Privacy (Credit Reporting) Code 2014 variations approved by Australian Information Commissioner

June 5, 2018

On 8 December 2017 Price Waterhouse Coopers, better known as pwc, undertook a review of the Privacy (Credit Reporting) Code 2014.  On 29 May 2018 the acting Information Commissioner and Privacy Commissioner has approved variations to the Privacy Credit Reporting Code 2014.

As a result of that review the Commissioner has amended the following Read the rest of this entry »

Privacy Commissioner seriously disappoints with the Centrelink investigation

June 4, 2018

It is hard to be more disappointed with the Privacy Commissioner given the consistently inadequate determinations and tepid regulation.  But the Acting Commissioner has managed to show that with time and effort even more dreadful decisions are possible in privacy regulation in Australia.  That is amply displayed in the Commissioner’s response to the Centrelink release of personal information about a Ms Fox who wrote an article critical of Centrelink’s automated debt recovery system as it was used upon her.

The Commissioner’s “concluding statement” Read the rest of this entry »

UK Information Commissioner fines University of Greenwich 120,000 pounds for serious security breach

The comparison between Australia and the UK on data protection comes into sharp focus with the Information Commissioner’s announcement that the University of Greenwich has been slugged a £120,000 fine for a data breach which involved 20,000 people, including students and staff.

The breach involved a microsite set up in 2004, not closed Read the rest of this entry »

Barnaby Joyce lodges complaint about exposing his relationship with Vick Campion

May 28, 2018

The Australian reports that both Barnaby Joyce and Vikki Campion have lodged a complaint with the Australian Press Council against the Daily Telegraph for breaching their privacy.

At the time the story broke I thought that Campion had a fairly good chance of bringing a privacy action, even an injunction, against the Daily Telegraph relying on the equitable claim of misuse of private information.  The problem was the story ran, and ran and ran and with each lap of the oval the chances of bringing a successful claim diminishes.   Joyce’s conduct in giving interviews, then calling for privacy, then calling for privacy while giving interviews makes any claim in equity difficult.

It helps little that the media apply little analysis to the privacy issues involved in this situation.  Caroline Overington’s piece, Barnaby Joyce has made his son Sebastian public property, is breathtakingly foolish in the privacy rights of the Joyce-Campion’s child.  The article seems to be a half baked attempt at being ever so witty.  But there is a real dark side to it, one that reveals the breathtaking ignorance that many in the media have about basic privacy principles. Such as the statement:

The Joyce affair led to a new Ministerial Code of Conduct, a new rule, that prevents fraternisation between ministers and their staff.

It’s a political story, and he’s going to sell it.

It’s an ugly situation, unimaginable even a generation ago. And the ramifications for Sebastian are serious: this gives the media license to continue to report on the Joyce marriage, its breakdown, the new relationship, forevermore.

Like it or not, this child’s story is now public property. It’s been put up for sale, for the public’s consumption.

(emphasis added)

The child’s story, as in about the child rather than Joyce/Campion, is not public property.  It is a useful assertion for the media, but matters relating to the child are private, not political and certainly not public.

A complaint to the Press Council is of some moment to some media insiders.  It has no power to make orders compelling a member to do anything.  As it says:

The Council has no power to order compensation, fines or other financial sanctions. Where a complaint is upheld, the adjudication may also include a reprimand or censure, and may explicitly call for (but not require) apologies, retractions, corrections or other specified remedial action by the publisher. The Council may also call for specific measures to prevent recurrence of the type of breach in question.

For those who feel their privacy has been invaded and want real and substantial action the Press Council is of little use.  Unfortunately Read the rest of this entry »

Government announces continued interest in decryption legislation

May 18, 2018

ZdNet reports that the Commonwealth Government is still intent on legislating a power to access encrypted communications.  It will be fascinating to see how this is done legally. But legality is just the easy bit.  How does an Australian Government force an offshore entity to hand over its key or require Read the rest of this entry »

The UK Information Commissioner raises the concerns about the “staggeringly inaccurate” face recognition systems used by the police

May 16, 2018

Facial recognition technology has long been touted as an effective tool in crime prevention and investigation as well as important for national security.  It is also touted as a way of improving efficiency in business and through social media.  Unfortunately the hype does not match the facts.  The algorithms and the quality of images that power facial recognition technology are often below par leading to many false positives.  The technology is also plagued by Read the rest of this entry »

Byrd v United States: a further decision by the US Supreme Court on reasonable expectation of privacy under the Fourteenth Amendment

The US Supreme Court in Byrd v United States, by a unanimous decision, restated that a strong belief in the privacy rights under the Fourteenth Amendment.  It is an important decision on reasonable expectations of privacy but does not change the approach taken by the court on such issues.


In September 2014, Pennsylvania State Troopers pulled over a car driven by  Terrence Byrd. Byrd was the only person in the car. In the course of the traffic stop the troopers learned that the car was rented and that Byrd was not listed on the rental agreement as an authorized driver. The car had been rented by a Latasha Reed.  The car was searched where in the trunk the troopers found body armour and 49 bricks of heroin.  The troopers did not believe they needed consent to search the car.

Read the rest of this entry »

Government announces the opt out window of 16 July – 15 October 2-18 and the guide to the secondary use of My Health Record system data

May 14, 2018

The My Health Record program, providing a summary of one’s personal health information which can be shared with health providers, has not been a public policy success story. The pick up rate has been poor, with about 20% covered but according to the article in last year’s Conversation  Why aren’t more people using the My Health Record? it has only been used by a small percentage of consumers and not even to its intended capacity.  It is not popular with the likely users of the system, general practitioners and hospitals who regard it as not fit for purpose.  The privacy concerns regarding the My Health Records system have been long standing with articles highlighting the problems in 2015.  There is considerable distrust of the system and its vulnerability to data breaches. particularly given Read the rest of this entry »

UK Information Privacy Commissioner releases comprehensive guide for lawful basis for processing data under the General Data Protection Regulation

The issue of consent is very significant under all data protection acts, not least the Australian Privacy Act 1988.  The UK Information Commissioner has released its guidance on consent.  While it is directly applicable to the obligations under the General Data Protection Regulation (the GDPR) the contents will be of use in the Australian context.  Issues relating to consent are common across jurisdictions and the UK Information Commissioner’s guidances are generally Read the rest of this entry »

Another way one of the big Tech companies, this time Google, harvest data exposed

It is trite to say that Google lives off data.  That is the blood that flows through its veins and makes it the financial behemoth it is today.  It is not particularly discerning about how it gets data as Oracle has highlighted to the Australian in quite an impressive exclusive report We’re paying telcos to help Google spy on us.  Those using Android devices on smart phones have, according to Oracle, been transferring data to Google.  Worse still, telcos appear to be transferring data to Google for payment.  Google claims there has been consent, a truly vexed issue in privacy documents and permissions.  That side of the story needs more information. The story has also been covered by Read the rest of this entry »