Report that Australian government releases sensitive health information to the police without warrants

January 29, 2020

It has long been known that the legislation in place to regulate the collection, use and protection of personal information is both porous, with many exceptions, and incomplete, not covering all organisations that collect personal information.

Even with these chronic problems with privacy legislation, the Medical Republic has discovered and reported on a government practice of releasing medical records to police without the need for a warrant or court order.  The process is entirely administrative, without any right of review by the person whose data is being provided to police.  The Guardian has also reported on the issue in Australian government secretly releasing sensitive medical records to police.

I provided comment on this little known scheme, amongst other privacy experts.

This process covering medical records held under the medical benefits and pharmaceutical benefits scheme completely undermines the protections that are supposed to reside in the Privacy Act. It is anachronous that Read the rest of this entry »

California now has comprehensive consumer privacy protection… well at least compared to the rest of the United States. Will it result in changes to Federal Privacy laws?

January 3, 2020

California’s much touted, and feared in some quarters, privacy law is now 2 days old and the West Coast of the USA has not slid into the sea. The Attorney General of California has set out the operation of the California Consumer Protection Act (CCPA) here with a short fact sheet.

It is common practice in the United States for significant law reform to emanate from the States and then for the Federal Government to legislate to cover the field and generally supersede those state laws.  That is particularly the case where the law applies to commerce that crosses state boundaries, clearly a federal law.  Often times that is done to establish uniformity and avoid duplication and efficiency.  Also states tend to be incubators for public policy experimentation.  Successful policies tend to get picked up and adopted federally.  That happened with welfare reform in the 1990s.  That occasionally occurred in Australia however the States are rarely so ambitious these days and are content to have the Commonwealth organise uniformity through the COAG process, amongst other fora.  The problem is that the genius of experimenting with new concepts has been suppressed for the sake of sameness.  In the area of privacy that has resulted in a dismal Federal Act and Read the rest of this entry »

New Years Honours data breach, recipients announced…along with their addresses.

December 30, 2019

The UK practice of announcing the New Years Honours recipients in the period between Christmas and New Years has turned into a disaster this year.  There was no controversy as to who the 1,097 recipients were.  It was just that both the recicpients’ names and addresses were published online.  The addresses included those of senior police officers and celebrities who may enjoy some limelight but are usually wary of divulging where they live.

This is a serious data breach pure and simple.  It happens with depressing frequency and is almost invariably caused by human error.  In my experience it often involves a distracted, poorly trained or overworked (or all three) staff member in the Cabinet Office attaching a PDF to a media release or engaging in a very sloppy cut and paste and sending without reviewing.  This “drag and drop” practice of Read the rest of this entry »

Merry Christmas and compliments of the Season

December 25, 2019

I wish all my readers, returning or first time occurring, a wonderful Christmas and an enjoyable festive season.  I hope 2020 will bring you joy and prosperity (if that is your aim).

As is my wont, I take the opportunity to repost a wonderful piece of prose, the famous Yes, Virginia, There is a Santa Claus which appeared on the pages of the Sun on 21 September 1897.  I have always admired the crisp prose that could be put to good effect in turning out a moving and sweet article that 9 year old Virginia could understand. It is also a wonderful push back against the cynicism of the time, something we experience today when reading some of the smarmy articles of some hacks in the mainstream press.

The editorial provides:

DEAR EDITOR: I am 8 years old.
Some of my little friends say there is no Santa Claus.
Papa says, ‘If you see it in THE SUN it’s so.’
Please tell me the truth; is there a Santa Claus?


VIRGINIA, your little friends are wrong. They have been affected by the skepticism of a skeptical age. They do not believe except they see. They think that nothing can be which is not comprehensible by their little minds. All minds, Virginia, whether they be men’s or children’s, are little. In this great universe of ours man is a mere insect, an ant, in his intellect, as compared with the boundless world about him, as measured by the intelligence capable of grasping the whole of truth and knowledge.

Yes, VIRGINIA, there is a Santa Claus. He exists as certainly as love and generosity and devotion exist, and you know that they abound and give to your life its highest beauty and joy. Alas! how dreary would be the world if there were no Santa Claus. It would be as dreary as if there were no VIRGINIAS. There would be no childlike faith then, no poetry, no romance to make tolerable this existence. We should have no enjoyment, except in sense and sight. The eternal light with which childhood fills the world would be extinguished.

Not believe in Santa Claus! You might as well not believe in fairies! You might get your papa to hire men to watch in all the chimneys on Christmas Eve to catch Santa Claus, but even if they did not see Santa Claus coming down, what would that prove? Nobody sees Santa Claus, but that is no sign that there is no Santa Claus. The most real things in the world are those that neither children nor men can see. Did you ever see fairies dancing on the lawn? Of course not, but that’s no proof that they are not there. Nobody can conceive or imagine all the wonders there are unseen and unseeable in the world.

