UK Government opts for sensible approach in permitting researchers test anonymisation measures

January 14, 2018

The mantra by regulators that data which is anonymised can be used for research and published has resulted in significant embarrassment when said anonymisation resulted in re identification. It has spawned a busy subset of academic articles on how this happens and generally advising caution, see for example All or Nothing: The False Promise of Anonymity in the Data Science Journal.

 Re identification occurs were there has been insufficient de identification and the methods of re identifying are generally one or both of pseudonym reversal or by combing data sets.

In Australia the Government introduced the Privacy Amendment (Re-identification Offence) Bill 2016.  If enacted it will prohibit the Read the rest of this entry »

NSW Government data security inadequate according to report

December 28, 2017

The Fairfax press in Personal information held by NSW government exposed to cyber crime risk reports that 2/3rds of NSW Government agencies do not comply with their obligations to secure data.

The 82 page report provides insight but the chronic and deep seated flaws in data handling and cyber security practices are all too common.  A lack of training and what limited access to data should mean,  a lack of in depth protections which detect breaches from both outside and within, inadequate legislation with ineffective enforcement and inadequate training which leads to a poor privacy culture are the foundations upon which these problems develop.

It is curious that the report was released on 20 December and only reported on 28 December 2017.  Given the issue is so serious it is almost certain to disappear into the ether over the Christmas break.  Maybe it wasn’t so curious after all.

The New South Wales Audit Office released a press release on Read the rest of this entry »

Merry Christmas and my traditional reprint of Yes, Virginia there is a Santa Claus..

December 25, 2017

I wish all readers, regular, occasional and first timer, a happy and holy Christmas.

Since I was a school kid I was impressed with the Editorial of the New York Sun titled Yes, Virginia there is a Santa Claus.  It was first published on 21 September 1897.

It is a wonderful piece of writing.  Clear, concise and full of warmth without being mawkish. It can read a number of levels, starting with the intended reader, the 8 year old Virginia O’Hanlon.  As prose it makes the current offerings in Australia, and elsewhere, dreary and bloated by comparision.

The story of the author is impressive in and of itself.

It is also proudly optimistic.  A mindset we all should have, no matter how hard it can be.

To write as well as Francis Pharcellus Church, the author, would be a wonderful achievement.

Merry Christmas.

The article provides:

We take pleasure in answering thus prominently the communication below, expressing at the same time our great gratification that its faithful author is numbered among the friends of The Sun:

Dear Editor—

I am 8 years old. Some of my little friends say there is no Santa Claus. Papa says, “If you see it in The Sun, it’s so.” Please tell me the truth, is there a Santa Claus?

Virginia O’Hanlon
115 West Ninety Fifth Street

Virginia, your little friends are wrong. They have been affected by the skepticism of a skeptical age. They do not believe except they see. They think that nothing can be which is not comprehensible by their little minds. All minds, Virginia, whether they be men’s or children’s, are little. In this great universe of ours, man is a mere insect, an ant, in his intellect as compared with the boundless world about him, as measured by the intelligence capable of grasping the whole of truth and knowledge.

Yes, Virginia, there is a Santa Claus. He exists as certainly as love and generosity and devotion exist, and you know that they abound and give to your life its highest beauty and joy. Alas! how dreary would be the world if there were no Santa Claus! It would be as dreary as if there were no Virginias. There would be no childlike faith then, no poetry, no romance to make tolerable this existence.

We should have no enjoyment, except in sense and sight. The external light with which childhood fills the world would be extinguished.

Not believe in Santa Claus! You might as well not believe in fairies. You might get your papa to hire men to watch in all the chimneys on Christmas Eve to catch Santa Claus, but even if you did not see Santa Claus coming down, what would that prove? Nobody sees Santa Claus, but that is no sign that there is no Santa Claus. The most real things in the world are those that neither children nor men can see. Did you ever see fairies dancing on the lawn? Of course not, but that’s no proof that they are not there. Nobody can conceive or imagine all the wonders there are unseen and unseeable in the world.

You tear apart the baby’s rattle and see what makes the noise inside, but there is a veil covering the unseen world which not the strongest man, nor even the united strength of all the strongest men that ever lived could tear apart. Only faith, poetry, love, romance, can push aside that curtain and view and picture the supernal beauty and glory beyond. Is it all real? Ah, Virginia, in all this world there is nothing else real and abiding.

No Santa Claus! Thank God! He lives and lives forever. A thousand years from now, Virginia, nay 10 times 10,000 years from now, he will continue to make glad the heart of childhood.

It has been eulogised regularly since then, such as by the New York Times on the 100th anniversary of the publication.  A nice article but nothing of the simplistic brilliance of the original.

A refreshing and timely story on the Commonwealth bank accused of misleading the Privacy Commissioner and the Privacy Commissioner cops criticism in handling that deception

December 20, 2017

Tonight’s 7.30 program has a story, titled  Commonwealth Bank accused of misleading the Privacy Commissioner about a privacy complaint where the sting is the Commonwealth Bank failing to provide proper disclosure of documents. The determination is Read the rest of this entry »

Cybersecurity risks with the internet of things

Legislatures, and courts, being slow to fill gaps in the law is hardly a news story.  And it is axiomatic that there is legislative inertia in the face of new technologies. The history of road rules for motor vehicles is a classic example.  But the inertia and failure to respond to the threat of cyber attack has been a protracted and sad story of public policy failure.  Hacking, phishing, spoofing and any number of attacking a network has existed as long as the internet has been publicly accessible.  Protecting against that has been ad hoc and generally Read the rest of this entry »

Letters patent issued in Banking Royal Commission

December 19, 2017

The Government has issued the Letters Patent into the Royal Commissioner into misconduct in the Banking, Superannuation and Financial Services Industry.  It will be a frenetic time to meet the timetable set down by the Government, an interim report by 30 September 2018 and a final report by 1 February 2019.  In practical terms that means Read the rest of this entry »

Australian Information Commissioner releases Notifiable Data Breaches resources

December 18, 2017

It is always in the enforcement that regulators are judged.  And how effective legislation is.  In the privacy sphere that is no different.  The Privacy Amendment (Notifiable Data Breaches) Act 2017  commences operation on 22 February 2018.

The Australian Information Commissioner has released the final resources (used to be called guidelines) on the operation of the Act and what is expected of organisations and agencies.  They are set out below.

Resources are one thing it is the culture that is as important.  The excellent article When cultures collide: the debate we’re not having on data privacy highlights Read the rest of this entry »

Federal Court Criminal Proceedings Rules in effect and Federal Court releases forms for lodgment

The Federal Court announced today that forms used in proceedings under the Federal Court criminal Proceedings Rules are now accessible and can be lodged by external users.  The Rules can be found Read the rest of this entry »

Health records re identified in significant data breach

There is significant controversy about whether data can be scrubbed so that it can not be re identified.  What is less controversial is that many organisations put insufficient effort into de identifying data.  The authors of a paper Health Data in an Open World have demonstrated how they have re identified patients in an supposedly de identified open health data set.  The authors, academics at the Shcool of Computing and Information Systems at the University of Melbourne summarised what they did Read the rest of this entry »

Queensland law firms attacked by hackers and lose millions

Law firms have long been a target for hackers.  They hold vast troves of valuable information about clients and significant sums of money in trust.  They generally constitute a soft target because they have a poor understanding of cyber security and what their obligations are under the Privacy Act 1988 and do not Read the rest of this entry »