September 4, 2016
The Australian Privacy Commissioner has taken action against Ashley Madison data breach in July 2015 was a sensation. As has the Canadian Privacy Commissioner. They have released joint findings. Joint findings are found here.
It is likely to be an influential findings as the combined report does undertake a detailed analysis of both the facts and the expectations under the various privacy principles. Given the dearth of authorities this will provide valuable guidance.
As with many data breaches/interference with privacy complaints followed up by regulators the initial cause of the breach/interference gives rise to a broader investigation which almost invariably highlights deficiencies in compliance throughout the organisation. It is commonly the case that a breach of security has many causes; out of data software protection, poor protocols, inadequate staff training, excessive data retention far beyond the date when it is usable or relevant to the organisations operations and a lack of understanding as to identity verification.
Ashley Madison, or more accurately its corporate entity Avid Life Media Inc (“ALM”), entered Read the rest of this entry »