You may tear apart the baby’s rattle and see what makes the noise inside, but there is a veil covering the unseen world which not the strongest man, nor even the united strength of all the strongest men that ever lived, could tear apart. Only faith, fancy, poetry, love, romance, can push aside that curtain and view and picture the supernal beauty and glory beyond. Is it all real? Ah, VIRGINIA, in all this world there is nothing else real and abiding.

No Santa Claus! Thank God! he lives, and he lives forever. A thousand years from now, Virginia, nay, ten times ten thousand years from now, he will continue to make glad the heart of childhood.

The New York Times, per Thomas Vinciguerra, wrote a lovely piece about the article on its 100th anniversary with Yes, Virginia, a Thousand Times Yes.

That article in itself is a terrific piece of writing.

Data breach of personal information of NSW Ambulance officers results in class action and settlement of $275,000

The data breach of personal information relating to New South Wales Ambulance officers in 2016 has had its conclusion in the resolution of a class action in the New South Wales Supreme Court earlier this month.  One hundred and six officers will receive a total of $275,000. The breach was egregious, being the workers compensation files of a officers including psychiatric assessments.   It was originally reported in the Sydney Morning Herald in November 2017 in Paramedics launch class action over the sale of their medical records to personal injury solicitors.

It is notable for being the first privacy class action which has been resolved. It highlights the need for employers to be rigorous in controlling access and use of personal information they collect, particularly sensitive information.

The success of the class also highlights what has always been known, there is scope to take action for interferences with privacy.  Notwithstanding Read the rest of this entry »

Medicare details of former Australian Federal Commissioners for sale on dark web..the consequences of data breaches are ongoing

December 18, 2019

On 4 July 2017 the Guardian reported that Medicare card details were being sold on the dark web. As at July 2017 the vendor had sold details of 75 Medicare card details since the previous October.   In May of this year the Guardian reported that Medicare details were still being offered for sale on the darknet.  That should not have been a great surprise.  The personal information available from Medicare details is very valuable in engaging in identity theft and the ability of law enforcement to identify the thieves is often limited.  Even if an identity is established more often than not, by a wide margin, it is almost impossible to arrest that person because he (it is almost always a he) is domiciled in a country with a shaky legal system or with a government which connives in the fraudulent activity.

The ABC reports in Medicare card details of former Australian Federal Police commissioners available on dark web that the personal information of former Australian Federal Police Commissioners, Keelty, Negus and Colman contained in their Medicare details have been sold on the darknet. The fact that the former Commissioners personal information is being sold is no more egregious that the personal information of other individuals.  It is an interesting angle for the story. The key takeaway from the story is Read the rest of this entry »

Reception to Government response to Digital Platforms enquiry is decidedly mixed

December 17, 2019

It was not coincidental that the Government chose a Thursday less than a fortnight before Christmas to release its response to the ACCC’s Digital Platforms Report (my post about the Response is found here).  It does not appear as cynical as releasing it this week when the country is either frantically trying to extract an extra hour in the day to clear the desk to leave for Christmas with a clear(ish) or enjoying Christmas drinks/lunches/what have you’s. So last Thursday was a good day and a great week to release an at best cautious and limited response which could easily be interpreted through more pessimistic lenses to a very thorough and robust report by a highly regarded regulator.  There is a high level of distraction in the press and any negative stories will have a limited run as the lead up to Christmas will stop them gathering steam.

Notwithstanding the distractions the Response has elicited comment.  The media response has been decidedly mixed and generally sceptical with the Oz, with Digital inquiry: Wriggle room in regulating Big Tech, claiming that the response left a weak and insipid outcome for regulation of social media as a distinct prospect.  Given the Australian’s general distrust of regulation it has come out very strongly in favour of real and effective regulation of Google and Facebook (see Google and Facebook can’t be trusted to do right thing).  Hence the disappointment in its reporting, such  on ACCC digital platforms response: government delay as tech giants move on while Chris Merritt in the Oz is positively apoplectic about Read the rest of this entry »

Government’s response to Digital Platform Inquiry brings a direct right of action for an interference with privacy one step closer but puts off yet again a statutory tort for interference with privacy to another review

December 12, 2019

Today the Federal Government released its response to a the ACCC Digital Platforms Inquiry.

In relation to the recommendations relating to improving privacy protections it has been cautiously supportive, with emphasis on caution.  The positive outcome is that it supports giving individuals a direct right of action in court for interferences with privacy.

The overall response relevantly states Read the rest of this entry »

The ACT is having an annus horribilis on cyber security

December 2, 2019

The Australian National University announced earlier this year that it had been the victim of a cyber attack, for the second time in a year. Now there is an announcement that in 2018 there were two successful cyber attacks. The first breach involved the access to the ACT Government Directory on 23 November by a brute force attack.

Read the rest of this entry »

Model Defamation Bill released for consultation

The Defamation Act 2005 was due for a review in 2010.  Five years late the Council of Attorney Generals released, late last week a Model Defamation amendment.  The consolidated Act, if the amendments are implemented, are found here.  The New South Wales Attorney General has taken the lead in drafting the Bill.  That is not surprising given Read the rest of this entry »