Data breach by the Australian Federal Police involving journalist metadata

April 28, 2017

The Australian Federal Police have self reported on a data breach involving a journalist’s metadata.  The breach was accessing the data without first obtaining a warrant  It is reported by the Fairfax press at Police illegally obtained journalist’s phone records under new metadata retention regime and the Guardian at Federal police admit to accessing journalist’s metadata without a warrant.  The ABC reports on it at AFP officer accessed journalist’s call records in metadata breach.

There was always a problem with the journalist exception in the  Telecommunications (Interception and Access) Act 1979.   The exception was Read the rest of this entry »

Drones and privacy

April 27, 2017

Privacy practitioners have known for some time that drone technology’s rapid development has been impacting the privacy of individuals at an increasing rate.  The common law is quite moribund and completely inadequate to meet the challenge.  The legislation, such as there is, is Read the rest of this entry »

Public patients medical letters found in bin in Sydney in yet another privacy breach involving the health industry

April 21, 2017

Health privacy breaches are generally egregious.  The nature of the information is highly sensitive and extremely private. One would think that the breaches are rare to the point of extraordinary.  Yet they are not.  They are depressingly common.  And usually caused by poor document/data management.  Such as properly disposing of documents when appropriate.  Not so apparently given the dumping in a Sydney bin of 1000 medical letters involving the personal information of 700 public patients.  It is reported in Patient privacy breach: over 1,400 medical letters found dumped in Sydney bin.

The culprit appears to be Read the rest of this entry »

The reality of cyber security and attacks

April 19, 2017

In the 8th April edition of the Economist there are two brilliant articles that sum up the problems and dilemas with cyber security, How to manage the computer-security threat and Why everything is hackable.  It should be required reading for anyone interested as to how the problems with cyber security arose and how difficult it is to deal with.  The Australian in a somewhat breathless piece Big business and key agencies are now under ‘daily’ cyber attack  reports that Read the rest of this entry »

Government marks the anniversary of the Australian cyber security strategy

In today’s Australian the Prime Minister has an opinion piece, Towards a safer online world for Australians at every level, dealing with the Government’s cyber security strategy.  It marks the first anniversary of the launch of Australia’s Cyber Security Strategy. The article is Read the rest of this entry »

Fingerprint sensors causing data security problems…sometimes cutting edge is too much

April 12, 2017

Password protection in privacy and data security law and practice is a vexed subject.  Single factor authentication, in the form of a password, is increasingly regarded as inadequate.  The common problem is Read the rest of this entry »

Privacy breaches by Victorian Education Department

April 11, 2017

While government agencies are more systematic in their approach to document management and privacy that doesn’t mean they are particularly good at it.  They are better than many private sector organisations but that is not a ringing endorsement by any means.

In Confidential student details published in Education Department blunder the Age reports on an extraordinary privacy breach where personal information of students who have self harmed and been the subject of bullying or their medical conditions were published on the Victorian Education Department website.  In some Read the rest of this entry »

Senate Committee breaches privacy with disclosure of confidential information

April 9, 2017

That leaks are synonymous with politics is trite.  That a fair proportion eminate from Parliament is hardly controversial.  But those sort of leaks are politically motivated and the source is invariably anonymous.  Otherwise they tend to be self defeating.  The Senate Foreign Affairs, Defence and Trade references committee has leaked sensitive transcripts of witnesses giving evidence in camera regarding Read the rest of this entry »

Singapore Personal Data Protection Commission

April 6, 2017

Anonymisation of data is a real challenge for both those wishing to use data for research and those who control it.  Data is anonymised to allow it to be used in more ways than it could be in its original state. Often it is not necessary to have personal identifiers in the research. There is a school of thought that holds that it is impossible to anonymise data.  That technology, in particular the use of algorithms and big data make it impossible not to reconstruct data.  That has not been tested with any certitude.  The usual problem with anonymisation is the crudity of the methodology generally and sometimes the sheer incompetence.

It is a key issue in cyber security and compliance with privacy obligations.

The Singapore Privacy watchdog has released guidance on anonymisation.  Under the guidelines there are Read the rest of this entry »

Banks vulnerability to cyber security breaches

In early January 2017 the BBC reported on the prediction by Professor Richard Benham, the Chairman of the National Cyber Management Centre that “A major bank will fail as a result of a cyber-attack in 2017 leading to a loss of confidence and a run on that bank.” Professor Benham was concerned about the poor state of cyber security practices, regulation and governance in the UK system.  Given that the financial sector is generally Read the rest of this entry »