June 28, 2015
As the Board of Target USA will attest, or those that remain, making sure suppliers have adequate cyber security controls are critical in maintaining a proper data security system. Target’s massive data breach was instigated from a third party site which had poor data security. Businesses work their suppliers on line as much as in person. And that interconnection is growing not subsiding. According to a recent survey by an insurance broker Marsh, titled UK 2015 Cyber Risk Survey Report less than one in three companies surveyed review their suppliers cyber protection, or more accurately their exposure to a data breach. This raises compliance issues for Read the rest of this entry »
The Privacy Commissioner has announced an investigation into the widely reported likely breach of iiNet. Notably the breach occurred during the period in which the Privacy Commissioner has enhanced powers, that is after 12 March 2014. The sanctions can be significant, including Read the rest of this entry »
June 24, 2015
The New Zealand Broadcast Authority has upheld a privacy complaint against Television New Zealand Ltd in PG and Television New Zealand Ltd – 2014-090.
During an episode of Water Patrol, a reality TV series following the work of the New Zealand Police, footage of the complainant (PG) in his boat was shown . The footage Read the rest of this entry »
Itnews reports in Optus admits handing user phone numbers to websites that Optus has admitted to engaging in the practice of providing customer phone numbers to websites which are accessed by that customer. As the article makes clear this practice has, understandably and with strong basis in law, raised privacy concerns. There is no prior consent sought or notice of this practice.
Read the rest of this entry »
June 22, 2015
The Canadian House of Commons has passed (on 18 June 2015) the Digital Privacy Act, amending the Personal Information Protection and Electronic Documents Act. The key provisions are mandatory data breach notification requirements whereby an organisation will be required to notify the Office of the Privacy Commissioner of Canada following a breach of security safeguards involving personal information under its control when there is a real risk of significant harm to individuals from the breach. Importantly the organisations will also be required to notify affected individuals. There will also be Read the rest of this entry »
There has been yet another call for mandatory data breach notification laws, this time from a cyber security firm, FireEye as reported by the Fairfax press in ‘We need accountability': Security firm warns that we needs mandatory data breach disclosure laws. The history of privacy law reform in Australia is Read the rest of this entry »
June 21, 2015
The privacy vulnerabilities associated with mobile phones and especially their apps have been well known for some time. And the Android system, which powers Samsung mobile phones, has been particularly prone to security problems as is reported in Questions over Samsung’s handling of security flaw in millions of smartphones and Massive security flaw found in 600 million Samsung phones, including Galaxy S6.
Solutions Review reports in New PulseSecure Report Finds Nearly 1,000,000 Unique Mobile Malware Threats on the ongoing and growing problem with mobile malware. This is an issue Read the rest of this entry »
June 19, 2015
Data breaches by hackers have evoked significant adverse publicity for the organisations affected and understandable concern of those whose personal information was viewed and taken. Breaches of Sony Pictures and Target have resulted in considerable financial losses not to mention reputational damage for those brands. Breaches of Government networks are equally damaging, if not more so. Data held by authorities often relate to everyday individuals. There is a high potential of identity theft if enough personal information of an individual is taken. There are other impacts, such as being profiled and monitored, if the intent ifs non economic, as often occurs with hacking by other countries. What is often not mentioned in reports of these data breaches is that the breaches themselves are almost invariably due to poor cyber security practices such as failing to patch security programs, not fixing well known vulnerabilities, giving third parties with poor security practices access to a network and poor staff training. Inadequate security practices were behind the recent massive breach of the United States Office of Perosnal Management (OPM). The OPM has a large database of personal information of US federal employees though it could also affect personal information of private citizens. The Economist’s article Put up the firewalls makes it clear that the breach was avoidable and the measures to detect the hack once the breach occurred were inadequate. It is a familiar story brought about by a combination of poor practices and inadequate enforcement of regulations.
Read the rest of this entry »
June 14, 2015
Following from the PwC report regarding data breaches in the United Kingdom (post found here) the Information Age has a very prescient article on data breaches referencing the UK breaches into a global conetet in 96% of UK corporations have been hacked, new data reveals. The basis for the story is the Global business outlook survey which found:
- 92% of European corporations have been hacked but 23% have not acted to prevent attacks.
- in excess of 80% U.S of companies “indicate” they have been hacked.
- globally, over 85% of firms have been hacked across Asia, Africa and Latin America.
The article relevantly Read the rest of this entry »
June 13, 2015
Price Waterhouse Coopers have released a report 2015 INFORMATION SECURITY BREACHES SURVEY survey of breaches over the last 12 months in the United Kingdom. The results are broadly consistent with reports relating to data breaches, such as the 2015 report by Verizon.
The PwC report highlights Read the rest of this entry »