A relevant and timely report on poor use of data and article on the dark side of using personal data

June 12, 2018

In the Sydney Morning Herald today in The dark side of personal data and why it pays to care about it  highlighted a warning by Jim McKelvey, and co founder of Square, on the misuse of personal data and the people’s loss of control in their information.  This is an growing problem with data brokers and algorithms resulting in personal information finding its way to unintended and unwelcome sources to a worrying Read the rest of this entry »

Barnaby Joyce calls for a tort of privacy…now…when he can’t do much about getting it

June 11, 2018

Policy development Australian style.  Barnaby Joyce now wants an enforceable tort of privacy.  Or so it seems from the Fairfax piece Barnaby Joyce regrets paid television interview,  the Australian in Barnaby Joyce calls for privacy law overhaul, defends actions after altercation with photographer, on the AM program today  and by ABC in Barnaby Joyce wants privacy laws, denies argument is hypocritical after opposition to abortion clinic safe zones. Presumably that means a statute based cause of action as recommended by the Australian Law Reform Commission.  It is relevant to note that in 2008, when the Australian Law Reform Commission recommended a statutory cause of action for serious invasion of privacy Joyce was a senior member of the opposition front bench and in 2013 when the Australian Law Reform Commission again made a similar recommendation in its report Serious invasions in the Digital era Joyce was a member of Cabinet.  He did not voice any support for such a cause of action during either time.  In 2011 the only open support came from the Greens and Paul Keating.

In 2011 the Home Affairs Minister instigated the second inquiry by the Australian Law reform Commission on the benefit and need for an statutory right of action of serious invasion of privacy.  The need for this second inquiry was always questionable.  The facts had not changed between 2008 and 2011. A tort of serious invasion of privacy could have been enacted at the same time as the Privacy Act was amended in 2011.  There was no legal basis for not taking action then. It was a failure of political will and public policy.  There is a big question mark as to Read the rest of this entry »

Access to encrypted data plan flagged… but not the how

June 8, 2018

The Australian Cyber Security Minister Angus Taylor has flagged legislation to give agencies the ability to access encrypted data of individuals who are suspected of committing certain crimes or undertaking certain activities.  It is something of a mystery how the legislation will be framed although the suggestion is that telcos or platforms, such as Facebook, Apple and Google will be required to co operate. The Australian summed it up with Encrypted data access plan, but no detail.  There are three dangers.  The first is Read the rest of this entry »

Software firm PageUp suffers a data breach..notifies affected users

June 6, 2018

There are signs that the complicated Data Breach Notification laws are having an impact.  PageUp, a human resources firm has been hit by a data breach.  It’s general statement is masterful in its vagueness providing:

As part of our commitment to keeping our global community of users and partners informed, we wish to advise you of unauthorised activity discovered on the PageUp system.

On May 23, 2018, PageUp detected unusual activity on its IT infrastructure and immediately launched a forensic investigation. On May 28, 2018 our investigations revealed that we have some indicators that client data may have been compromised, a forensic investigation with assistance from an independent 3rd party is currently ongoing.

We take cyber security very seriously and have been working together with international law enforcement, government authorities and independent security experts to fully investigate the matter.

There is no evidence that there is still an active threat, and the jobs website can continue to be used. All client user and candidate passwords in our database are hashed using bcrypt and salted, however, out of an abundance of caution, we suggest users change their password.

We apologise for any concerns and inconvenience this incident has caused and have developed the below FAQs to help address any queries the community may have. These FAQs will be updated as any new information arises, and should serve as the central destination for updates about this matter. Thank you.

Even with the woolly language it is clear Read the rest of this entry »

UK Information Commissioner fines General Practitioner 35,000 pounds for failing to secure medical records

The UK Information Commissioner’s Office has once again shown how it should be done.  The Bayswater Medical Centre left highly sensitive medical information unsecured in an empty building for more than 18 months.

