Merry Christmas and compliments of the Season

December 25, 2019

I wish all my readers, returning or first time occurring, a wonderful Christmas and an enjoyable festive season.  I hope 2020 will bring you joy and prosperity (if that is your aim).

As is my wont, I take the opportunity to repost a wonderful piece of prose, the famous Yes, Virginia, There is a Santa Claus which appeared on the pages of the Sun on 21 September 1897.  I have always admired the crisp prose that could be put to good effect in turning out a moving and sweet article that 9 year old Virginia could understand. It is also a wonderful push back against the cynicism of the time, something we experience today when reading some of the smarmy articles of some hacks in the mainstream press.

The editorial provides:

DEAR EDITOR: I am 8 years old.
Some of my little friends say there is no Santa Claus.
Papa says, ‘If you see it in THE SUN it’s so.’
Please tell me the truth; is there a Santa Claus?

VIRGINIA O’HANLON.
115 WEST NINETY-FIFTH STREET.

VIRGINIA, your little friends are wrong. They have been affected by the skepticism of a skeptical age. They do not believe except they see. They think that nothing can be which is not comprehensible by their little minds. All minds, Virginia, whether they be men’s or children’s, are little. In this great universe of ours man is a mere insect, an ant, in his intellect, as compared with the boundless world about him, as measured by the intelligence capable of grasping the whole of truth and knowledge.

Yes, VIRGINIA, there is a Santa Claus. He exists as certainly as love and generosity and devotion exist, and you know that they abound and give to your life its highest beauty and joy. Alas! how dreary would be the world if there were no Santa Claus. It would be as dreary as if there were no VIRGINIAS. There would be no childlike faith then, no poetry, no romance to make tolerable this existence. We should have no enjoyment, except in sense and sight. The eternal light with which childhood fills the world would be extinguished.

Not believe in Santa Claus! You might as well not believe in fairies! You might get your papa to hire men to watch in all the chimneys on Christmas Eve to catch Santa Claus, but even if they did not see Santa Claus coming down, what would that prove? Nobody sees Santa Claus, but that is no sign that there is no Santa Claus. The most real things in the world are those that neither children nor men can see. Did you ever see fairies dancing on the lawn? Of course not, but that’s no proof that they are not there. Nobody can conceive or imagine all the wonders there are unseen and unseeable in the world.

You may tear apart the baby’s rattle and see what makes the noise inside, but there is a veil covering the unseen world which not the strongest man, nor even the united strength of all the strongest men that ever lived, could tear apart. Only faith, fancy, poetry, love, romance, can push aside that curtain and view and picture the supernal beauty and glory beyond. Is it all real? Ah, VIRGINIA, in all this world there is nothing else real and abiding.

No Santa Claus! Thank God! he lives, and he lives forever. A thousand years from now, Virginia, nay, ten times ten thousand years from now, he will continue to make glad the heart of childhood.

The New York Times, per Thomas Vinciguerra, wrote a lovely piece about the article on its 100th anniversary with Yes, Virginia, a Thousand Times Yes.

That article in itself is a terrific piece of writing.

Medicare details of former Australian Federal Commissioners for sale on dark web..the consequences of data breaches are ongoing

December 18, 2019

On 4 July 2017 the Guardian reported that Medicare card details were being sold on the dark web. As at July 2017 the vendor had sold details of 75 Medicare card details since the previous October.   In May of this year the Guardian reported that Medicare details were still being offered for sale on the darknet.  That should not have been a great surprise.  The personal information available from Medicare details is very valuable in engaging in identity theft and the ability of law enforcement to identify the thieves is often limited.  Even if an identity is established more often than not, by a wide margin, it is almost impossible to arrest that person because he (it is almost always a he) is domiciled in a country with a shaky legal system or with a government which connives in the fraudulent activity.

The ABC reports in Medicare card details of former Australian Federal Police commissioners available on dark web that the personal information of former Australian Federal Police Commissioners, Keelty, Negus and Colman contained in their Medicare details have been sold on the darknet. The fact that the former Commissioners personal information is being sold is no more egregious that the personal information of other individuals.  It is an interesting angle for the story. The key takeaway from the story is Read the rest of this entry »

Reception to Government response to Digital Platforms enquiry is decidedly mixed

December 17, 2019

It was not coincidental that the Government chose a Thursday less than a fortnight before Christmas to release its response to the ACCC’s Digital Platforms Report (my post about the Response is found here).  It does not appear as cynical as releasing it this week when the country is either frantically trying to extract an extra hour in the day to clear the desk to leave for Christmas with a clear(ish) or enjoying Christmas drinks/lunches/what have you’s. So last Thursday was a good day and a great week to release an at best cautious and limited response which could easily be interpreted through more pessimistic lenses to a very thorough and robust report by a highly regarded regulator.  There is a high level of distraction in the press and any negative stories will have a limited run as the lead up to Christmas will stop them gathering steam.

Notwithstanding the distractions the Response has elicited comment.  The media response has been decidedly mixed and generally sceptical with the Oz, with Digital inquiry: Wriggle room in regulating Big Tech, claiming that the response left a weak and insipid outcome for regulation of social media as a distinct prospect.  Given the Australian’s general distrust of regulation it has come out very strongly in favour of real and effective regulation of Google and Facebook (see Google and Facebook can’t be trusted to do right thing).  Hence the disappointment in its reporting, such  on ACCC digital platforms response: government delay as tech giants move on while Chris Merritt in the Oz is positively apoplectic about Read the rest of this entry »

Model Defamation Bill released for consultation

December 2, 2019

The Defamation Act 2005 was due for a review in 2010.  Five years late the Council of Attorney Generals released, late last week a Model Defamation amendment.  The consolidated Act, if the amendments are implemented, are found here.  The New South Wales Attorney General has taken the lead in drafting the Bill.  That is not surprising given Read the rest of this entry »

Call to reform Privacy Act because of data haul by Google and others

November 11, 2019

Even after writing about privacy for a decade and more, it still never ceases to amaze me that media write in breathless tones about the problem with organisations using and misusing data and personal information as if it was some form of revelation.  The only thing that has changed has been the great efficiency in the misuse.  The latest offering is the Australian’s piece Giants’ data haul sparks call to reform privacy act which is a bit of a spruik dressed up as an article for a conference to be hosted by the Consumer Policy Research Centre on 19 November 2019.

