Canadian tax data stole through use of Heartbleed bug

April 17, 2014

In Canadian teen arrested for stealing tax data with Heartbleed the Age reports on a verifiable misuse of Heartbleed to steel personal data from the Canadian Revenue Agency.

It provides:

Canadian police have arrested a 19-year-old man and charged him in connection with exploiting the Heartbleed bug to steal taxpayer data from a government website.

In what appeared to be the first report of an attack using a flaw in software known as OpenSSL, the Canada Revenue Agency (CRA) said this week about 900 social insurance numbers and possibly other data had been compromised as a result of an attack on its site.

The suspect, Read the rest of this entry »

Hacking attack on UK medical group results in 480,000 patient records being accessed

The UK Telegraph reports in Hackers steal 500k patient records from Harley Medical Group that personal information relating to 480,000 patients of the Harley Medical Group have been accessed by hackers.  Medical records are defined as sensitive information in the Privacy Act 1988.  They are universally regarded as very confidential and the breach or misuse of medical files is generally regarded as in the category of the most serious privacy breaches.  Doctor patient confidentiality is part of the canon of medical ethics, has long been recognised at common law and, relatively, more recently received statutory recognition. That of course doesn’t prevent general practitioners and surgeons to make mistakes with patient records.  Where the real problems arise is the management of records by private health organisations, be they medical groups, insurers, hospitals or agencies and departments.  With those groups there is a danger of treating patient records as just another form of data.  Which they are most definitely not.  Regulators take a very dim view of data breaches of medical records.  As they should.  It will be interesting to see how the Privacy Commissioner exercises his newly acquired powers when there is a breach of medical confidentiality through a breach of security or other form of interferences with privacy.

The article provides:

The personal details of nearly half a million people considering cosmetic surgery may have been accessed by hackers Read the rest of this entry »

ACCC suffers privacy breach

April 11, 2014

The Age in Personal data exposed by ACCC security lapse reports on a privacy breach by the ACCC.

It provides:

Australia’s competition regulator has been hit with an embarrassing security lapse after its confidential email subscriber list was accidentally displayed on the internet.

The Australian Competition and Consumer Commission said Read the rest of this entry »

The Australian Retail Credit Association applies to vary the Credit Reporting Code

April 3, 2014

On 31 March 2014 the Australian Retail Credit Association (the “ARCA”) has applied to vary the Credit Reporting Code to extend from 5 days to 14 day grace period for repayment history to be classified as a missed payment.

The Privacy Commissioner is considering the application. It is unlikely that he will reject it.  It is a pro consumer amendment being sought by the ARCA.

The CR Code is found here

Drones and journalism

April 2, 2014

The Economist has taken a keen interest in drone technology of late and has had an abiding interest in technology.  Those two themes come together in Eyes in the skies which looks at the use of unmanned aerial vehicles by journalists.  The article also deals briefly with the privacy issues.

It provides:

THE news footage is striking: fires burn on the streets of Kiev; scorched banners flutter on buildings; madding crowds stumble through the chaos below. It is also strange: although aerial, it does not look as if it was shot from a helicopter. The camera flies right up to burning buildings; people on the ground so Read the rest of this entry »

Commonwealth Bank calls for improved cyber security

April 1, 2014

One of the key issues with the interpretation of the Australian Privacy Principles is the extent to which organisations will need to keep up to date with data security protocols, programs and preventative methods to avoid a hacking attack.  The fact that an organisation is hacked does not mean, ipso facto, it has not complied with the APPs.  That said a breach Read the rest of this entry »

The perils of posting kids pics on Facebook, the long term privacy and reputational consequences

March 31, 2014

In 2009 the newly minted President of the United States, President Obama, spoke to some school children and cautioned them about what they put on Facebook.  It is reported by the Huffington Post in Obama On Facebook: “Be Careful What You Post”.

At that time  he said:

“Whatever you do,” he told them, “it will be pulled up later in your life.”

Prescient comments then and  equally applicable today, if not more so with Big Data and sophisticated algorithims. Advice that is not heeded by those who take selfies after sex, as reported in Why are couples taking #aftersex selfies? A spectacularly stupid practice at any age.

In the Age’s article Online: Parents urged to be careful with child-related information the issue covered relates to Read the rest of this entry »

The internet of things has the same exposure to data security problems as the internet proper – an example being Phillips Smart TV open to hacking

Ars Technica reports in Philips Smart TVs wide open to Gmail cookie theft, other serious hacks regarding serious security flaws that could allow hackers to  steal information from attached USB sticks and pilfer authentication cookies which could give them access to Read the rest of this entry »

Meta data and their collection; two approaches.

The collection of metadata is a growing area of concern for privacy practitioners, advocates and regulators.  Big data, with every more powerful computing power and more sophisticated algorithims, have Read the rest of this entry »

Australian Law Reform Commission releases the Serious Invasion of Privacy in the Digital Era

The Australian Law Reform Commission (the “ALRC”) has released its long awaited discussion paper on Serious Invasions of Privacy in the Digital Era (found here).

Submissions are due by no later than 12 May 2014.  That is a very short time frame given the size of the report, over 200 pages, and 47 recommendations.

The media release provides:

The Australian Law Reform Commission (ALRC) today released a Discussion Paper, Serious Invasions of Privacy in the Digital Era (DP 80, 2014). The Terms of Reference for this Inquiry ask the ALRC to consider the detailed legal design of a statutory cause of action and, in addition, other innovative ways the law might prevent or redress serious invasions of privacy.

The ALRC is Read the rest of this entry »