out London, on a strange Facebook Page which is devoted to surreptitious photographing of women eating on the London Tube and then posting them on Facebook (Women who eat on tubes). As idiotic as the concept is it is a page that has 19,000 followers.  The debate about the page revolves around mysogeny and eccentric and harmless fun or even art. One important issue is the privacy of those who have had their photos taken. In UK jurisprudence the Read the rest of this entry »

Drone allegedly makes an impact of the wrong sort

April 7, 2014

That drone technology has the potential to create problems almost as great as the significant benefits it brings to civilian use has been obvious for almost the outset.  In’River of blood’ after drone ‘hits’ Australian athlete the Age reports on a possible collision between a drone and an individual.  There are competing versions of events.  Whether someone was struck by a drone or not it matters little.  The reported incident highlights the increasing use of drones in the public space.  Drones purchased from hobby shops are inexpensive and operated by anyone who can stump up the cash. That is all it takes.  Putting a camera on a drone Read the rest of this entry »

Investigation of significant data breach at Experian

April 4, 2014

Itnews reports in Experian investigated over data breach on a serious data breach at Experian.  The scope of the breach involves access to social security numbers of up to 200 million people.  Interestingly the focus of the investigation goes to whether there has been complience with data protection laws.  While the law is not directly analogous in Australia the Privacy Commissioner now has significant powers to investigate data breaches.  What does not exist yet is mandatory data breach notification laws.  Such a law almost passed in 2013.

It provides:

US law enforcement teams are jointly investigating a serious data breach involing a subsidiary of credit reporting firm Experian that exposed the social security numbers of some 200 million people to potential criminal activity.

The focus of the Read the rest of this entry »

Kenneth Roth regarding mass surveillance

April 3, 2014

I had the pleasure of attending a public lecture hosted by the Castan Centre on Surveillance and the right to privacy in a digital age  (see here) by Kenneth Roth, the Executive Director of Human Rights Watch.  It was a very useful overview of one of the biggest public policy issues relating to privacy, mass and untargeted surveillance.

Mr Roth has been active in the media in the last week and published an opinion piece in the Fairfax press, Privacy: rationales governments use to claim mass snooping is legal, which is a very interesting overview of the developments in privacy protections since Read the rest of this entry »

The Australian Retail Credit Association applies to vary the Credit Reporting Code

On 31 March 2014 the Australian Retail Credit Association (the “ARCA”) has applied to vary the Credit Reporting Code to extend from 5 days to 14 day grace period for repayment history to be classified as a missed payment.

The Privacy Commissioner is considering the application. It is unlikely that he will reject it.  It is a pro consumer amendment being sought by the ARCA.

The CR Code is found here