March 10, 2014
The Target breach in the USA has been described as a tsunami of privacy breaches, the 9/11 of data security and any other number of hyperbolic monikers. It is clearly a catastrophic breach of security and a serious invasion of privacy. It has caused a shake up in privacy protection and a wake up call on the need to improve standards. There have been a range of lessons gleaned from the event; ensuring data security of third party contractors (through which hackers entered Target), separating data within sites, maintaining appropriate levels of data security, monitoring traffic of sites and the list goes on.
The issue raised by the Washington Post in No consensus on how to notify data breach victims is the patchwork of laws through the USA regarding notification of data breaches to those whose personal information was leaked. In the US most states have some form of mandatory data breach notification. But they are not uniform on how they operate, as the article makes clear. Compare this to Australia where Read the rest of this entry »
Posted in Privacy, Privacy Articles
|
Post a comment »
The use of drones to drop contraband into jails has been a recent trend internationally (see youtube report here). The trend has become actuality in Melbourne, Australia with an attempt to drop drugs into the Remand Centre via drone. The Age reports on the attempt in Arrest after ‘drone with drugs’ nabbed near Metropolitan Remand Centre. The article provides:
Police have intercepted a drone Read the rest of this entry »
Posted in Privacy
|
Post a comment »
March 8, 2014
The US Federal Trade Commission and the UK Information Commissioner’s Office have signed a memorandum of understanding to promote increased co operation as part of increasing consumer privacy.
The media release (with pictures found here) provides (absent photographs):
The U.S. Federal Trade Commission signed a memorandum of understanding (MOU) with the Information Commissioner’s Office (ICO) of the United Kingdom today to promote increased cooperation and communication between the two agencies in their efforts to protect consumer privacy.
The MOU was signed by FTC Chairwoman Edith Ramirez and the UK’s Information Commissioner and Chief Executive, Christopher Graham. It is designed to bolster their privacy enforcement partnership at a time when more and more consumer information is moving across national borders, increasing the need for cross-border enforcement cooperation.
“As consumer data increasingly crosses borders, the FTC needs to be able to work with privacy enforcers around the globe Read the rest of this entry »
Posted in Federal Trade Commission, General, UK Information Commissioner's Office
|
Post a comment »
March 7, 2014
Drones were the subject of a significant discussion by the Standing Committee of Social Policy and Legal Affairs on 28 February 2014. The transcript of the roundtable is found here (with the privay discussion being found at pages 40 – 53). The Australian in CASA rejects drone control role has a report on that discussion in its Aviation section. The article makes clear that CASA wants nothing to do with policing any privacy laws that may regulate drones in the future. Which is very sensible. CASA has a very clear defined role and privacy protections is not within that bailiwick. The rapid uptake of drone technology poses a multi agency challenge. As with the United States of America an overhaul of the regulations is required. On the legal front the current law is utterly inadequate to provide privacy protections from the misuse of drone technology. The legislature is barely rousing itself to deal with these issues. The problem is that the technology is not stopping for anyone.
The article provides:
THE aviation regulator has said it has no interest Read the rest of this entry »
Posted in Privacy, Privacy Articles
|
Post a comment »
There has been some critisism about the effectiveness of the Guidelines to the APP. That has prompted quite a lively response from the Privacy Commissioner (found here). He rarely reacts so quickly and assertively to media reportage. It is important issue to clarify. The extent of work undertaken to comply by organisations has been uneven, to put it mildly. That has been a subject of reports over the last 15 months. Having mixed signals in the marketplace can only hamper regulatory compliance. Ultimately the assertiveness of the Privacy Commissioner will influence how compliant organisations really become.
The consultation details relevantly provides:
Significant amendments to the Privacy Act 1988 (the Privacy Act), made by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (the Privacy Amendment Act), commence on 12 March 2014.
The amendments include Read the rest of this entry »
Posted in Commonwealth Privacy Commissioner, Privacy
|
Post a comment »
The release of guides, policies and Codes is gathering pace ahead of E day, the day the amendments contained in the Privacy (Enhancing Privacy) Act 2012 takes effect, on 12 March 2014. As part of the process the Privacy Commissioner is seeking to update the Guide to undertaking Privacy Impact Assessments. The draft is found here. Comments are sought by 28 March 2014.
The Draft Guide provides, absent appendices:
Introduction to privacy impact assessments
About this Guide
The Guide to undertaking privacy impact assessments (the Guide) has been prepared by the Office of the Australian Information Commissioner (OAIC) to provide an overview of a process for undertaking a privacy impact assessment (PIA). The Guide is intended for use by both government agencies and private sector organisations.
The Guide sets out Read the rest of this entry »
Posted in Commonwealth Privacy Commissioner, Privacy
|
Post a comment »
March 6, 2014
How the Privacy Commissioner will approach compliance is a matter of some conjecture. He has put out a statement on enforcement. It is not the most clear cut and emphatic document one would read this year. Trying to devine an approach is challenging. Itnews reports in Privacy Act audits will consider infosec budgets that while the Privacy Commissioner will not accept laxity he will take into account the resources of a company when dealing withe breaches due to hacking attacks. There is always a danger Read the rest of this entry »
Posted in Privacy
|
Post a comment »
The Target breach has been described as a seminal event in the history of data security and hacking events to date. It has now led to Read the rest of this entry »
Posted in Privacy, Privacy Articles
|
Post a comment »
March 5, 2014
The amendments to the Privacy Act 1988 take effect on 12 March 2014. It is as much an issue for the Privacy Commissioner as organisations and agencies. While compliance will be a significant issue proper regulation and enforcement is as important. In the past Read the rest of this entry »
Posted in Commonwealth Privacy Commissioner, Privacy
|
Post a comment »
March 3, 2014
The Atlantic, the Economist and the New York Review of Books occasionally venture into a discussion about Privacy. The offerings are invariably of high quality and thought provoking. The New York Review of Books Can Privacy Be Saved? keeps to the excellent standard, if the heading is a touch on the cliche side.
It provides:
When the secretive Foreign Intelligence Surveillance Court (FISC) first authorized the National Security Agency in May 2006 to collect and search the telephone metadata records of every American—including every number we call, how often we call, when we Read the rest of this entry »
Posted in Privacy
|
Post a comment »