December 19, 2014
As recently noted by Peter Timmons excellent blog Open and Shut the most recent Sydney Law Review has an excellent article titled Enhancing Press Freedom through Greater Privacy Law: A UK Perspective on an Australian Privacy Tort which considers an actionable privacy right in the context of the need for freedom of expression. It also Read the rest of this entry »
The Australian Privacy Commissioner, with Privacy tips for the festive season, and the UK Information Commissioner’s office, with Is protecting data on your Christmas list?, have issued posts/statements on the need to maintain proper data security. As far as they go they are reasonable and easily understood suggestions. Given the Read the rest of this entry »
In Delta site flaw lets passengers access others’ boarding passes Itnews reports on a significant weakness in Delta’s website which enabled passengers to access the boarding passes of others. Clearly this is a significant privacy violation. While the vulnerability was fixed it is indicative of problems with organisations failing to review their web site interface to check for vulnerability.
Read the rest of this entry »
December 17, 2014
Under the Privacy Act there is an obligation to provide adequate data security, at Australian Privacy Principle 11. The Privacy Commissioner’s guidelines attempt to set out what is expected of entities. Those guidelines are drafted in the broad and suffer from being very generalised. Absent determinations, enforceable undertakings it is difficult to determine what the benchmarks are. Clearly industry standards are relevant. As posted previously (found here) the New York Department of Financial Services has issued a detailed letter regarding what is expected in the event of an IT/cybersecurity examination. It is an area where the United States Regulators are, albeit in a piecemeal and sectoral manner, taking more detailed an pro active steps than Read the rest of this entry »
Australia lacks a mandatory data breach notification legislation in relation to breaches under the Privacy Act. By comparison, most American States have such legislation and there is a serious effort to introduce it at a Federal level if for no other reason than to impose some uniformity on notifcation requirements. It is good public policy to have such legislation. Individuals are entitled to know if their personal information has been compromised.
With a lack of mandatory reporting there is a lack of Read the rest of this entry »
The Sony releases a data breach notification letter as the ramifactions of the hack continues to wreak havoc
December 16, 2014
Itnews reports in Google faces fine for web privacy violations that the Dutch Data Protection Authority is looking closely at Google’s practice of using private information to customise ads. The focus of the DPA’s concern is the lack of transparency and consent. This form of behaviour would not be a constraint in the US. Read the rest of this entry »
December 15, 2014
There has been no consideration of Australian Privacy Principle (“APP”) 11 by the Privacy Commissioner through determination, enforceable undertaking or civil penalty proceeding. The APP guidelines are drafted in general terms. The guidelines on enforcement actions are in draft form and part way through the consultation process. The nature and extent of actual implementation of measures to comply with APP 11 is a matter of some conjecture, often depending upon which expert has the microphone. What is clear is that the risk of breaches is real as set out in a report prepared by Trustwave titled The State of Risk 2014.
Some of the sobering findings are Read the rest of this entry »
December 12, 2014
The Hong Kong Privacy Commissioner has announced that Read the rest of this entry »