Significant data breach at the Federal Court of Australia revealing names of protection visa applicants

March 31, 2020

It was serendipitous that last Wednesday I presented a paper, via Zoom, at a Legalwise Seminar on Data Breaches: How to Respond, Notify and Remedy  given today’s report that there has been a significant data breach by the Federal Court, an agency for the purposes of the Privacy Act 1988.  The, to use the Federal Court’s spokesman’s description, “major systemic failure” involved the searchable database permitting the identity of 400 asylum seekers being disclosable. 

This breach would fall within Part IIIC of the Privacy Act 1988, the mandatory data breach notification regime. Going through the process would require an assessment of the breach, a determination as to whether the breach is likely to cause serious harm and, if so, the means of notifying the affected individuals.  Based on the ABC report of the breach there would be legal and practical issues to address with each step.  As to the assessment process it is concerning that Read the rest of this entry »

Victorian Information Commissioner release guidelines on dealing with data breaches

May 26, 2019

The Victorian Information Commissioner has released guidelines on managing the privacy impacts of privacy breaches.  While it relates to entities covered under the Privacy and Data Protection Act 2014, primarily government agencies and contractors engaged by them it does provide another useful point of reference to those wanting to develop a comprehensive understanding of what is the best way of dealing with a data breach.

It is a starting point only.  The structure and operation of a business will dictate Read the rest of this entry »

Banks privacy policies reflect the flexibility of the Australian Privacy Principles and the Guidelines

March 17, 2014

Zdnet’s Playing by the rules: Australia’s banks and the privacy reforms reflects how similarly sized organisations in the same sector approach drafting their respective privacy policies.  Not massive differences but enough to show that in drafting the APPs cana be in the eyes of the beholder.   How the Privacy Commissioner approaches Read the rest of this entry »

Technology and government

February 24, 2014

The Economist article Looking both ways considers the interaction of government and technology, in particular how it is regulated.  It is a thoughtful piece which highlights the complexity of encouraging the development of technology but establishing the appropriate safeguards.  The role of government in the use, control and management of personal data is one of the current issues that defies easy solution.  That is the subject of current debate in Europe where the trend is to increase legal responsibility  on business in keeping data secure and using it responsibly.  The question is then whether the (proposed) protections may be going too far and costing too much.  The issue is the USA is not over regulation but the opposite.  The sectoral nature of data protection in the USA translates to inadequate protections and control in large parts of the market where there should be some form of regulation.

Even with the amendments to the Australian Privacy Act on 12 March 2014 the scope of regulation is patchy.  It does not cover Read the rest of this entry »

SBS on whether the new Privacy protection amendments go far enough

February 9, 2014

SBS radio has recently had a program  on the impact of the new amendments to the Privacy Act on 12 March 2014 in Do new privacy protection laws go far enough?

The points made are familiar to those who practice in the privacy sphere, so to speak.  The changes are far from comprehensive and a selective adoption of the Australian Law Reform Commissioner report.  Very much a curate’s egg – good in parts.  The Act will remain inadequate but if properly and effectively regulated it should should dramatically improve privacy protection in so far as it covers the handling of personal information. The current Privacy Commissioner is quite active.  Far more active than his predecessors. But now he has real enforcement powers and a business environment that is only partially compliant (and hardly likely to be in any better shape before 12 March) the real test is how he uses those powers.

It provides:

While millions Read the rest of this entry »

Mobile Apps provide a significant privacy risk in Australia and overseas. Snapchat breaches provide another example

January 6, 2014

Mobile Apps are privacy invasive time bombs.  That unfortunately go off way too often.  This issue is now on the radar of information commissioner’s around the world.  And not before time.

The Privacy Commissioner has issued a guide on Mobile apps (found here)  and a check list (found here). The Warsaw declaration at the 35th international conference of data protection and privacy commissioners on the appification of society stated:

Nowadays, mobile applications (apps) are ubiquitous. On our smart phones and tablets, in cars, in and around the house: a growing number of items have user interfaces connected to the internet. Currently, over 6 million apps are available in both the public and private sector. This number is growing by over 30.000 a day. Apps are making many parts of our day-­to-­day lives more Read the rest of this entry »

Privacy Comissioner says website privacy policies are too long and complex

August 15, 2013

The Privacy Commissioner has issued a media release, Privacy Commissioner: Website privacy policies are too long and complex, announcing the release of what he calls as “privacy sweep” of websites used by most Australians.  He found nearly 50% of website policies were difficult to read.  In my professional experience it is usually more than that and sometimes difficult merges into completely incoherent.

The summary of the sweep is:

the OAIC examined Read the rest of this entry »

Age journalists apologise for unauthorised access to ALP database

August 6, 2013

Today 3 journalists, Royce Millar, Nick McKenzie and Ben Schneiders, have penned a letter of apology on page 2 of the Age. It is found here. The Herald Sun reported (no doubt very reluctantly) on the three having their cases diverted and therefore they are released without conviction and a good behaviour bond of 12 months.

The apology provides:

In November 2010, while researching a story for The Age newspaper, we the undersigned journalists accessed the ALP’s Electrac database without authorisation.

The focus of the story, published on 23 November 2010, was upon databases maintained by political parties, which contain private information concerning voters, and how that information is used for election campaigning. The Electrac database is such a database. Other political parties have similar databases.

We were able to access Electrac through the use of passwords provided to one of the undersigned. We accept that we did not have authorisation Read the rest of this entry »

Legal expert says drone technlogy requires new privacy laws in US

May 21, 2013

Salon reports in Senate: Drones require new privacy laws  about testimony before a Senate panel calling for an upgrading of privacy protections in light of the increasing proliferation of drones in the US.

The article provides:

As domestic surveillance drones proliferate, the public needs greater protection experts tell hearing

WASHINGTON – Privacy laws urgently need to be updated to protect the public from information-gathering by the thousands of civilian drones expected to be flying in U.S. skies in the next decade or so, legal experts told a Senate panel Wednesday.

A budding commercial drone industry is poised to put mostly small, unmanned aircraft to countless uses, from monitoring crops to acting as lookouts for police SWAT teams, but federal and state privacy laws have been outpaced by advances in drone technology, experts said at a Senate hearing.

Current privacy protections from aerial surveillance are based on Read the rest of this entry »

Tweets last forever……’s the proof

April 26, 2013

Recently the World Today the report UK youth commissioner under fire over foul tweets highlights the permanence of the cybersphere and what one in the full bloom of fiery youth may regret as the rules of polite society beckon.  Woad warriors could transform themselves into paragons of virtue pre internet.  Memories fade and plausible deniability is an active option. Now the the Net sets all matters in in cyber concrete.  This has had an impact lately on Paris Brown.

The story provides:

ELEANOR HALL: Teenagers are often warned about what they say on social media sites: that they could come back to haunt them in later life.

A young woman in the UK didn’t have to wait long.

17-year-old Paris Brown’s position as the country’s first Youth Police and Crime Commissioner has been put in doubt Read the rest of this entry »