Federal Trade Commission imposes $5 billion penalty and says it imposed sweeping new privacy restrictions

July 26, 2019

The Federal Trade Commission (FTC) has formally imposed a $5 billion fine on Facebook arising out of its breach of the 2012 FTC order.  The breaches related to sharing of data with third party users, to wit making that information available to Cambridge Analytica, as well as launching Privacy Shortcuts and Privacy Checkup in 2014 which were supposed to help with managing privacy settings but did not disclose Read the rest of this entry »

Equifax settles its 2017 data breach with the Federal Trade Commission for at least $575 million

July 22, 2019

It is something of a myth that there is no privacy and data protection regulation in the United States.   In the United States privacy and data protection in certain sectors, such as health and finance, is the subject of comprehensive regulation and the authorities are not afraid to enforce the law.  Another area of strong regulation is consumer protection with the Federal Trade Commission using its powers to litigate, enter into onerous and long term enforceable undertakings and levying heavy fines for breaches.

The most recent example of the FTC wielding the very big regulatory stick is its proposed settlement with Equifax to settle its complaint regarding its 2017 data breach which affected approximately 147 million people. The FTC brought a formal complaint in the US District Court. As is common the FTC alleged a misrepresentation as to protecting privacy, providing security and confidentiality of personal information.

Today in a 74 page proposed settlement Equifax has agreed to a judgment being entered against it in the sum of $425 million.   Of that $300 million will Read the rest of this entry »

Omar Property Pty Ltd & Others v Amcor Flexibles (Port Melbourne) Pty Ltd [2019] VSC 446 (3 July 2019); discovery, content of pleadings and redactions

In Omar Property Pty Ltd & Others v Amcor Flexibles (Port Melbourne) Pty Ltd [2019] VSC 446 the Supreme Court, per Mukhtar AsJ considered the principles of ambit of discovery and the use of redactions in a hard fought discovery application.

FACTS

The five-day trial dated was vacated because of three intervening discovery fights [1].

This decision related to the first fight.

The proceeding is a dispute over a commercial lease of industrial premises. The question is whether the defendant has validly exercised an option to renew its lease or is entitled to renew the lease. The plaintiff says Read the rest of this entry »

UK Information Commissioner intends to fine Marriot International 99 million pounds and British Airways 183.39 million pounds. The GDPR bites for data breaches

July 16, 2019

With the General Data Protection Regulation in force in the United Kingdom the Information Commissioner has greatly enhanced powers to fine those who breach data protection laws.  And in that vein the Commissioner announced on 8 July 2019 an intention to fine British Airways £183.39 million for a data breach in September 2018 which resulted in personal information of 500,000 were compromised.  As is often the case investigation after the breach revealed Read the rest of this entry »

Federal Trade Commission to settle complaint with Facebook over privacy breaches for $5 billion.

July 14, 2019

Although the Federal Trade Commission (“FTC”) has not made a formal announcement the detailed reporting of the deliberations and voting by FTC Commissioners in favour ( 3-2) make it almost certain that once the civil division of the Justice Department approves the settlement, an almost certainty, an announcement will be formally made and Facebook will be liable to pay $5 billion. The Wall Street Journal broke the story with FTC Approves Roughly $5 Billion Facebook Settlement

Wired has undertaken a comprehensive report of the saga, which started with the FTC opening its investigation in March 2018, a week after the Cambridge Analytica scandal broke.  

The problem Facebook faces Read the rest of this entry »

Commonwealth Bank enters into an enforceable undertaking with the Australian Information Commissioner. A weak and ineffective regulatory response to serious data breaches.

July 2, 2019

On 27 June the relatively new Information Commissioner signed off on an enforceable undertaking with the Commonwealth Australia Bank arising out of 2 data breaches, the first involving the loss of 2 magnetic data tape containing what the Information Commissioner customer statements relating to 20 million customers in 2016.  The CBA was not able to work out whether the records were destroyed or something else came of them.  The second breach arose in August 2018 with sensitive information being available to those who were not able to access that material. This enforceable undertaking was entered into with the CBA already the subject of a very critical APRA report on the CBA’s risk management and reactive approach to compliance.  The CBA entered into a enforceable undertaking from the CBA in early May 2018.  And yet the CBA was involved in a second data breach 3 months later, in August 2018.  What does that say about CBA’s commitment to risk management?

There is a contrast in styles between the Information Commissioner’s media release and that of the Bank.

The Commissioner’s media release reads Read the rest of this entry »

Jeremy Lee v Superior Wood Pty Ltd[2019] FWCFB 2946; Full Bench of the Fair Work Commission considering breach of the Privacy Act, biometric data, unfair dismissal

July 1, 2019

The Full Bench of the Fair Work Commission recently handed down a very important decision in Lee v Superior Wood Pty Ltd [2019] FWCFB 2946 regarding the application of the Privacy Act. The Full Bench undertook a careful analysis of the Act and applied the Australian Privacy Principles (the APPs) to the facts in the context of an unfair dismissal claim, in this case appeal from a Commissioner at first instance.

The Facts

Superior Wood operates two sawmills at Melawondi and Imbil [2] in Queensland. It had approximately 150 employees, 80 of whom, including Lee,working at the Imbil site. Lee was employed as a casual general hand and worked for  3 ¼ years. Superior Wood is Read the rest of this entry »

Landmark White considers sale as cash runs out. The reputational effect of data breaches.

June 25, 2019

The focus of reporting on data breaches is on the personal information which is taken, potentially to commit fraud and the distress that others have that information without permission.  What is less reported is the potentially catastrophic effect data breaches may have on an business’ prospects, if not survival.  

In the United States Retrieval – Masters Creditors Bureau filed for Chapter 11 bankruptcy protection after it suffered a data breach in March.  The fallout from the data breach has been described as creating a “cascade of events” with led to the bankruptcy.  In Australia the Australian Financial Review (AFR) has reported that Landmark White is considering a full or partial sale of its business as it suffers a liquidity crisis caused by its second suspension by its lender clients.  In both cases the Read the rest of this entry »

Tim Cook’s Commencement address at Stanford puts privacy front and centre of the current technology debate

June 24, 2019

Amongst the big 4 tech giants in their own given areas, Microsoft, Google, Facebook and Apple, Apple has made the strongest public stand on protecting its users privacy.  It too a stand as a civil rights issue in protecting privacy when in in 2016 when it refused to assist the FBI in in cracking a password on an iphone owned by a terrorist.  That included fighting the FBI in the Federal Court.

Facebook’s recent pivot to a privacy friendly future with the statement A Privacy-Focused Vision for Social Networking in March has been treated with some scepticism when the Guardian recently reported that Zuckerberg knew of poor privacy practices associated with the Cambridge Analytica scandal.  The evidence, emails uncovered by the Federal Trade Commission in its investigation as to whether Facebook has breached a 20 year consent decree, which it almost certainly has.  Facebook has reportedly set aside $3 billion in anticipation of a record fine from the FTC though the figure could be as high as $5 billion.  Today Facebook through Read the rest of this entry »

Australian Catholic University suffers a data breach…another university gets hacked

June 17, 2019

Earlier this month the Australian National University suffered a data breach, see my post here.  Now the Fairfax press reports in Australian Catholic University staff details stolen in fresh data breach that the Australian Catholic University has suffered a data breach where personal information has been stolen.  The hackers Read the rest of this entry »