November 2, 2014
July 15, 2014
The current edition of the Economist has a special report on cybersecurity. For those practising in privacy law it should be mandatory reading. It gives a brilliant synopsis (as the Economist can do so well) of the key issues and future developments. For those just interested in cyber security it should also be mandatory reading.
In the series of articles:
Lifelock Wallet, a company whose business is to provide services to protect customers from identity theives, withdraws its app because its is not secure enough. Ouch!
May 20, 2014
Lifelock’s homepage says it all -Protecting Your Identity in an Always-Connected World Comprehensive identity theft protection from LifeLock helps safeguard your finances, credit and good name. In today’s always-connected world, that’s more important than ever. The core of its business is data security.
In a post of 16 May Lifelock’s CEO explained that Lifelock’s mobile app is not secure. Technically, it is not compliant with the payment card industry security standards. The potential for a data breach was too great a threat to tolerate. Accordingly the apps have been withdrawn and data deleted.
It is a salient example of why businesses must take as much care with developing their mobile apps as they do any other aspect of their data security architecture. If anything the care should be greater given the additional potential threats in losing data, such as interception across unsecured wi fis.
In the Australian context a business, particularly a large operation whose core activity is data storage and protection, failing to be compliant with minimum industry standards relating to security would run the risk of breaching APP 11 at minimum.
The post provides
One thing I’ve learned in business and, for that matter, life is the importance of authenticity and transparency.
With that in mind, I want to make you aware of an issue that we identified related to our recently acquired LifeLock Wallet application. We have determined that certain aspects of the mobile app may not be fully compliant with payment card industry (PCI) security standards.
For that reason, we are removing the LifeLock Wallet application from the App Store, Amazon Apps, and Google Play, and when users open the LifeLock Wallet, their information will be deleted Read the rest of this entry »
April 12, 2014
The Washington Post in Can Katherine Heigl really sue Duane Reade for tweeting her photo? Yes, and here’s why reports on Heigl suing Duane Reade for violating her privacy and using her image without her permission.
If Katherine Heigl makes a Duane Reade run and the drug store’s Twitter account proudly tweets a photo of her in the act (in a “celebrities run errands, too, and at our fine establishment!” kind of way), can she sue them for $6 million?
The answer: Yes, she can. And she did. And she has a case.
“Love a quick #DuaneReade run? Even @KatieHeigl can’t resist shopping #NYC‘s favorite drugstore http://bit.ly/1gLHctI ” the Duane Reade account tweeted on March 18 with a link to gossip site Just Jared, which ran a paparazzi photo of Heigl outside the store in New York City carrying two shopping bags.
It makes sense if you Read the rest of this entry »
April 9, 2014
There has been a major alert and scare about a discovered flaw in OpenSSL cryptographic software library which is used by a large number of websites. It is reported in Web security in doubt after discovery of ‘Heartbleed’ flaw and Newly discovered encryption flaw a ‘big deal’, say security experts. It has also been reported in the Drum in somewhat apocalyptic terms in A civilisation built upon software isn’t safe, which provides:
Go onto the web to check your bank balance Read the rest of this entry »
April 8, 2014
The Washington Post reports, in A Facebook page of sneaky photos of women eating on the Tube creeps out London, on a strange Facebook Page which is devoted to surreptitious photographing of women eating on the London Tube and then posting them on Facebook (Women who eat on tubes). As idiotic as the concept is it is a page that has 19,000 followers. The debate about the page revolves around mysogeny and eccentric and harmless fun or even art. One important issue is the privacy of those who have had their photos taken. In UK jurisprudence the Read the rest of this entry »
April 7, 2014
That drone technology has the potential to create problems almost as great as the significant benefits it brings to civilian use has been obvious for almost the outset. In’River of blood’ after drone ‘hits’ Australian athlete the Age reports on a possible collision between a drone and an individual. There are competing versions of events. Whether someone was struck by a drone or not it matters little. The reported incident highlights the increasing use of drones in the public space. Drones purchased from hobby shops are inexpensive and operated by anyone who can stump up the cash. That is all it takes. Putting a camera on a drone Read the rest of this entry »
April 4, 2014
Itnews reports in Experian investigated over data breach on a serious data breach at Experian. The scope of the breach involves access to social security numbers of up to 200 million people. Interestingly the focus of the investigation goes to whether there has been complience with data protection laws. While the law is not directly analogous in Australia the Privacy Commissioner now has significant powers to investigate data breaches. What does not exist yet is mandatory data breach notification laws. Such a law almost passed in 2013.
US law enforcement teams are jointly investigating a serious data breach involing a subsidiary of credit reporting firm Experian that exposed the social security numbers of some 200 million people to potential criminal activity.
The focus of the Read the rest of this entry »
April 3, 2014
I had the pleasure of attending a public lecture hosted by the Castan Centre on Surveillance and the right to privacy in a digital age (see here) by Kenneth Roth, the Executive Director of Human Rights Watch. It was a very useful overview of one of the biggest public policy issues relating to privacy, mass and untargeted surveillance.
Mr Roth has been active in the media in the last week and published an opinion piece in the Fairfax press, Privacy: rationales governments use to claim mass snooping is legal, which is a very interesting overview of the developments in privacy protections since Read the rest of this entry »
March 31, 2014
The Australian Law Reform Commission (the “ALRC”) has released its long awaited discussion paper on Serious Invasions of Privacy in the Digital Era (found here).
Submissions are due by no later than 12 May 2014. That is a very short time frame given the size of the report, over 200 pages, and 47 recommendations.
The media release provides:
The Australian Law Reform Commission (ALRC) today released a Discussion Paper, Serious Invasions of Privacy in the Digital Era (DP 80, 2014). The Terms of Reference for this Inquiry ask the ALRC to consider the detailed legal design of a statutory cause of action and, in addition, other innovative ways the law might prevent or redress serious invasions of privacy.
The ALRC is Read the rest of this entry »