January 12, 2014
The current edition of the New York Review of Books has a detailed and very readable article, How Your Data Are Being Deeply Mined, on data mining by business and the growing business of database marketing. The clear privacy concerns Read the rest of this entry »
In a fascinating, if somewhat technical for the non technical, post IOActive Labs Research very recently undertook an analyis on personal banking apps. The post is titled Personal banking apps leak info through phone and is found here. The research involved testing 40 home banking apps from the top 60 most influential banks in the world. The study involved banks in the Australian jurisdiction.
Some of the salient conclusions are:
40% of the audited apps did not validate the authenticity of SSL certificates presented. This makes them susceptible to Read the rest of this entry »
The International Consumer Electronics Show (“CES”) again delivers a story of technology having huge privacy implications. In Want to find a great deal? It’s looking for you, too the Washington Post reports on technology used by department stores to not only to use a person’s smartphone to track his/her movements but use other data from in it to sell.
The article provides:
Salvador Alejo was a man on a mission. Walking the floor at the Consumer Electronics Show in Las Vegas, he used his phone and the event’s app to find nine spots that would earn him the digital badges he needed to finish a high-tech scavenger hunt.
But in this case, the scavenger hunt was looking for him, too.
The International Consumer Electronics Show (“CES”) held in Nevada every January, generates plenty of media interest as new gizmos and gadgets are unveiled for the first time. Some go on to be world beaters while others sink without trace. Privacy concerns are also a regular fixture of the product launches. And this year is no different. The Washington Post in As automakers tap smartphone technology, concerns grow about use of drivers’ data highlights the privacy risks Read the rest of this entry »
January 10, 2014
In his excellent Open and Shut blog of 7 Januuary 2014, titled Appointing a privacy commissioner low priority for most states, Peter Timmins sets out in detail the lamentable situation of state governments not appointing or making permanent the privacy commissioners in Queensland and Victoria and the lack of regulatory oversight in South Australia, West Australia and Tasmania.
But it seems that governmental lethargy is not an Australian problem only. On 7 January 2014 Peter Hustinx Read the rest of this entry »
January 9, 2014
The UK Government has updated its guidelines on identity proofing and verification. The guidelines have been jointly issued by the Cabinet Office and the UK’s National Technical Authority on Information Assurance. It is found here. The government previously issued a consultation paper on draft identity assurance principles (found here)
There are four levels of assurance that organisations can have about an individuals’ identity with details of the evidence and checks required in order to claim compliance with each level.
The standards range from requiring a basic level of verification and validation of documents to the need to obtain and verifyidentifying documentation including biometric passports and bank statements. It is relevant that the principles require ID assurance service providers to only process “the minimum data that is necessary” to meet the needs of individual service users. In addition, ID assurance providers would have to provide individuals with a right to access their personal data for free and transmit the data to another provider “in a standard electronic format, free of charge and without impediment or delay” upon the request of a user.
The UK Information Commissioner’s office has issued recommendations on the use of bring your own devices (“BYOD”). Poor practices regarding BYODs have caused significant privacy breaches. The Information Commissioner has taken action against government and private organisations in the last 12 months. The recommendations are found here.
The recommendations and media release provides:
A survey before Christmas showed that sixty per cent of the UK population now own a smart phone and 20% a tablet. This is no doubt even higher as smart phones and tablets topped many people’s Christmas gift lists, and an increasing number want to use their personal devices at work.
Known as ‘bring your own device’ this trend has Read the rest of this entry »
January 8, 2014
On 5 December 2013 the Age ran a piece titled Are you prepared for the March 2014 Privacy Act changes? It is a piece, with helpful links to business.gov.au and the Privacy Commissioner’s site, that sets out directly and pithily the key issues that every organisation and agency needs to address now rather than in March 2014.
The Age reports in Schoolboy hacks Public Transport Victoria website how a 16 year old, Joshua Rogers, hacked into the Public Transport Victoria (“PTV”) website. The article notes that after Joshua notified the PTV of the security flaws it kindly notified the police and the Privacy Commissioner. The reasons were not provided. It will be interesting to see how both guardians, one of law and order and the other of privacy, will respond to the challenge. Given PTV’s database contains vast amounts of personal information, including credit card details,the reported inadequacy of its on line security is a major concern. Hopefully the Privacy Commissioner will take a robust approach when investigating this alleged failing. It would be fascinating to see what the results of a Privacy Impact Assessment by the PTV will reveal. Of course that won’t be made public. Assuming it happens.
The article provides:
Personal information Read the rest of this entry »
January 6, 2014
Evernote is app royalty. A huge following and a very practical app. I have Evernote. But, as I have posted earlier, apps are prone to privacy breaches. App developers and managers commonly fail to develop privacy protections, protocols and means of handling personal information. The BBC in Evernote to focus on fixing bugs after complaints highlights how even the established and well regarded apps fall down in the privacy department. The constant challenge Read the rest of this entry »