The Centre vacated a building which it leased in July 2015 after moving to new premises, but continued to use it as a storage facility.  Another local GP surgery, NHS West London CCG, was interested in taking over the lease of the empty building.  It had access from June 2016.  Employees of NHS West London CCG informed the Centre that there were unsecured ‘Lloyd George Records’ on the site. The Centre acknowledged that was the case.  Foolishly the Centre did nothing about the records even when Read the rest of this entry »

UK Data Protection Act finalised

June 5, 2018

The implementation of the GDPR has been followed by the enactment of the new UK Data Protection Act 2018.  The Act highlight the increasing sophistication of data protection laws in the UK/Europe sphere.

The Act contains provisions will which allow for continuation of the GDPR and also implements the EU Law Enforcement Directive, setting Read the rest of this entry »

Privacy (Credit Reporting) Code 2014 variations approved by Australian Information Commissioner

On 8 December 2017 Price Waterhouse Coopers, better known as pwc, undertook a review of the Privacy (Credit Reporting) Code 2014.  On 29 May 2018 the acting Information Commissioner and Privacy Commissioner has approved variations to the Privacy Credit Reporting Code 2014.

As a result of that review the Commissioner has amended the following Read the rest of this entry »

Privacy Commissioner seriously disappoints with the Centrelink investigation

June 4, 2018

It is hard to be more disappointed with the Privacy Commissioner given the consistently inadequate determinations and tepid regulation.  But the Acting Commissioner has managed to show that with time and effort even more dreadful decisions are possible in privacy regulation in Australia.  That is amply displayed in the Commissioner’s response to the Centrelink release of personal information about a Ms Fox who wrote an article critical of Centrelink’s automated debt recovery system as it was used upon her.

The Commissioner’s “concluding statement” Read the rest of this entry »

UK Information Commissioner fines University of Greenwich 120,000 pounds for serious security breach

The comparison between Australia and the UK on data protection comes into sharp focus with the Information Commissioner’s announcement that the University of Greenwich has been slugged a £120,000 fine for a data breach which involved 20,000 people, including students and staff.

The breach involved a microsite set up in 2004, not closed Read the rest of this entry »

Barnaby Joyce lodges complaint about exposing his relationship with Vick Campion

May 28, 2018

The Australian reports that both Barnaby Joyce and Vikki Campion have lodged a complaint with the Australian Press Council against the Daily Telegraph for breaching their privacy.

At the time the story broke I thought that Campion had a fairly good chance of bringing a privacy action, even an injunction, against the Daily Telegraph relying on the equitable claim of misuse of private information.  The problem was the story ran, and ran and ran and with each lap of the oval the chances of bringing a successful claim diminishes.   Joyce’s conduct in giving interviews, then calling for privacy, then calling for privacy while giving interviews makes any claim in equity difficult.

It helps little that the media apply little analysis to the privacy issues involved in this situation.  Caroline Overington’s piece, Barnaby Joyce has made his son Sebastian public property, is breathtakingly foolish in the privacy rights of the Joyce-Campion’s child.  The article seems to be a half baked attempt at being ever so witty.  But there is a real dark side to it, one that reveals the breathtaking ignorance that many in the media have about basic privacy principles. Such as the statement:

The Joyce affair led to a new Ministerial Code of Conduct, a new rule, that prevents fraternisation between ministers and their staff.

It’s a political story, and he’s going to sell it.

It’s an ugly situation, unimaginable even a generation ago. And the ramifications for Sebastian are serious: this gives the media license to continue to report on the Joyce marriage, its breakdown, the new relationship, forevermore.

Like it or not, this child’s story is now public property. It’s been put up for sale, for the public’s consumption.

(emphasis added)

The child’s story, as in about the child rather than Joyce/Campion, is not public property.  It is a useful assertion for the media, but matters relating to the child are private, not political and certainly not public.

A complaint to the Press Council is of some moment to some media insiders.  It has no power to make orders compelling a member to do anything.  As it says:

The Council has no power to order compensation, fines or other financial sanctions. Where a complaint is upheld, the adjudication may also include a reprimand or censure, and may explicitly call for (but not require) apologies, retractions, corrections or other specified remedial action by the publisher. The Council may also call for specific measures to prevent recurrence of the type of breach in question.

For those who feel their privacy has been invaded and want real and substantial action the Press Council is of little use.  Unfortunately Read the rest of this entry »