Privacy breaches in the age of COVID

September 13, 2020

Cicero said “Laws are silent in time of war.”  The modern day equivalent is “laws are selectively ignored in times of pandemic.”  In the area of privacy laws that variation is very apposite.  In this pandemic the Victoria Police have been notably more assertive (read aggressive), paternalistic (read preachy, especially the Falstaffian Luke Cornelius’ intemperate verbal lashing of this or that civilian who attracts his ire) and selective about which laws they follow (as in don’t follow) than their interstate equivalents.  By a large margin and from the outset of the COVID.   The latter point is illustrated by Victoria Police reportedly using mobile surveillance units to remotely monitor citizens for breaches of the COVID laws. 

Putting aside the concerning willingness of Victoria Police officers to adopt such a dystopian method of performing their duties, as they see it.  I would be very interested to see the legal advice which regarded those actions as consistent with the Privacy and Data Protection Act 2014.  It is particularly concerning given the units are being deployed where there have been no complaints to police or even evidence of a breach.  That is just blanket surveillance pure and Read the rest of this entry »

Data breaches in a political party point to poor data protection and governance.

August 20, 2020

One of the many flaws in the Privacy Act 1988 is that political parties are exempt from its coverage. That was not an omission or unintended consequence of the drafting. There was a specific carve out for political parties in section 7C of the Privacy Act.  The provision, titled Political acts and practices are exempt, is comprehensive in exempting political organisations and their sub contractors (sub section 3) and their volunteers (sub section 4).  These provisions were passed with bipartisan support.  It was and remains a major public policy failing.

The lifeblood of political parties is data.  Data allows political parties to refine messages and target voters.  That data comes from constituents contacting their local members, polling, gleaning information from social media and other forms of information collection. Gone are the days when political parties relied on rough quantative surveys and the gut feel of hardened political operatives.  Political parties know focus on blocks and streets, not suburbs and electorates when they are not targeting individual voters.  Most of that data is personal information.

The other store of data that political parties store are membership lists.  Membership lists are nuggets of gold for apparatchiks in their constant quest to work numbers, whether in pre selection fights or competing for positions within the many committees within all political parties. And internal competition can be fierce, much fiercer than between political parties.  Factions spend an enormous amount of time signing up members to electorate branches while rival factions monitor those activities and attempt to derail them whenever possible, as well as signing up their members.   The desire to thwart one’s opponents easily descends into regrettable acts of skullduggery. And that seems to be at the core of the data breach of the Victorian Division of the Liberal Party as reported in Warring Victorian Liberals spring a data leak.

By any measure a data breach involving the access and distribution of the personal details of Liberal Party members without their consent is a very serious matter.  Many members of political parties are quite open about their membership, some are very vocal about it.  But many are not for a range of legitimate reasons, be it causing difficulties in their jobs (such as working in the public service) or personal, not wanting family members to know they are active.  And because of the corrosive nature of inter party fighting it attracts unwanted attention as seems to have occurred with members being called and quizzed on their membership and who paid their membership fees.  Worse, the story reports that details of the list have been provided to journalists.

The response is typically familiar when political parties suffer embarrassing data leaks, call in the police.  It looks and sounds strong and means very little.  The police come in, look around, take a few statements, realise quickly they are part of a pantomine (though they probably knew that before putting on granite faces and walking in with clipboards tucked under an arm) and send their carefully typed report up the chain of command until it gets a nose bleed.  Weeks pass then months go buy and on a Friday afternoon close to Christmas a press release announces the investigation is closed.  And that is probably the right result.  Because the problem is not about criminal activity, it is about poor governance and poor understanding of what is required to properly collect, store and use personal information.  And for better or worse, generally worse, the appropriate party to investigate is the Australian Information Commissioner should investigate, which can’t be done because political parties have been exempted from coverage.  Some of the most data intensive organisations in Australia collecting some of the most sensitive personal information are exempt.  It is a failure of public policy on a staggering scale.

The article Read the rest of this entry »

Lewis (liquidator), in the matter of Concrete Supply Pty Ltd (in liq) [2020] FCA 841 (16 June 2020): s 477(2B) Corporations Act 2001 application, approval for liquidator to retain solicitor who act for creditor of the company in liquidation

July 16, 2020

In Lewis (liquidator), in the matter of Concrete Supply Pty Ltd (in liq) [2020] FCA 841 White considered the relevant principles in considering an application under section 477(2B) of the Corporations Act 2001.


Between August 2009 and November 2017, ABCL had supplied concrete to Concrete Supply [5].

