Privacy Amendment (Notifiable Data Breaches) Bill 2016 introduced into House of Representatives today….first step to mandatory data breach notification in Australia

October 19, 2016

Today the Privacy Amendment (Notifiable Data Breaches) Bill 2016 was introduced and read for the first time.  Mandatory data breach notification laws have Read the rest of this entry »

Victoria police has yet another problem with data security… new breaches familiar pattern of behaviour

October 16, 2016

Misuse of confidential information and regular data breaches has been a longstanding and systemic problem for the Victorian Police Force.  In the past two years I have posted on problems with the misuse of the LEAP database, which contains personal information of Victorians, here and here.  Police documents containing sensitive personal information were found in the possession of outlaw bikie gang members in 2013.

In his 2016 annual report Victorian Commissioner for Privacy and Data Security set out problems in the Victorian Police with data management.  There was a 36% increase in data security breaches over the previous year.  The Commissioner identified Read the rest of this entry »

US Federal Communications Commission announces new privacy rules for ISPs

October 9, 2016

The US Federal Communications Commission made an announcement on 6 October that it will setting down rules applying to internet service providers to protect privacy.  It will also be using its enforcement powers against internet service providers in a similar manner to the Federal Trade Commission.

As part of the announcement it highlighted the Read the rest of this entry »

UK Information Commissioner hits TalkTalk with a record fine for data security failures

The UK Information Commissioner has issued TalkTalk with a £400,000 fine for its failure to provide adequate security which resulted in the catastrophic data breach on TalkTak which occurred in October last year.  The ICO can issue a maximum of £500,000.

The breach resulted in personal data of 156,959 customers and the bank account details of Read the rest of this entry »

Pippa Middleton & anor v Person Unknown or Persons Unknown [2016] EWHC 2354 (QB); injunction, misuse of private information, breach of copyright, Human Rights Act sections 8, 10 and 12

September 29, 2016

Yesterday in Pippa Middleton & anor v Person Unknown or Persons Unknown [2016] EWHC 2354 (QB)  Mrs Justice Whippie continued an injunction made on 24 September 2016 prohibiting the publication of photographs hacked from Pippa Middleton’s iCloud account.  The media reports that Read the rest of this entry »

Furnari v Ziegert [2016] FCA 1080 (2 September 2016): Telecommunications (Interception and Access) Act 1979, private communications, injunctive relief, defamation

September 18, 2016

The Federal Court per Murphy J in Furnari v Ziegert [2016] FCA 1080 considered the unusual application for injunctive relief arising out of a defamation action.  The decision is notable for its consideration of section 7 of the Telecommunications (Interception and Access) Act 1979 (“TIA Act”).


The applicant purchased a pedigree bobtail Doberman pup from the respondents for $3,500 in December 2015. He said that Ms Ziegert represented that the pup could breed, was a natural bobtail, had been checked by a veterinarian, didn’t have Von Willebrand disease and weighed between 9 and 10 kg.  Upon taking delivery of the pub he said it had been sterilised, was diseased, weighed only 4.5 kg, was unhealthy and, as if that wasn’t enough, was not a natural bobtail.  Not surprisingly the applicant alleged misrepresentations by the respondents [7] which is the subject of a proceeding in the Victorian Civil and Administrative Tribunal  [8].

The dispute escalated into a defamation proceeding. His Honour summarised the circumstances  as: Read the rest of this entry »

ACMA release privacy guidelines for broadcasters

September 9, 2016

Today ACMA released its Privacy Guidelines for broadcasters. It is more accurate to state that it has revised its existing guidelines.

The media release provides:

The ACMA’s Privacy guidelines for broadcasters help broadcasters and members of the public better understand the operation of the privacy provisions in the various broadcasting codes of practice. The guidelines provide an overview of how the ACMA assesses complaints by listeners or viewers that allege breaches of the privacy provisions in the codes. Read the rest of this entry »

New South Wales Government respond to Standing Committee 3 March 2016 report on Remedies for the Serious Invasion of Privacy in New South Wales

September 5, 2016

The New South Wales Attorney General has released the Government’s response to the Legislative Council’s report on remedies Remedies for the Serious Invasion of Privacy in New South Wales.

It is a timid and disappointing document.

The overall response relevantly states:

The NSW Government acknowledges the work of the Legislative Council Standing Committee on Law and Justice (LC Committee) in producing its report, Remedies for the serious invasion of privacy in New South Wales, on 3 March 2016 and the particular focus of the inquiry on the non­ consensual sharing of intimate images, commonly referred to as ‘revenge porn’.1 Read the rest of this entry »

Hospital records and data breaches, a continuing problem

Health records are a particularly popular target of hackers who use ransomware to extract quick payment. Hospital records are self evidently critical in patient care.  Hospitals are notorious for their poor data security practices.  That is a function of a culture resistant to implementing modern data security practices, a large number of staff accessing records and emails and generally poor security protocols and even worse Read the rest of this entry »

Aerial surveillance by police raises privacy concerns in Baltimore

September 4, 2016

Technology has no morals or ethics.  It is the operators of the technology who have those.  Or don’t. Commonly enough the law, which restrains or otherwise regulates behaviour, falls far beyond the technology.  That is clear from the operation of airborne surveillance.  While intercepted telephone conversations and bugging of physical locations require a warrant, no such restriction applies to planes, drones and other forms of lighter than air vehicles photographing images and recording conversations.

In The Sneaky Program to Spy on Baltimore From Above the Atlantic reports on a practice undertaken by Baltimore police to record Baltimore residents by means of 4 – 6 cameras fixed to a plane flying overhead.  The images taken were stored for future use. The police force did it without notifying even the City Government because it used a private company with private funding. Wired in How Baltimore Became America’s Laboratory for Spy Tech   covers similar territory but goes so much further in showing how a police department without restraint can use technology to the point of giving dystopia a physical address, Baltimore Maryland.

In another setting it would be a fairly standard Read the rest of this entry »