Sheales v The Age & Ors [2017] VSC 380 (29 June 2017): defamation, damages where reputation not put in issue, mitigating and aggravating factors

July 6, 2017

After a 6 day trial a jury found for the plaintiff in the defamation proceeding of Sheales v The Age & Ors [2017] VSC 380.  The Court awarded damages in the sum of $175,000.  The current maximum amount awardable for non-economic loss is $381,000.


The Plaintiff, Sheales, is a Victorian barrister practicing mainly in criminal law and sports law. The Third Defendant, Patrick Bartley, was a journalist who wrote an article about the Plaintiff’s appearance before a Racing Victoria stewards hearing on 2 August 2015. An issue before the steward’s hearing that day concerned the alleged use of the chemical element cobalt by the plaintiff’s clients [1]. Fairfax Digital Australia and New Zealand Pty Ltd, the second defendant, published the article online. The first defendant, The Age Company Pty Ltd, the owner and publisher of The Age newspaper, published the article, with some small differences on 3 August 2015 [2].

The Plaintiff alleged that he had suffered injury to his professional reputation and feelings, had been humiliated, embarrassed or Read the rest of this entry »

Medicare numbers available on the dark web

July 4, 2017

The theft of personal information and subsequent sale on the internet, the “darknet” to be more dramatic, is common, lucrative and, because poor privacy and cyber security policies and protections by many organisations, an increasingly attractive way for criminals to make money. It is not necessary to obtain credit card or bank details.  Getting official identifiers like social security numbers have intrinsic value.  Which is why the report of Medicare numbers being sold on line is Read the rest of this entry »

Anthem Inc, America’s largest health insurance company settles litigation over hack of 79 million people’s accounts for $115 million

June 24, 2017

Reuters reports in Anthem to pay record $115 million to settle U.S. lawsuits over data breach a resolution of a class action arsing out of a massive data breach of 79 million individuals’ personal information.

The Plaintiffs’ website announced that the court will consider the settlement on Read the rest of this entry »

Ponemon Institute releases 2017 Cost of Data Breach around the world

June 22, 2017

The cost of data breaches can be catastrophic.  The BBC reports that a South Korean web hosting firm, Nayana, has paid $1 million that had been the subject to a ransomware attack.  The hackers initially wanted $4.4 million payable in Bitcoin.  The orthodox advice is not to pay the ransom.  The reality is more mixed.

Ponemon has released another very useful report, this time on the cost of data breaches.  It is titled 2017 Cost of Data Breach Study Global Overview.

Some interesting findings include Read the rest of this entry »

The Australian Competition and Consumer Commission sends warning about phishing

June 20, 2017

The Australian Competition and Consumer Commission (ACCC) has issued an alert about phishing scams stating that so far this eyar there have been 11,000 reports and a loss of $260,000.  Given under reporting is the norm it is likely that the losses are much greater.

The media release provides:

The ACCC is warning people to stay alert to ‘phishing’ scammers pretending to be from well-known businesses and government departments trying to con unsuspecting victims out of their personal information and money. Read the rest of this entry »

Personal information of nearly 200 million US citizens exposed on line in massive data breach…courtesy of third party provider’s lax cyber security system. Familiar story.

Data breaches by third party providers, usually contractors, is becoming a chronic problem. Weaknesses in the cyber security of smaller contractors have allowed hackers to access large corporations sites, such as with Target in 2014, or access large companies personal information and information property, such as the theft of a season of Orange is the new Black.  With the maturation of the data analytics industry and the increasing sophistication of algorithms the processing of data is increasingly Read the rest of this entry »

Australian Law Reform Commission releases long awaited report on elder abuse

June 15, 2017

The Australian Law Reform Commission has released a comprehensive report on Elder Abuse – A National Legal Response.  For legal practitioners the relevant recommendations  include Read the rest of this entry »

UK Information Commissioner’s Office fine Gloucester City Council 100,000 pounds for exposing personal information to cyber attack

June 14, 2017

It is a critical part of maintaining data security to address vulnerabilities on a website as and when they become known.  That is requirement is included in all guidances put out by privacy commissioners.  Usually it is fairly straightforward task, updating programs, installing patches when a vulnerability is identified and responding to notices about threats.  Organisations should, but rarely, organise penetration testing.  In the United States there is a culture of engaging white hat hackers to test the cyber defences of government and organisations.

But protecting from well known vulnerabilities has to be a necessary minimum.  As The Gloucester City Council will now realise having been fined £100,000 for failing to repair a vulnerability, the Heartbleed flaw in software, in the council’s website.  This failure Read the rest of this entry »

‘LP’ v The Westin Sydney (Privacy) [2017] AICmr (7 June 2017): APP 3.5 and 12, secret recording of telephone conversation by The Westin

The Privacy Commissioner handed down a decision finding that the The Westin Sydney interfered with the complainant’s privacy in LP’ and The Westin Sydney (Privacy) [2017] AICmr 53.  The Westin was found to have interfered with the privacy of LP by recording his telephone conversation without advising him beforehand.  It is a decision that has not been publicised.  That is a shame and quite different to the practice by the Information Commissioner in the United Kingdom and the Federal Trade Commission in the United States.  It is a practice failing by the Australian Privacy Commissioner.


LP  booked a room at The Westin. On the afternoon of 17 January 2016, he arrived and checked in. The Westin employee who handled his check-in informed him that there would be a 10 to 20 minute delay until his room became available.  While LP was waiting in the hotel’s executive lounge he received a call on his mobile phone from a Westin employee who advised that the preferred room was not be available until later that afternoon. LP was then asked whether he wanted to wait for a similar room on a different floor, or if he would prefer an alternate smaller room on the same floor that was available immediately. LP agreed to accept the alternate room, but was unhappy [4].

LP subsequently complained to The Westin about his treatment, including the unavailability of his preferred room. While responding to this complaint, on 18 January 2016, the Executive Assistant Manager of The Westin referred to the recording of LP with a Westin employee. LP had been unaware that The Westin had recorded the call [5].

On 19 January 2016, LP emailed Read the rest of this entry »

Hong Kong Privacy Commissioner investigates loss of computer notebook containing names

June 12, 2017

The loss of computers containing personal information is an all too common event. I have previously written a post on the UK Information Commissioner’s Office taking action for loss of a lap top.  It is a serious problem because notebooks,  a common if not preferred form of computers for many workers, can be easily lost or stolen.  They can store large amounts of sensitive data.  While theft and loss is a problem the bigger problem for organisations is the lack of security in the storage of data.  Poor training results in more data being kept than is required, the data is not properly encrypted and computers are not properly password protected.

The Hong Kong Privacy Commissioner has conducted an investigation and today published a detailed report on the Loss of Notebook computers which contained personal data of election Committee Members and Electors.  The amount of data on 2 computers that were lost is significant, 1,200 Election Committee members and 3.78 million electors. Some of the data was Read the rest of this entry »