In October 2017, ABCL discovered that it had been underpaid about $12 million by Concrete Supply.  The underpayment was disguised by false entries made by one of its employees.  ABCL sought payment of the shortfall from Concrete Supply. On 14 November 2017, the directors of Concrete Supply resolved that it was, or was likely to become, insolvent and appointed Messrs Cooper and Cantone at Worrells as administrators. On 19 December 2017, the creditors of Concrete Supply resolved that it enter into a Deed of Company Arrangement (” DOCA”) [5].

ABCL opposed the Read the rest of this entry »

Santin v Sfameni [2020] VSC 26 (7 February 2020); application to restrain solicitor, whether solicitor material witness, misuse of confidential information

April 5, 2020

The latest decision at the superior court level in Victoria dealing with restraint application is Santin v Sfameni [2020] VSC 26.  That judgement considers a case in which I appeared for the, unsuccessful, applicant, Pinnacle Living Pty Ltd v Elusive Image Pty Ltd [2006] VSC 202


The dramatis personae are:

  • Emilio Santin (“Emilio”), who died on 2 March 2017 [1].
  • Rosanna Sfameni (“Rosanna”), Emilio’s daughter and executor of his estate [1].
  • Carlo Santin (“Carlo”) and Bruno Santin (“Bruno”), Emilio’s sons and residuary beneficiaries under his last will dated 23 September 2011 [1].
  • Carlo and Bruno are represented by a solicitor, John Whelan (“Whelan”) [3].
  • Whelan acted for Emilio between about September 2015 and January 2017 [3].

Carlo and Bruno commenced proceedings seeking order that Rosanna be removed as executor and trustee of their father’s estate [2].

Rosanna  applied to restrain Whelan from continuing to act for Carlo and Bruno on the bases that:

  • Whelan formerly acted for the deceased; and
  • is likely to be a material witness in relation to contested issues [3].

The loan

Rosanna and her husband, Salvatore (Sam) Sfameni lent Emilio $473,385. They were the mortgagees of a mortgage registered by Rosanna on 29 September 2011 as security for that loan [7].  The loan was used to Read the rest of this entry »

Information Commissioner releases report that 537 notifiable data breaches for the last half of 2019 while worldwide the estimate of data records accessed unlawfully in 2019 reached 12.3 billion!

March 15, 2020

At the end of February the Australian Information Commissioner released the Report of Notifiable Data Breaches for the July – December 2019 period.  There were 537 notifications, up from 460 in the previous 6 months and making 997 for the 2019 calendar year. 

As usual health service providers top the list, with 117 notifications, followed by finance with 77 notifications.  Interestingly though less than 10% of notifications there were 40 notifications from the legal/accountancy and management services.  In terms of numbers of individuals affected 132 notifications, about 20%, affected only one person’s personal information but one breach affected more than 10,000,000. The majority of notifications, 309, affected from 2 to 1,000 individuals while 13 notifications covered between 25,000 – 10,000,000. 

Contact information was Read the rest of this entry »

Merry Christmas and compliments of the Season

December 25, 2019

I wish all my readers, returning or first time occurring, a wonderful Christmas and an enjoyable festive season.  I hope 2020 will bring you joy and prosperity (if that is your aim).

As is my wont, I take the opportunity to repost a wonderful piece of prose, the famous Yes, Virginia, There is a Santa Claus which appeared on the pages of the Sun on 21 September 1897.  I have always admired the crisp prose that could be put to good effect in turning out a moving and sweet article that 9 year old Virginia could understand. It is also a wonderful push back against the cynicism of the time, something we experience today when reading some of the smarmy articles of some hacks in the mainstream press.

The editorial provides:

DEAR EDITOR: I am 8 years old.
Some of my little friends say there is no Santa Claus.
Papa says, ‘If you see it in THE SUN it’s so.’
Please tell me the truth; is there a Santa Claus?


VIRGINIA, your little friends are wrong. They have been affected by the skepticism of a skeptical age. They do not believe except they see. They think that nothing can be which is not comprehensible by their little minds. All minds, Virginia, whether they be men’s or children’s, are little. In this great universe of ours man is a mere insect, an ant, in his intellect, as compared with the boundless world about him, as measured by the intelligence capable of grasping the whole of truth and knowledge.

Yes, VIRGINIA, there is a Santa Claus. He exists as certainly as love and generosity and devotion exist, and you know that they abound and give to your life its highest beauty and joy. Alas! how dreary would be the world if there were no Santa Claus. It would be as dreary as if there were no VIRGINIAS. There would be no childlike faith then, no poetry, no romance to make tolerable this existence. We should have no enjoyment, except in sense and sight. The eternal light with which childhood fills the world would be extinguished.

