US Securities and Exchange Commission suffers data breach through a hack attack

September 22, 2017

It doesn’t get much more embarrassing than this.  The US Securities and Exchange Commission (“the SEC”), that branch of the US Government charged with regulating the financial sector and taking action against those who breach the rules has been hacked.  Not last week, or last month, but last year.  This is the body that puts the cuffs on insiders and puts them through a perp walk to court.  Here the breach likely resulted in “illicit gain through trading.”  Insider trading of a different specie.

The source of the breach was Read the rest of this entry »

The US National Institute of Standards and Technology publishes reports titled Enhancing Resilience of the Internet and Communications Ecosystem & Cybersecurity Framework Manufacturing Profile and draft publication titled Trustworthy Email

September 20, 2017

The National Institute of Standards and Technology (“NIST”) produces very useful, if somewhat technical, reports, on cyber security.  They are invaluable resources for those interested in the technical side of data security and privacy.  NIST yesterday published two very useful reports:

  1. NISTIR 8192, Enhancing Resilience of the Internet and Communications Ecosystem, and
  2. NISTIR 8183, Cybersecurity Framework Manufacturing Profile

The NIST has also published for comment a publication on Trustworthy Email.  Very topical and highly useful.  At 120 pages it is not a breezy read.

UK Data Protection Bill introduced in the UK Parliament

September 17, 2017

The Data Protection Bill was  last week introduced into the United Kingdom parliament.    Notwithstanding Brexit the primary purpose of the bill is to Read the rest of this entry »

Canadian Health employee sacked for looking into health records of patients, including family member

September 12, 2017

The Office of the Saskatchewan Information and Privacy Commissioner has prepared a report into the activities of an employee of Prince Albert Parkland Regional Health Authority who accessed the medical records of 14 people including several members of her own family.  While there was a data breach it is relevant to note that Read the rest of this entry »

Facial recognition technology and privacy issues

Alibaba, one of the world’s largest on line service providers, has installed facial recognition as a means of making payments on machines owned by one of its affiliates Ant Financial.  Smile to pay is the catchy description. Not to be outdone Apple is expected to use facial recognition to unlock the homescreen on its new phones.

Facial recognition technology has gone from clunky and a hit and miss affair to  something approaching effective operability.  That said there are significant in built problems, such as a bias against people who are not white.  Most of the database and the AI learning is comprised of white faces.

The dystopian elements to facial recognition systems, beyond the long predicted threat of living in a virtual and real panopticon, is the Read the rest of this entry »

US Federal Trade Commission settles with Lenovo on charges that it preinstalled software that compromised online security and the privacy of users

September 6, 2017

The Federal Trade Commission announced a settlement between it, 32 State Attorneys General and Lenovo relating to a complaint that it harmed consumers privacy and compromised data security with preloaded man in the middle software onto some of its laptops.  The software, described as VisualDiscovery, delivered ads to the lap top owners but in doing so compromised security protections.

This is a huge settlement which deals with Read the rest of this entry »

Duchess of Cambridge awarded 100,000 euros in French Court for breach of privacy case against Closer magazine

In 2012 a paparazzi used a zoom lens to take photographs of a relaxing, topless, Duchess of Cambridge while she was sunbathing on a terrace inside a private property during a holiday in France.  The resulting photographs were hawked around the various publications.  British papers turned down the offer but the French magazine Closer did not. It published the shots and the Duchess, with her husband, filed a criminal complaint for invasion of privacy and successfully obtained an injunction against the further use of the photographs. The Duchess also commenced civil action alleging an invasion of privacy.

Overnight the Duchess of Cambridge was successful with a French court ordering  Closer to pay €100,000 and Read the rest of this entry »

UK Information Commissioners office fines Nottinghamshire Council 70,000 pounds for leaving vulnerable peoples personal information on line for 5 years

September 5, 2017

The UK Information Commissioner’s Office has again taken action for breaches of data security. This time it issued a monetary penalty notice, of £70,000, against the Nottinghamshire Council for exposing the personal information of vulnerable people for 5 years.  While the legislative structures are different the assertive approach by the ICO compares favourably to the lethargic and timid approach taken by the Australian Privacy Commissioner.

The nub of the problem was that Nottinghamshire County Council had set up a portal to allow social care providers to confirm that they had capacity to support a vulnerable person.  The architecture of the portal was flawed.  A member of the public discovered Read the rest of this entry »

Verizon releases a report on poor security in the payment card industry. Not a significant surprise, same problem across the board.

Payment by card is becoming ubiquitous in Australia, right down to getting the mandatory coffee first thing in the morning.  Some businesses refuse to accept cash where cash was usually the only form of transaction, such as bakeries.  The Economist in Emptying the tills highlights the phenomena of card taps being the norm, cash payment by value dropping, to as low as 5.7% in Sweden, and card only being a selling point.  It is not universal with card over cash being the norm in Scandinavia but cash still reigning in Germany and Italy, though for differing reasons.

What is clear though is that with the march of the cards maintaining data security is critical.  The best starting point is to comply with industry standards on data security, otherwise known as Payment Card Industry Data Security Standard (PCI DSS). Unfortunately, as with many businesses, maintaining appropriate data security is less common that one would hope.  That is made clear in a very recent Verizon 2017 Payment Security Report.   It finds that 44.6% fail to protect to payment card data on Read the rest of this entry »

New South Wales Government Department pushes to increase privacy for children in care

Hard situations make bad laws.  That legal maxim, that an extreme case makes bad law, should be scratched onto the screen of every policy maker in every government.  It usually ends in tears.

The terrible and tragic case of William Tyrrell has been covered extensively in the media since he disappeared from care.  That coverage, or at least the extent of it, found its way into the New South Wales Court of Appeal in  Secretary, Department of Family and Community Services v Smith [2017] NSWCA 206.  In that case the Court rejected the Departments appeal from Read the rest of this entry »