Victorian Information Commissioner finds that Public Transport Victoria has breached the privacy of myki users. A cause of action?

August 15, 2019

In a brilliant piece of analysis Dr Chris Culnane, Associate Professor Benjamin Rubinstein and Associate Professor Vanessa Teague of the University of Melbourne have demonstrated in their paper released today titled Stop the Open Data Bus, We Want to Get Off that de identification of unit record level data does not work without substantially altering the data to the point where its value is reduced.  The analysis was based on the data released by the Victorian Government in to a data science competition.  The authors have demonstrated that a combination of only needing a small number of points of information to make an individual unique and poor quality anonymisation and security techniques makes it quite easy to reidentify individuals. 

In the case of the myki data the authors found that “little to no de identification took place on the bulk of the data.”  They found it was a straightforward task to re identify two of the co authors cards.  They also established that is possible to identify a stranger from public information about their travel patterns, for example twitter to name just one source.  They identified Read the rest of this entry »

Victoria appoints its first Information Commissioner

August 30, 2017

As of 1 September 2017 the State of Victoria will have an Information Commissioner, replacing the position of Privacy Commissioner.  The Information Commissioner will also be responsible for Freedom of Information applications.

The inaugural Information Commissioner is Sven Bluemmel.  Mr Bluemmel was Read the rest of this entry »

Victoria police has yet another problem with data security… new breaches familiar pattern of behaviour

October 16, 2016

Misuse of confidential information and regular data breaches has been a longstanding and systemic problem for the Victorian Police Force.  In the past two years I have posted on problems with the misuse of the LEAP database, which contains personal information of Victorians, here and here.  Police documents containing sensitive personal information were found in the possession of outlaw bikie gang members in 2013.

In his 2016 annual report Victorian Commissioner for Privacy and Data Security set out problems in the Victorian Police with data management.  There was a 36% increase in data security breaches over the previous year.  The Commissioner identified Read the rest of this entry »

Misuse of private information/breach of confidence injunction in Victorian Supreme Court … according to Herald Sun

August 8, 2014

Breach of confidence actions involving personal information are more famously litigated in the United Kingdom.  Privacy related actions have developed and matured there while the action remains more tentative in Australia.  Or at least less developed.  That is not to say equity does not afford protection.  And that includes injunctive relief.  The Herald Sun reports in Suzie Wilks’ estranged husband Nick O?Halloran in court bid to prevent publication of top-secret letter about an injunction granted to a Mr O’Halloran by the Supreme Court last week.  There is no formal publication of any order or reasons for decision  according to Read the rest of this entry »

White hat hacks into Public Transport Victoria website

January 8, 2014

The Age reports in Schoolboy hacks Public Transport Victoria website how a 16 year old, Joshua Rogers, hacked into the Public Transport Victoria (“PTV”) website. The article notes that after Joshua notified the PTV of the security flaws it kindly notified the police and the Privacy Commissioner.  The reasons were not provided.  It will be interesting to see how both guardians, one of law and order and the other of privacy, will respond to the challenge.  Given PTV’s database contains vast amounts of personal information, including credit card details,the reported inadequacy of its on line security is a major concern.  Hopefully the Privacy Commissioner will take a robust approach when investigating this alleged failing. It would be fascinating to see what the results of a Privacy Impact Assessment by the PTV will reveal. Of course that won’t be made public.  Assuming it happens.

The article provides:

Personal information Read the rest of this entry »

Annual report of the Victorian Privacy Commissioner 2012/13 tabled in Victorian Parliament

September 20, 2013

The 2-12/13 annual report of the Victorian Privacy Commissioner was been tabled in Parliament on 19 September 2013 .  It is found here.  It provides for interesting reading, if that takes and holds your attention (as it does for me).

Some of the interesting statistics are that during 2012-13:

? the total number of complaints handled remains consistent with previous years;
? by a significant margin, Victorian government departments have been the subject of the highest number of privacy breach investigations over the past five reporting periods;
? the amount of complaints referred to VCAT for determination remains consistent with previous years;
? 76% of complaints referred to conciliation Read the rest of this entry »

Complainant AY v Public Sector Employer [2013] VPrivCmr 02

April 12, 2013

In Complainant AY v Public Sector Employer [2013] VPrivCmr 02 the Victorian Privacy Commissioner considered a serious complaint about a breach of privacy by a public sector employer.

FACTS

In approximately 2006 Read the rest of this entry »