September 18, 2016
The Federal Court per Murphy J in Furnari v Ziegert  FCA 1080 considered the unusual application for injunctive relief arising out of a defamation action. The decision is notable for its consideration of section 7 of the Telecommunications (Interception and Access) Act 1979 (“TIA Act”).
The applicant purchased a pedigree bobtail Doberman pup from the respondents for $3,500 in December 2015. He said that Ms Ziegert represented that the pup could breed, was a natural bobtail, had been checked by a veterinarian, didn’t have Von Willebrand disease and weighed between 9 and 10 kg. Upon taking delivery of the pub he said it had been sterilised, was diseased, weighed only 4.5 kg, was unhealthy and, as if that wasn’t enough, was not a natural bobtail. Not surprisingly the applicant alleged misrepresentations by the respondents  which is the subject of a proceeding in the Victorian Civil and Administrative Tribunal .
The dispute escalated into a defamation proceeding. His Honour summarised the circumstances as: Read the rest of this entry »
September 9, 2016
Today ACMA released its Privacy Guidelines for broadcasters. It is more accurate to state that it has revised its existing guidelines.
The media release provides:
The ACMA’s Privacy guidelines for broadcasters help broadcasters and members of the public better understand the operation of the privacy provisions in the various broadcasting codes of practice. The guidelines provide an overview of how the ACMA assesses complaints by listeners or viewers that allege breaches of the privacy provisions in the codes. Read the rest of this entry »
September 5, 2016
The New South Wales Attorney General has released the Government’s response to the Legislative Council’s report on remedies Remedies for the Serious Invasion of Privacy in New South Wales.
It is a timid and disappointing document.
The overall response relevantly states:
The NSW Government acknowledges the work of the Legislative Council Standing Committee on Law and Justice (LC Committee) in producing its report, Remedies for the serious invasion of privacy in New South Wales, on 3 March 2016 and the particular focus of the inquiry on the non consensual sharing of intimate images, commonly referred to as ‘revenge porn’.1 Read the rest of this entry »
Health records are a particularly popular target of hackers who use ransomware to extract quick payment. Hospital records are self evidently critical in patient care. Hospitals are notorious for their poor data security practices. That is a function of a culture resistant to implementing modern data security practices, a large number of staff accessing records and emails and generally poor security protocols and even worse Read the rest of this entry »
September 4, 2016
Technology has no morals or ethics. It is the operators of the technology who have those. Or don’t. Commonly enough the law, which restrains or otherwise regulates behaviour, falls far beyond the technology. That is clear from the operation of airborne surveillance. While intercepted telephone conversations and bugging of physical locations require a warrant, no such restriction applies to planes, drones and other forms of lighter than air vehicles photographing images and recording conversations.
In The Sneaky Program to Spy on Baltimore From Above the Atlantic reports on a practice undertaken by Baltimore police to record Baltimore residents by means of 4 – 6 cameras fixed to a plane flying overhead. The images taken were stored for future use. The police force did it without notifying even the City Government because it used a private company with private funding. Wired in How Baltimore Became America’s Laboratory for Spy Tech covers similar territory but goes so much further in showing how a police department without restraint can use technology to the point of giving dystopia a physical address, Baltimore Maryland.
In another setting it would be a fairly standard Read the rest of this entry »
The Australian Privacy Commissioner has taken action against Ashley Madison data breach in July 2015 was a sensation. As has the Canadian Privacy Commissioner. They have released joint findings. Joint findings are found here.
It is likely to be an influential findings as the combined report does undertake a detailed analysis of both the facts and the expectations under the various privacy principles. Given the dearth of authorities this will provide valuable guidance.
As with many data breaches/interference with privacy complaints followed up by regulators the initial cause of the breach/interference gives rise to a broader investigation which almost invariably highlights deficiencies in compliance throughout the organisation. It is commonly the case that a breach of security has many causes; out of data software protection, poor protocols, inadequate staff training, excessive data retention far beyond the date when it is usable or relevant to the organisations operations and a lack of understanding as to identity verification.
Ashley Madison, or more accurately its corporate entity Avid Life Media Inc (“ALM”), entered Read the rest of this entry »
August 31, 2016
The BBC reports in Domestic abuse privacy breach: Greater Manchester Police pays victim on a catastrophic series of blunders by police in Manchester in releasing personal information of a domestic abuse victim into the public domain. The victim agreed that the police could use her experience in training sessions. The caveat was that she would remain anonymous. Not an unreasonable request and Read the rest of this entry »
August 28, 2016
A perennial problem in data security is staff taking data off site through lap tops and bring your own devices, usually USB sticks. The problem is more than removing the data offsite though that can and is a real challenge in data management. The significant issue is ensuring data is secure when it is off site.
The Information Commissioner’s Office (the “ICO”) has issued a Monetary Penalty Notice, fining a nursing home in County Antrim, Northern Ireland, £15,000 for failing to secure sensitive personal data. The breach occurred Read the rest of this entry »
August 24, 2016
Document management is the bane of many organisations. Take that issue and put it on steroids and that is the scale of the potential disaster that awaits a breakdown in handling personal information. Government agencies collect a large amount of personal information and are geared towards keeping detailed files. That means a large volume of documentation.
The Hampshire County Council has been fined £100,000 as a result of 45 bags of confidential waste found in a disused building. The documents contained sensitive information about adults and children in vulnerable situations.
It is a case of a failure to Read the rest of this entry »
August 3, 2016
The Federal Trade Commission has finalised its orders against ASUSTek Computer arising out its failure to take reasonable steps to secure software on its routers despite make promises about security. The terms of the settlement are onerous. As they should be. It would be Read the rest of this entry »