The predictability of abuses in accessing retained metadata…with an equally predictable damage to privacy

August 1, 2019

The newspaper the Australian has hardly been a standard bearer of privacy rights. Whenever there has been even a whiff of a suggestion that the Parliament would consider a statutory tort to give individuals a right to bring an action for an interference of their privacy the paper has gone into overdrive predicting the end of civilisation.  See my post in 2012, 2013 and again in 2013 and a less dismissive but no less hostile brief piece in 2018.    And there are others.  It has been a generally poorly argued, high octane almost Read the rest of this entry »

Australian Competition & Consumer Commission releases the Digital Platforms Inquiry – calls for more privacy protections amongst many other recommendations

July 30, 2019

Last Friday, 26 July 2019, the Australian Competition & Consumer Commission released its long anticipated and comprehensive final report.  At 623 pages it is something of a tome, not surprisingly given the broad and comprehensive recommendations it makes. The executive summary is found here.

The scope of the recommendations cover issues of competition and protecting diversity in the media, issues of critical importance but beyond the usual coverage of this publication.

Relevantly, for this site, is the recommendations for more privacy protections. That includes Read the rest of this entry »

National Australia Bank suffers data breach involving 13,000 customers

July 28, 2019

There has been widespread coverage of data breach at the NAB involving personal information of 13,000 customers being uploaded two data companies without permission. The data provided to the mysterious data companies is extensive; names, date of birth, contact details and sometimes government issued identifiers.  Close to enough to undertake some identity theft and get close to accessing accounts.  It is serious but mitigated by the fact that the breach was only to third party providers known to the NAB.  From the tenor of the story it is likely that the data providers knew of and have or had some form of relationship with the NAB. As such the disclosure is more containable than a disclosure to the world or a hack.  The difficulties with personal information being provided to third party providers is that Read the rest of this entry »

Federal Trade Commission imposes $5 billion penalty and says it imposed sweeping new privacy restrictions

July 26, 2019

The Federal Trade Commission (FTC) has formally imposed a $5 billion fine on Facebook arising out of its breach of the 2012 FTC order.  The breaches related to sharing of data with third party users, to wit making that information available to Cambridge Analytica, as well as launching Privacy Shortcuts and Privacy Checkup in 2014 which were supposed to help with managing privacy settings but did not disclose Read the rest of this entry »

UK Information Commissioner intends to fine Marriot International 99 million pounds and British Airways 183.39 million pounds. The GDPR bites for data breaches

July 16, 2019

With the General Data Protection Regulation in force in the United Kingdom the Information Commissioner has greatly enhanced powers to fine those who breach data protection laws.  And in that vein the Commissioner announced on 8 July 2019 an intention to fine British Airways £183.39 million for a data breach in September 2018 which resulted in personal information of 500,000 were compromised.  As is often the case investigation after the breach revealed Read the rest of this entry »

Federal Trade Commission to settle complaint with Facebook over privacy breaches for $5 billion.

July 14, 2019

Although the Federal Trade Commission (“FTC”) has not made a formal announcement the detailed reporting of the deliberations and voting by FTC Commissioners in favour ( 3-2) make it almost certain that once the civil division of the Justice Department approves the settlement, an almost certainty, an announcement will be formally made and Facebook will be liable to pay $5 billion. The Wall Street Journal broke the story with FTC Approves Roughly $5 Billion Facebook Settlement

Wired has undertaken a comprehensive report of the saga, which started with the FTC opening its investigation in March 2018, a week after the Cambridge Analytica scandal broke.  

The problem Facebook faces Read the rest of this entry »

Commonwealth Bank enters into an enforceable undertaking with the Australian Information Commissioner. A weak and ineffective regulatory response to serious data breaches.

July 2, 2019

On 27 June the relatively new Information Commissioner signed off on an enforceable undertaking with the Commonwealth Australia Bank arising out of 2 data breaches, the first involving the loss of 2 magnetic data tape containing what the Information Commissioner customer statements relating to 20 million customers in 2016.  The CBA was not able to work out whether the records were destroyed or something else came of them.  The second breach arose in August 2018 with sensitive information being available to those who were not able to access that material. This enforceable undertaking was entered into with the CBA already the subject of a very critical APRA report on the CBA’s risk management and reactive approach to compliance.  The CBA entered into a enforceable undertaking from the CBA in early May 2018.  And yet the CBA was involved in a second data breach 3 months later, in August 2018.  What does that say about CBA’s commitment to risk management?

There is a contrast in styles between the Information Commissioner’s media release and that of the Bank.

The Commissioner’s media release reads Read the rest of this entry »

Jeremy Lee v Superior Wood Pty Ltd[2019] FWCFB 2946; Full Bench of the Fair Work Commission considering breach of the Privacy Act, biometric data, unfair dismissal

July 1, 2019

The Full Bench of the Fair Work Commission recently handed down a very important decision in Lee v Superior Wood Pty Ltd [2019] FWCFB 2946 regarding the application of the Privacy Act. The Full Bench undertook a careful analysis of the Act and applied the Australian Privacy Principles (the APPs) to the facts in the context of an unfair dismissal claim, in this case appeal from a Commissioner at first instance.

The Facts

Superior Wood operates two sawmills at Melawondi and Imbil [2] in Queensland. It had approximately 150 employees, 80 of whom, including Lee,working at the Imbil site. Lee was employed as a casual general hand and worked for  3 ¼ years. Superior Wood is Read the rest of this entry »

Landmark White considers sale as cash runs out. The reputational effect of data breaches.

June 25, 2019

The focus of reporting on data breaches is on the personal information which is taken, potentially to commit fraud and the distress that others have that information without permission.  What is less reported is the potentially catastrophic effect data breaches may have on an business’ prospects, if not survival.  

In the United States Retrieval – Masters Creditors Bureau filed for Chapter 11 bankruptcy protection after it suffered a data breach in March.  The fallout from the data breach has been described as creating a “cascade of events” with led to the bankruptcy.  In Australia the Australian Financial Review (AFR) has reported that Landmark White is considering a full or partial sale of its business as it suffers a liquidity crisis caused by its second suspension by its lender clients.  In both cases the Read the rest of this entry »

Tim Cook’s Commencement address at Stanford puts privacy front and centre of the current technology debate

June 24, 2019

Amongst the big 4 tech giants in their own given areas, Microsoft, Google, Facebook and Apple, Apple has made the strongest public stand on protecting its users privacy.  It too a stand as a civil rights issue in protecting privacy when in in 2016 when it refused to assist the FBI in in cracking a password on an iphone owned by a terrorist.  That included fighting the FBI in the Federal Court.

Facebook’s recent pivot to a privacy friendly future with the statement A Privacy-Focused Vision for Social Networking in March has been treated with some scepticism when the Guardian recently reported that Zuckerberg knew of poor privacy practices associated with the Cambridge Analytica scandal.  The evidence, emails uncovered by the Federal Trade Commission in its investigation as to whether Facebook has breached a 20 year consent decree, which it almost certainly has.  Facebook has reportedly set aside $3 billion in anticipation of a record fine from the FTC though the figure could be as high as $5 billion.  Today Facebook through Read the rest of this entry »