Data breach of personal information of NSW Ambulance officers results in class action and settlement of $275,000

December 25, 2019

The data breach of personal information relating to New South Wales Ambulance officers in 2016 has had its conclusion in the resolution of a class action in the New South Wales Supreme Court earlier this month.  One hundred and six officers will receive a total of $275,000. The breach was egregious, being the workers compensation files of a officers including psychiatric assessments.   It was originally reported in the Sydney Morning Herald in November 2017 in Paramedics launch class action over the sale of their medical records to personal injury solicitors.

It is notable for being the first privacy class action which has been resolved. It highlights the need for employers to be rigorous in controlling access and use of personal information they collect, particularly sensitive information.

The success of the class also highlights what has always been known, there is scope to take action for interferences with privacy.  Notwithstanding Read the rest of this entry »

Medicare details of former Australian Federal Commissioners for sale on dark web..the consequences of data breaches are ongoing

December 18, 2019

On 4 July 2017 the Guardian reported that Medicare card details were being sold on the dark web. As at July 2017 the vendor had sold details of 75 Medicare card details since the previous October.   In May of this year the Guardian reported that Medicare details were still being offered for sale on the darknet.  That should not have been a great surprise.  The personal information available from Medicare details is very valuable in engaging in identity theft and the ability of law enforcement to identify the thieves is often limited.  Even if an identity is established more often than not, by a wide margin, it is almost impossible to arrest that person because he (it is almost always a he) is domiciled in a country with a shaky legal system or with a government which connives in the fraudulent activity.

The ABC reports in Medicare card details of former Australian Federal Police commissioners available on dark web that the personal information of former Australian Federal Police Commissioners, Keelty, Negus and Colman contained in their Medicare details have been sold on the darknet. The fact that the former Commissioners personal information is being sold is no more egregious that the personal information of other individuals.  It is an interesting angle for the story. The key takeaway from the story is Read the rest of this entry »

Reception to Government response to Digital Platforms enquiry is decidedly mixed

December 17, 2019

It was not coincidental that the Government chose a Thursday less than a fortnight before Christmas to release its response to the ACCC’s Digital Platforms Report (my post about the Response is found here).  It does not appear as cynical as releasing it this week when the country is either frantically trying to extract an extra hour in the day to clear the desk to leave for Christmas with a clear(ish) or enjoying Christmas drinks/lunches/what have you’s. So last Thursday was a good day and a great week to release an at best cautious and limited response which could easily be interpreted through more pessimistic lenses to a very thorough and robust report by a highly regarded regulator.  There is a high level of distraction in the press and any negative stories will have a limited run as the lead up to Christmas will stop them gathering steam.

Notwithstanding the distractions the Response has elicited comment.  The media response has been decidedly mixed and generally sceptical with the Oz, with Digital inquiry: Wriggle room in regulating Big Tech, claiming that the response left a weak and insipid outcome for regulation of social media as a distinct prospect.  Given the Australian’s general distrust of regulation it has come out very strongly in favour of real and effective regulation of Google and Facebook (see Google and Facebook can’t be trusted to do right thing).  Hence the disappointment in its reporting, such  on ACCC digital platforms response: government delay as tech giants move on while Chris Merritt in the Oz is positively apoplectic about Read the rest of this entry »

Government’s response to Digital Platform Inquiry brings a direct right of action for an interference with privacy one step closer but puts off yet again a statutory tort for interference with privacy to another review

December 12, 2019

Today the Federal Government released its response to a the ACCC Digital Platforms Inquiry.

In relation to the recommendations relating to improving privacy protections it has been cautiously supportive, with emphasis on caution.  The positive outcome is that it supports giving individuals a direct right of action in court for interferences with privacy.

The overall response relevantly states Read the rest of this entry »

The ACT is having an annus horribilis on cyber security

December 2, 2019

The Australian National University announced earlier this year that it had been the victim of a cyber attack, for the second time in a year. Now there is an announcement that in 2018 there were two successful cyber attacks. The first breach involved the access to the ACT Government Directory on 23 November by a brute force attack.

Read the rest of this entry »

Model Defamation Bill released for consultation

The Defamation Act 2005 was due for a review in 2010.  Five years late the Council of Attorney Generals released, late last week a Model Defamation amendment.  The consolidated Act, if the amendments are implemented, are found here.  The New South Wales Attorney General has taken the lead in drafting the Bill.  That is not surprising given Read the rest of this entry »

Call to reform Privacy Act because of data haul by Google and others

November 11, 2019

Even after writing about privacy for a decade and more, it still never ceases to amaze me that media write in breathless tones about the problem with organisations using and misusing data and personal information as if it was some form of revelation.  The only thing that has changed has been the great efficiency in the misuse.  The latest offering is the Australian’s piece Giants’ data haul sparks call to reform privacy act which is a bit of a spruik dressed up as an article for a conference to be hosted by the Consumer Policy Research Centre on 19 November 2019.

The chief executive is calling for “urgent reform of the Privacy Act” to better protect consumers.  She also wants a Consumer Data Right.  The call to reform the Privacy Act is misconceived.  There is no point increasing the powers of Read the rest of this entry »

The Office of the Victorian Information Commissioner releases its Annual Report for 2018 – 19

October 22, 2019

The Office of the Victorian Information Commissioner (OVIC) has released its 2nd annual report.  The transition from separate privacy commissioner and Freedom of Information Commissioner offices to a combined office seems to be working.  It was inevitable after a similar approach has been taken at a Federal level and in Queensland and New South Wales.

The remit of OVIC is limited to public service agencies.  Enforcement action is limited with compliance notices being the most serious action that can be taken.  The Privacy and Data Protection Act makes the OVIC a gatekeeper in any action taken under the Act in VCAT.  That has been problematical.  As with the Federal Information Commissioner, much is made of the conciliations and finalising of complaints but little is published about the nature of the breaches and what remedial action is taken beyond a few case studies in the Annual Report.

The Information Commissioner, Seven Bluemmel, has proved to be a very active participant in the various privacy seminars throughout the year and has hosted seminars on a fairly regular basis.  Generally they are of Read the rest of this entry »

Senior constable of Queensland Police convicted and receives suspended sentence for releasing personal information of domestic violence victim to ex husband

October 15, 2019

The ABC, Guardian and Nine/Fairfax press reports on a Queensland Police Officer, Senior Constable Neil Punchard, who has been convicted and been sentenced to 2 months jail, wholly suspended for 18 months, for leaking personal information of a woman to her ex husband in 2016.  Punchard accessed information relating to the victim on 9 occasions, hence the 9 charges of Read the rest of this entry »

The Australian Information Commissioner releases a Guide to health privacy

October 12, 2019

The Australian Information Commissioner has recently released a Guide to Health Privacy.  At over 50 pages it is quite comprehensive.  It is less equivocal than previous guides published by the Information Commissioner.  That is not to say it does not descend into vague generality more than it should. The Commissioner’s guidelines have no force of law under the Privacy Act 1988.  That obvious fact has been stated by the Administrative Appeals Tribunal and the Federal Court.  As they are not regulations their use as a legal document is relatively limited.  They do however serve as a standard which the Information Commissioner expects agencies and organisations to follow in order to comply with the Privacy Act.

While some of the Commissioner’s previous and current guidelines are so vague, rubbery and equivocal as to be of little use that is not really the key regulatory issue.  The problem has always been the reluctance by the regulator in taking enforcement action.  That has been a 30 year problem. The powers available to the Commissioner have grown over the years.  That has not been matched by Read the rest of this entry »