Peter A Clarke

Australia’s mandatory data breach notification legislation, the Privacy Amendment (Notifiable Data Breaches) Act 2017,  takes effect on 22 February next year.  It has been a long time coming.

Last Friday the Privacy Commissioner released an exposure draft resources, whatever that means, for business and agencies on their obligations under the Act.  It is open for comment until 14 July 2017, Bastille Day (hopefully that symbolises nothing).

The broad overview Read the rest of this entry »

The United Kingdom’s Information Commissioner’s Office (the “ICO”) has imposed a severe fine of on Basildon Borough Council for publishing personal information on planning application documents. The argument run by the Council was that the planning laws prevented it from doing so even though it routinely redacted personal information on other applications.  In Victoria this has been an issue in the past where some councils have felt that they can not redact while others argue they can.  It appears that most do redact.

The ICO media release provides:

A council has been fined £150,000 by the Information Commissioner’s Office (ICO) for publishing sensitive personal information about a family.

Basildon Borough Council breached the Data Protection Act when it published the information in planning application documents which it made publicly available online.

The ICO’s investigation found that on 16 July 2015, the council received a written statement in support of a householder’s planning application for proposed works in a green belt. The statement contained sensitive personal data relating to a static traveller family who had been living on the site for many years. In particular, it referred to the family’s disability requirements, including mental health issues, the names of all the family members, their ages and the location of their home. Read the rest of this entry »

It would appear that the school management software of Camberwell High School has been accessed by a person without authority as reported in Camberwell High School becomes second target of major privacy breach in two weeks. Any breach is of concern but cyber threats, whether from overseas participants or bored students at the school is possibility.  In this case the damage limitation and advice to those affected has been dismal, and all too typical.  Government agencies, particularly at a state level are notoriously resistant to advising those whose personal information. As is often the case the shut down of communications or cover up occasionally makes a bad situation much, much worse.

The Camberwell High School Homepage provides no notice of comfort, providing contact details of those concerned about the breach.  Fairly typical “pull up the drawbridge” approach to information sharing.  According to the Camberwell High Schools Latest News:

Just a note to let you know that a small mudlark is protecting its nest along the Prospect Hill Road entries near the D building, it has also been sighted swooping near the E Building last week.  There have been a small number of students present with facial scratches so could you please be mindful and avoid the area when possible.

Please leave the mother bird alone as she will only be exhibiting this behaviour for a few weeks.

All for protecting mud larks and students from being scratched by them.  But losing personal information is a serious matter, as worrying if not more so than being swooped by the protective mudlark.  The cost of a data breach can be much greater!

What is interesting is that Read the rest of this entry »

It is something of a rite of passage for the Privacy Commissioner to release a report on privacy compliance or a survey about community attitudes to privacy around Privacy week.  This year is no different, with a 51 page report on a survey on Australian’s attitudes to privacy, privacy risks and trust in government and organisations.  The point of reference by comparison is a similar survey in 2013.  While the results are in the main consistent with 2013, there is a growing level of concern about online privacy.  This is not Read the rest of this entry »

The National Institute of Standards and Technology (the NIST) has issued an excellent guide to Blue Tooth Security. It should be mandatory reading for anybody interested in cyber security.

Bluetooth wireless technology is a ubiquitous technology used in linking devices.  It is an open standard for short-range radio frequency communication used primarily to establish wireless personal area networks (WPANs). It allows users to form ad hoc networks between devices to transfer voice and data. It is now integrated into business and consumer devices, including cellphones, laptops, automobiles, medical devices, printers, keyboards, mice and headsets.  It has recently been used in medical devices and personal devices such as smart watches, home appliances, fitness monitors, and trackers. Those devices hold and transfer large amounts of personal information.  Security is critical.

Bluetooth devices are susceptible to general wireless networking threats beyond Read the rest of this entry »

Further  to the earlier post, the worldwide ransomware attack on computer systems that did not properly patch their Microsoft systems has hit Australian shores.  In First Australian business infected in global cyber attack the Fairfax press reports on the first formally acknowledged hack.  The number of computers affected by the virus has Read the rest of this entry »

Ransomware attacks are hardly a new phenomana.  In internet terms it is a middle aged form of malware.  I have been writing about it for some years (see here, here, here, here, here, here and here for example).

Courtesy of a Microsoft vulnerability, hackers using the WannaCry ransomware have attacked thousands of locations throughout the world. At this stage there have been 75,000 attacks across 99 countries.  Organisations which did not apply a patch Microsoft released in March were vulnerable.  Unlike most ransomware Read the rest of this entry »

The Victorian Legislative Council passed the Freedom of Information Amendment (Office of the Victorian Information Commissioner) Bill 2016 yesterday.

The Act represents a significant restructure Read the rest of this entry »

Website flaws are a real problem for organisations.  Particularly where those flaw allow personal information to be viewed by non authorised personal.  In Website Flaw Let True Health Diagnostics Users View All Medical Records  a function Read the rest of this entry »

The Productivity Commission’s long running investigation into data use gave rise to a very significant interim report.  Yesterday the Productivity Commission publicly released the final report it provided to the Government on 31 March 2017.  The final report, a behometh at over 658 pages, is found here while the overview, not exactly a slim lined edition at 76 pages, is found here.

This is a very thoughtful and comprehensive report, even for those who do not agree with all of the methodology and the recommendations.  The Productivity Commission is recommending Read the rest of this entry »