The Fairfax press has run a legitimate, if breathless, report on fridges having the potential to turned into listening devices in Queensland police say fridges could be turned into listening devices.  The context of the story is about parliamentary inquiry into surveillance powers.  It touches on two neglected but potent developments; the new modes of surveillance, in this case using connected devices, and the expansion of the internet of things, with the attendant weakness with data security and privacy protections.  It is a timely reminder of Read the rest of this entry »

The Supreme Court, per Randall AsJ, considered an application to set aside a statutory demand in Re Bendigo Central Pharmacy Pty Ltd [2017] VSC 419. The key issue was whether issues ultimately relied upon were raised in the Plaintiff’s initial affidavit, filed within 21 days of the statutory demand being served and the scope and operation of Graywinter affidavits.

FACTS

The debt relied upon in the statutory demand Read the rest of this entry »

It is not too common that Sweden finds its itself as the victim of a massive data breach.  It was an early implementer of data protection laws and generally has been seen as having a good system in place to protect personal information.  As the itnews article  Sweden exposed sensitive data on citizens, military personnel and the New York Times with Swedish Government Scrambles to Contain Damage From Data Breach that maintaining proper data security is a constant challenge. It is likely to Read the rest of this entry »

Lloyds has published a report titled Counting the Cost where it estimates that of the potential economic impact of a hypothetical malicious hack on a cloud service provider, and attacks on vulnerable computer systems run by businesses around the world could be as high as $53bn and $28.7bn respectively. A cloud service disruption scenario, because of the uncertainty around aggregating cyber losses could result in losses as high as $121bn, or Read the rest of this entry »

The Victorian Court of Appeal in Culve Engineering Pty Ltd v Apollo General Engineering (Aust) Pty Ltd (in liq) [2017] VSCA 182 considered the scope and operation of Rules to permit a substitution order being made.

FACTS

The third applicant, Sandra Cerrato, was the executrix of the deceased estate of her father, Rocco Cerrato who . Mr Cerrato died on 14 August 2014 [1]. Prior to and in  2010 Mr Cerrato was a director of the first applicant, Culve Engineering Pty Ltd (‘Culve Engineering’), the second applicant, Tena Denham Nominees Pty Ltd (‘Tena Denham’), and the first respondent, Apollo General Engineering (Aust) Pty Ltd (in liquidation) (‘Apollo’) [2]. Ms Cerrato was joined as a defendant to this proceeding in her capacity as executrix in substitution for her father by an order made by an associate judge on 18 September 2015. She and the other applicants unsuccessfully appealed that decision to a judge in the Trial Division [3].

Prior to 21 April 2010 Apollo carried on Read the rest of this entry »

It is almost embarrassing to say that data is big business.  Personal information is the wheat that is separated from the digital chaff. The Federal Trade Commission issued a complaint against Blue Global Media in what was an egregious program of getting consumers to fill out loan applications and on selling that data, including personal information and sensitive information which in the US context includes social security number and credit card details, to parties willing to pay for leads. As is commonly the case the FTC Read the rest of this entry »

The Ashley Madison breach of 2015 when 25 gigabytes of data, including personal information was accessed and stolen was one of the biggest breaches to that date.  It also resulted in huge embarrassment for users of the Ashley Madison website and major reputational damage for Ashley Madison.  Not only did it Read the rest of this entry »

The UK Information Commissioner’s Office (the “ICO”) has its detractors however as a regulator it has been by far more energetic than its Australian equivalent.  The legislative structure is different as is the resourcing.  The UK Data Protection Act provides more scope for enforcement action and the penalties can be swingeing.  That said the approach taken by the ICO in both adopting an educational approach, the carrot, but also high profile and tough regulatory action, monetary penalty notices, highlights a difference with the Office of the Information Commissioner, which has been all about the education and very little about the enforcement. That has had a deleterious effect on privacy and data protection compliance in Australia.

The ICO took action against the Royal Free London NHS Foundation Trust for failing to Read the rest of this entry »

The National Institute of Standards and Technology (“NIST”) has released a draft of is Application Container Security Guide.  While the NIST is an American agency its guides have Read the rest of this entry »

The passport details of Flight Centre customers have been released to third parties who were working with Flight Centre in developing business products.  The extent of the breach, in terms of numbers of passport holders personal information being leaked and what exactly was released to the unauthorised party, has not been disclosed.  That level of opaqueness in notification tends to be typical in Australia but much less so in the United Kingdom and the United States. Curiously the Flight Centre stresses that human error, rather than a systems failure, was the cause of the breach.  As if that makes it better or less serious.  The Privacy Act Read the rest of this entry »