The chief executive is calling for “urgent reform of the Privacy Act” to better protect consumers.  She also wants a Consumer Data Right.  The call to reform the Privacy Act is misconceived.  There is no point increasing the powers of Read the rest of this entry »

The Australian Information Commissioner releases a Guide to health privacy

October 12, 2019

The Australian Information Commissioner has recently released a Guide to Health Privacy.  At over 50 pages it is quite comprehensive.  It is less equivocal than previous guides published by the Information Commissioner.  That is not to say it does not descend into vague generality more than it should. The Commissioner’s guidelines have no force of law under the Privacy Act 1988.  That obvious fact has been stated by the Administrative Appeals Tribunal and the Federal Court.  As they are not regulations their use as a legal document is relatively limited.  They do however serve as a standard which the Information Commissioner expects agencies and organisations to follow in order to comply with the Privacy Act.

While some of the Commissioner’s previous and current guidelines are so vague, rubbery and equivocal as to be of little use that is not really the key regulatory issue.  The problem has always been the reluctance by the regulator in taking enforcement action.  That has been a 30 year problem. The powers available to the Commissioner have grown over the years.  That has not been matched by Read the rest of this entry »

Victorian Information Commissioner finds that Public Transport Victoria has breached the privacy of myki users. A cause of action?

August 15, 2019

In a brilliant piece of analysis Dr Chris Culnane, Associate Professor Benjamin Rubinstein and Associate Professor Vanessa Teague of the University of Melbourne have demonstrated in their paper released today titled Stop the Open Data Bus, We Want to Get Off that de identification of unit record level data does not work without substantially altering the data to the point where its value is reduced.  The analysis was based on the data released by the Victorian Government in to a data science competition.  The authors have demonstrated that a combination of only needing a small number of points of information to make an individual unique and poor quality anonymisation and security techniques makes it quite easy to reidentify individuals. 

In the case of the myki data the authors found that “little to no de identification took place on the bulk of the data.”  They found it was a straightforward task to re identify two of the co authors cards.  They also established that is possible to identify a stranger from public information about their travel patterns, for example twitter to name just one source.  They identified Read the rest of this entry »

The Western Australian Government announces that it will start the process to implement privacy legislation in that state

August 12, 2019

Western Australia and South Australia have been outliers in not having any statutory framework for the protection of personal information. That is likely to change, a little, with the Western Australian Government through its Attorney General releasing a discussion paper titled Privacy and Responsible Information Sharing for the Western Australian public sector

As the name suggests whatever structure is implemented will only apply to personal information collected, used and stored by the Government and its agencies, statutory authorities and other instrumentalities. Even though it is a discussion paper the Government is clearly envisaging following the legislative structure adopted in New South Wales, Victoria and Queensland. Each of those jurisdictions has a privacy and data protection act and has established Read the rest of this entry »

A significant data breach of medical histories at Neoclinical, an example of how not to respond to a data breach meanwhile the ACCC commences action against HealthEngine for selling its customers data. Big problems with data security in the health sector, no news there…

August 8, 2019

Paradoxically the one type of data that is regarded as most sensitive, health information, is often the most poorly protected.  The privacy protection culture is poor and insufficient resources are put into protecting personal information and staff training is often times rudimentary.  There is a constant stream of breaches reported including in the last fortnight thousands of pharmaceutical records leaked in the US, a data breach in Presbyterian Healthcare Services in Alberquerque resulted in unauthorised access to 183,000 patients, the all too regular instance of medical records in paper form being left on the street, this time in London Canada and a health Centre in Kentucky paying $70,000 ransom to unlock medical records of 20,000 patients. There are clear challenges in securing personal information in health centres and hospitals with many individuals having access to data at many terminals however the challenges are surmountable.  Most data breaches are a result of poor practices and insufficient time, money and effort going into setting up proper hardware and software, establishing proper processes and training and then more training.

The Nine/Fairfax press reports on a major data breach at Neoclinical, a company which matches individuals with active clinical trials.  The data is sensitive by definition but it is even more concerning given the data that Neoclinical heald was users responses to questions qualifying them for clinical trials.  Those sort of questions go to medical diagnoses illicit drug use and treatments received.  The breach involved its 37,170 users.  The breach was detected by UpGuard which sent an email to Neoclinical.  Neoclinical did not notify the Information Commissioner about the breach when notified or even shortly after.  It did nothing until Read the rest of this entry »

Australian Competition & Consumer Commission releases the Digital Platforms Inquiry – calls for more privacy protections amongst many other recommendations

July 30, 2019

Last Friday, 26 July 2019, the Australian Competition & Consumer Commission released its long anticipated and comprehensive final report.  At 623 pages it is something of a tome, not surprisingly given the broad and comprehensive recommendations it makes. The executive summary is found here.

The scope of the recommendations cover issues of competition and protecting diversity in the media, issues of critical importance but beyond the usual coverage of this publication.

Relevantly, for this site, is the recommendations for more privacy protections. That includes Read the rest of this entry »