Peter A Clarke

In a constantly changing world there are a few certainties.  One is that the Victoria Police LEAP database will continue to be abused with personal information of Victorians accessed without authorisation and, occasionally (or more often), leaked to those who find such information invaluable; criminals, private investigators and unscrupulous debt collectors to name just a few usual suspects.  In Cops still using LEAP database to snoop on people the Herald Sun today reports that the more things stay the same the more things stay the same. Breaches of the LEAP database has previously been reported by Read the rest of this entry »

SBS radio has recently had a program  on the impact of the new amendments to the Privacy Act on 12 March 2014 in Do new privacy protection laws go far enough?

The points made are familiar to those who practice in the privacy sphere, so to speak.  The changes are far from comprehensive and a selective adoption of the Australian Law Reform Commissioner report.  Very much a curate’s egg – good in parts.  The Act will remain inadequate but if properly and effectively regulated it should should dramatically improve privacy protection in so far as it covers the handling of personal information. The current Privacy Commissioner is quite active.  Far more active than his predecessors. But now he has real enforcement powers and a business environment that is only partially compliant (and hardly likely to be in any better shape before 12 March) the real test is how he uses those powers.

It provides:

While millions Read the rest of this entry »

Phones, cameras and the ubiquitous USB stick pose a real and growing problem for organisations trying to maintain data security.  The storage of data on those devices as well as photocopiers can easily become a data breach if they are not wiped clean when decommissioned.  The growing phenomana of BYODs and the development of the internet of things makes this problem as big a data risk as a hacking attack.

The UK Information Commissioner’s office has provided some helpful hints on how to deal with personal information left on mobile devices in their now many incarnations with Deleting your data from computers, laptops and other devices.While the ICO goes through the various options if an organisation is upgrading its mobiles or laptops serious consideration should be given to Read the rest of this entry »

Data security is a key issue in the regulation of privacy.  Security from hacking is the prominant issue for web sites.  Direct attacks can be difficult to protect against but not as complex as third party access.  In Contractor creds used in Target hack itnews reports that the massive breach of Target’s data occured because of stolen log credentials of a third party, an air conditioning contractor.  Net result a loss of records of 110 customer payment cards and personal records.  This poses a dilema for large organisations which use third parties, often smaller operations with less sophistacted IT system and protection.  The changes to the Privacy Act in March requires organisations to maintain adequate security.  Take reasonable steps in fact. If an organisation is concerned about the security of its contractors it will have to take steps to restrict their access to its site or require the contractors to upgrade their security.  The consequences of a Read the rest of this entry »

Even though the article is titled Internet privacy: how Australia’s new laws will work the Guardian piece is, properly, about the general changes to the Privacy Act.  In my recent experience the reaction from those who should be most concerned about making sure they are compliant is a weary “meh”.  Almost as if – it wasn’t a problem in the past why should it be a problem into the future.  The analysis is flawed of course.  Previously the Privacy Act had little impact on businesses covered by it because the powers available to the Privacy Commissioner were very limited and any exposure to penalty so slight as to be almost academic.  As of 12 March the regulatory landscape will change from peaceful meadows to tangled weeds and steep cliffs for organisations Read the rest of this entry »

Forbes reports that Mark Zuckerberg’s apparent softening on privacy, at least as far as supporting anonymity, in  Zuckerberg’s Embrace Of Anonymity Marks Shift In Attitudes Toward Privacy.  It may be a nuanced change but a step, even if of the micro variety, is to be welcomed.  As the article ponders, the proof is in the eating.

The article provides:

In an interview with Bloomberg BusinessWeek on Thursday, Facebook CEO Mark Zuckerberg admitted that he thought it was “somewhat of a burden” if you are “always under the pressure of a real identity.”

If anyone else had said something so obvious it would be completely unremarkable.  But coming from the same person who once threatened “the age of privacy is over” and having Read the rest of this entry »

The California Assembly passed the Bill 1256 (AB 1256) – Privacy and Buffer Zones and Bill 1356 (AB 1356) – Stalking Reform last week. Both Bills were the product of the work of the Paparazzi Reform Initiative.

The Privacy and Buffer Zone Bill provides:

The Guardian in Microsoft, Facebook, Google and Yahoo release US surveillance requests reports on a slight but important increase in transparency about data given to US Surveillance agencies pursuant to secret court orders.  A small start in getting more transparency which is Read the rest of this entry »

The Age has again run a story on the impending changes to the Privacy Act with Privacy deadline nears: are you ready? Twelve March 2014 is looming closer and closer and in my observation the level of preparadness is quite patchy.  Given the scope and depth of what will now be required, particualrly for those involved in providing credit (a broad term as defined in section 6G of the Privacy Act), this is a worry.  If the Privacy Commissioner adopts an assertive approach to regulation there could be some reputational damage and financial outlays on the part of chastened organisations. The key will be the approach taken by the Privacy Commissioner.

The article provides:

Australian companies have just weeks to get their data collection, storage, management and disposal practices in order before several changes to the privacy regime come into effect.

On March 12, the Information Privacy Principles and National Privacy Principles, which apply to federal government agencies and businesses respectively, will be replaced by 13 Australian Privacy Principles (APPs).

The APPs require organisations to be Read the rest of this entry »

Mobile Apps are all too often the weak link in privacy protections.  This has well been well recognised by regulators.  It was the subject of a communique, known as the Warsaw declaration on the “appification” of society. In Track Star Slate reports on iBeacon being used with third party apps to track users.  The beauty of the article is, using a popular app Shopkick, it demonstrates how intrusive the data collection process is and how misleading and, effectively useless, the privacy policies are.  The problems identified in the article regarding privacy policies would probably not be compliant with the Australian Privacy Principles.  In Australia the issue would be that most app developers, especially the start ups, aren’t covered.  They don’t gross more than $3 million per year.  That is a huge problem because Read the rest of this entry »