Peter A Clarke

In slightly less than a year, from 25 May 2018 to be precise, the the General Data Protection Regulation (“GDPR”) will take effect throughout the European Union.  Australian businesses of any size may need to comply with the GDPR if they have an establishment in the European Union (EU), if they offer goods and services in the EU, or if they monitor the behaviours of individuals in the EU.  It is more a continuum of the existing data protection laws rather than a new system.  That said it is a Read the rest of this entry »

Personal information relating to medical matters is highly sensitive.  The Cosmestic Institute, based in Bondi,  specialised in providing cosmetic surgery, holds a particularly subset of that type of information; before and after photographs, photographs of a highly intimate nature and details which are almost invariably kept confidential

Naked photos and medical records of hundreds of women were published on line at least as late last Saturday.  Possibly earlier.  It appears that the publication of this highly sensitive information included patient names, Medicare numbers and naked images of 500 people.  The breach involved Read the rest of this entry »

Australia’s mandatory data breach notification legislation, the Privacy Amendment (Notifiable Data Breaches) Act 2017,  takes effect on 22 February next year.  It has been a long time coming.

Last Friday the Privacy Commissioner released an exposure draft resources, whatever that means, for business and agencies on their obligations under the Act.  It is open for comment until 14 July 2017, Bastille Day (hopefully that symbolises nothing).

The broad overview Read the rest of this entry »

It is something of a rite of passage for the Privacy Commissioner to release a report on privacy compliance or a survey about community attitudes to privacy around Privacy week.  This year is no different, with a 51 page report on a survey on Australian’s attitudes to privacy, privacy risks and trust in government and organisations.  The point of reference by comparison is a similar survey in 2013.  While the results are in the main consistent with 2013, there is a growing level of concern about online privacy.  This is not Read the rest of this entry »

Dating apps are notorious for both collecting a huge amount of highly sensitive personal information and being the subject of data breaches.  Ashley Madison data breach being just the most dramatic instance.

The Privacy Commissioner has issued a dos and don’ts on 4 dating apps, Tinder, Grindr, Happn and Bumble.  As far as it goes it is Read the rest of this entry »

The Privacy Commissioner has issued a statement regarding the passage of the Mandatory Data breach notification Bill.  The Privacy Commissioner has Read the rest of this entry »

The Australian Privacy Commissioner has taken action against Ashley Madison data breach in July 2015 was a sensation.  As has the Canadian Privacy Commissioner.  They have released joint findings.  Joint findings are found here.

It is likely to be an influential findings as the combined report does undertake a detailed analysis of both the facts and the expectations under the various privacy principles.  Given the dearth of authorities this will provide valuable guidance.

As with many data breaches/interference with privacy complaints followed up by regulators the initial cause of the breach/interference gives rise to a broader investigation which almost invariably highlights deficiencies in compliance throughout the organisation.  It is commonly the case that a breach of security has many causes; out of data software protection, poor protocols, inadequate staff training, excessive data retention far beyond the date when it is usable or relevant to the organisations operations and a lack of understanding as to identity verification.

Ashley Madison, or more accurately its corporate entity Avid Life Media Inc (“ALM”), entered Read the rest of this entry »

The Privacy Commissioner issued a statement today announcing that he is investigating a possible breach by the MUA.  The media release provides:

The facts are outlined in Read the rest of this entry »

The Privacy Commissioner has issued a draft guide to big data and the Australian Privacy Principles.  The closing dates for submissions is 26 July 2016.

It relevantly provides Read the rest of this entry »

The Privacy Commissioner has done what he does best.  Another speech.  This time for the launch of Privacy Awareness Week.

The speech Read the rest of this entry »