Australian and Canadian Privacy Commissioner release report into Ashley Madison data breach

September 4, 2016

The Australian Privacy Commissioner has taken action against Ashley Madison data breach in July 2015 was a sensation.  As has the Canadian Privacy Commissioner.  They have released joint findings.  Joint findings are found here.

It is likely to be an influential findings as the combined report does undertake a detailed analysis of both the facts and the expectations under the various privacy principles.  Given the dearth of authorities this will provide valuable guidance.

As with many data breaches/interference with privacy complaints followed up by regulators the initial cause of the breach/interference gives rise to a broader investigation which almost invariably highlights deficiencies in compliance throughout the organisation.  It is commonly the case that a breach of security has many causes; out of data software protection, poor protocols, inadequate staff training, excessive data retention far beyond the date when it is usable or relevant to the organisations operations and a lack of understanding as to identity verification.

Ashley Madison, or more accurately its corporate entity Avid Life Media Inc (“ALM”), entered Read the rest of this entry »