Not believe in Santa Claus! You might as well not believe in fairies! You might get your papa to hire men to watch in all the chimneys on Christmas Eve to catch Santa Claus, but even if they did not see Santa Claus coming down, what would that prove? Nobody sees Santa Claus, but that is no sign that there is no Santa Claus. The most real things in the world are those that neither children nor men can see. Did you ever see fairies dancing on the lawn? Of course not, but that’s no proof that they are not there. Nobody can conceive or imagine all the wonders there are unseen and unseeable in the world.

You may tear apart the baby’s rattle and see what makes the noise inside, but there is a veil covering the unseen world which not the strongest man, nor even the united strength of all the strongest men that ever lived, could tear apart. Only faith, fancy, poetry, love, romance, can push aside that curtain and view and picture the supernal beauty and glory beyond. Is it all real? Ah, VIRGINIA, in all this world there is nothing else real and abiding.

No Santa Claus! Thank God! he lives, and he lives forever. A thousand years from now, Virginia, nay, ten times ten thousand years from now, he will continue to make glad the heart of childhood.

The New York Times, per Thomas Vinciguerra, wrote a lovely piece about the article on its 100th anniversary with Yes, Virginia, a Thousand Times Yes.

That article in itself is a terrific piece of writing.

Medicare details of former Australian Federal Commissioners for sale on dark web..the consequences of data breaches are ongoing

December 18, 2019

On 4 July 2017 the Guardian reported that Medicare card details were being sold on the dark web. As at July 2017 the vendor had sold details of 75 Medicare card details since the previous October.   In May of this year the Guardian reported that Medicare details were still being offered for sale on the darknet.  That should not have been a great surprise.  The personal information available from Medicare details is very valuable in engaging in identity theft and the ability of law enforcement to identify the thieves is often limited.  Even if an identity is established more often than not, by a wide margin, it is almost impossible to arrest that person because he (it is almost always a he) is domiciled in a country with a shaky legal system or with a government which connives in the fraudulent activity.

The ABC reports in Medicare card details of former Australian Federal Police commissioners available on dark web that the personal information of former Australian Federal Police Commissioners, Keelty, Negus and Colman contained in their Medicare details have been sold on the darknet. The fact that the former Commissioners personal information is being sold is no more egregious that the personal information of other individuals.  It is an interesting angle for the story. The key takeaway from the story is Read the rest of this entry »

Reception to Government response to Digital Platforms enquiry is decidedly mixed

December 17, 2019

It was not coincidental that the Government chose a Thursday less than a fortnight before Christmas to release its response to the ACCC’s Digital Platforms Report (my post about the Response is found here).  It does not appear as cynical as releasing it this week when the country is either frantically trying to extract an extra hour in the day to clear the desk to leave for Christmas with a clear(ish) or enjoying Christmas drinks/lunches/what have you’s. So last Thursday was a good day and a great week to release an at best cautious and limited response which could easily be interpreted through more pessimistic lenses to a very thorough and robust report by a highly regarded regulator.  There is a high level of distraction in the press and any negative stories will have a limited run as the lead up to Christmas will stop them gathering steam.

Notwithstanding the distractions the Response has elicited comment.  The media response has been decidedly mixed and generally sceptical with the Oz, with Digital inquiry: Wriggle room in regulating Big Tech, claiming that the response left a weak and insipid outcome for regulation of social media as a distinct prospect.  Given the Australian’s general distrust of regulation it has come out very strongly in favour of real and effective regulation of Google and Facebook (see Google and Facebook can’t be trusted to do right thing).  Hence the disappointment in its reporting, such  on ACCC digital platforms response: government delay as tech giants move on while Chris Merritt in the Oz is positively apoplectic about Read the rest of this entry »

Model Defamation Bill released for consultation

December 2, 2019

The Defamation Act 2005 was due for a review in 2010.  Five years late the Council of Attorney Generals released, late last week a Model Defamation amendment.  The consolidated Act, if the amendments are implemented, are found here.  The New South Wales Attorney General has taken the lead in drafting the Bill.  That is not surprising given Read the rest of this entry »

Call to reform Privacy Act because of data haul by Google and others

November 11, 2019

Even after writing about privacy for a decade and more, it still never ceases to amaze me that media write in breathless tones about the problem with organisations using and misusing data and personal information as if it was some form of revelation.  The only thing that has changed has been the great efficiency in the misuse.  The latest offering is the Australian’s piece Giants’ data haul sparks call to reform privacy act which is a bit of a spruik dressed up as an article for a conference to be hosted by the Consumer Policy Research Centre on 19 November 2019.

The chief executive is calling for “urgent reform of the Privacy Act” to better protect consumers.  She also wants a Consumer Data Right.  The call to reform the Privacy Act is misconceived.  There is no point increasing the powers of Read the rest of this entry »