March 17, 2014
Apps as a bread tend to be sinkholes of data leakage and privacy breaches. App developers are often not caught by the operations of the Privacy Act and they tend to focus on data collection as a priority over the establishing systems to store and protect the data being collected. In itnews The 10 apps you need to keep prying eyes away from your mobile messages and data the article focuses on those apps which provide privacy protections. A very interesting and practical guide.
The article, in slide format, provides:
Wickr is often Read the rest of this entry »
March 16, 2014
In Drones: Sky’s the limit for airborne snoopers the Age does a brief overview of the issues that the burgeoning use of drones raise (pardon the pun). Not a bad quick overview of the technological issues but nothing I haven’t covered in the last two years of postings on drones (here, here, here, here, here, here, here, here, here, here, here, here, here, here, here, here, here, here, here, and here). A worthwhile contribution.
There is uncertainty of the number of drones are in use in Australia (or America) and who is operating them. Drones can be Read the rest of this entry »
March 10, 2014
The Target breach in the USA has been described as a tsunami of privacy breaches, the 9/11 of data security and any other number of hyperbolic monikers. It is clearly a catastrophic breach of security and a serious invasion of privacy. It has caused a shake up in privacy protection and a wake up call on the need to improve standards. There have been a range of lessons gleaned from the event; ensuring data security of third party contractors (through which hackers entered Target), separating data within sites, maintaining appropriate levels of data security, monitoring traffic of sites and the list goes on.
The issue raised by the Washington Post in No consensus on how to notify data breach victims is the patchwork of laws through the USA regarding notification of data breaches to those whose personal information was leaked. In the US most states have some form of mandatory data breach notification. But they are not uniform on how they operate, as the article makes clear. Compare this to Australia where Read the rest of this entry »
March 7, 2014
Drones were the subject of a significant discussion by the Standing Committee of Social Policy and Legal Affairs on 28 February 2014. The transcript of the roundtable is found here (with the privay discussion being found at pages 40 – 53). The Australian in CASA rejects drone control role has a report on that discussion in its Aviation section. The article makes clear that CASA wants nothing to do with policing any privacy laws that may regulate drones in the future. Which is very sensible. CASA has a very clear defined role and privacy protections is not within that bailiwick. The rapid uptake of drone technology poses a multi agency challenge. As with the United States of America an overhaul of the regulations is required. On the legal front the current law is utterly inadequate to provide privacy protections from the misuse of drone technology. The legislature is barely rousing itself to deal with these issues. The problem is that the technology is not stopping for anyone.
The article provides:
THE aviation regulator has said it has no interest Read the rest of this entry »
March 6, 2014
The Target breach has been described as a seminal event in the history of data security and hacking events to date. It has now led to Read the rest of this entry »
February 25, 2014
The Australian in Predictions 2014: Snowden fallout to put privacy at top of agenda higlights the privacy implications of 3 developments in technology within the public sector; cloud computing, mobile and big data.
PRIVACY will be front of mind for public-sector agencies at all levels following Read the rest of this entry »
February 24, 2014
The Economist article Looking both ways considers the interaction of government and technology, in particular how it is regulated. It is a thoughtful piece which highlights the complexity of encouraging the development of technology but establishing the appropriate safeguards. The role of government in the use, control and management of personal data is one of the current issues that defies easy solution. That is the subject of current debate in Europe where the trend is to increase legal responsibility on business in keeping data secure and using it responsibly. The question is then whether the (proposed) protections may be going too far and costing too much. The issue is the USA is not over regulation but the opposite. The sectoral nature of data protection in the USA translates to inadequate protections and control in large parts of the market where there should be some form of regulation.
Even with the amendments to the Australian Privacy Act on 12 March 2014 the scope of regulation is patchy. It does not cover Read the rest of this entry »
February 20, 2014
Failure to scrub data from old computers or from devices at the end of a lease can easily result in a data breach as sensitive information becomes accessible to unauthorised people. The ICO in the UK has issued guidelines on what should be done (I have posted on this subject here). With the growth of BYOD and the internet of things this problem will only grow. It is critical for organisations to have the right protocols and training in place to deal with this potential data time bomb. In Read the rest of this entry »
February 19, 2014
In a classic case of function creep the Washington post reports, in Homeland Security wants national database using license-plate scanners, that the US Department of Homeland Security wants a national database based on data collected from licence plate readers.
The article provides:
The Department of Homeland Security wants a nationwide database Read the rest of this entry »
In Security 101: Top tech tips to stay safe the Age sets out in broad overview some security tips taken from the Tech Leader’s Forum. As a starting point it is not a bad article. But it is only a start. Organisations need to Read the rest of this entry »