Peter A Clarke

The current focus on inadvertent data leaks is upon losing USB sticks and memory cards and the theft of  laptops. The Information Commissioner’s office reports that the loss of documents inadvertently left in a filing cabinet which was then sold to a member of the public is just as much a problem. In Prison service warned after Maze records sold at auction the ICO reports on the prison service of Northern Ireland selling a filing cabinet at auction. The person who purchased the filing cabinet found some very sensitive records regarding the inmate and prison officers. Given the reorganisation of the prison service, with the incident occurring under the watch of the predecessor, and that the incident predated the powers of the ICO to take stronger action the ICO issued a warning and the Department of Justice entered into an undertaking.

Recycling and selling old office equipment is not a new phenomanon.  There needs to be proper Read the rest of this entry »

CNN in high tech peeping drone terrifies woman has a report on a drone engaging in privacy invasive conduct.  In this case hovering near a window of a resident who was in a state of undress.  Such potential has long been acknowledged and the reality is here and reported upon from time to time.  This report highlights the actuality very starkly.

Protections in the US for an individual tend to be greater than Australia Read the rest of this entry »

Yesterday the US Supreme Court in Riley v California handed down a very important decision on privacy, regarding the right of a police officer to search digital information on a cell phone who had been arrested.   Earlier this month the Canadian Supreme Court handed down a privacy related decision in Spencer v R & ors regarding accessing internet search history from an ISP without a warrant.  Both are significant and will have a along lasting impact on their own jurisdictions and beyond.  Both should be required reading by those who want a more effective privacy regime in Australia. The underpinnings of each decision, the Bill of Rights in the US and the Canadian Charter and its privacy legislation, differ to those in existence in Australia but the principles and analysis are both apposite.

While a further analysis is required the key findings in Riley, a unanimous decision, are that:

 (a) a warrantless search is reasonable only if it falls within a specific exception to the Fourth Amendment ’s warrant requirement.

(b) the Court declined to extend the exception to searches of data stored on cell phones.  The Court generally determines whether to exempt a given type of search from the warrant requirement “by assessing, on the one hand, the degree to which it intrudes upon an individual’s privacy and, on the other, the degree to which it is needed for the promotion of legitimate governmental interests.” The search of digital information on a cell phone does not further the government interests  and implicates substantially greater individual privacy interests Read the rest of this entry »

The Washington Post has undertaken a fascinating and comprehensive 3 part report on drones  with

• part one: war zones;
• part two: domestic air space; and
• part 3: near misses.

The issues in the US are the same as those in Australia, a rapidly evolving technology which is finding more and more uses within the community and a near paralysis by Federal Government and regulators to deal with it.  In the US the States are stepping in, for good and bad, and regulating the use of drones in their jurisdictions.  In Australia the Civil Aviation Safety Authority has Read the rest of this entry »

Under the Privacy Act individuals should have the ability to either be anonymous or use a pseudonym when dealing with organisations or agencies except in some circumstances.  Australian Privacy Principle 2 encompasses this entitlement.  It provides:

2.1 Individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with an APP entity in relation to a particular matter.

2.2 Subclause 2.1 does not apply if, in relation to that matter:

a.   the APP entity is required or authorised by or under an Australian law, or a court/tribunal order,   to deal with individuals who have identified themselves; or
b.   it is impracticable for the APP entity to deal with individuals who have not identified themselves or who have used a pseudonym.

The exceptions under 2.2 at first glance seem to dilute the effectiveness of APP 2 however the Privacy Commissioner’s Guidelines restricts the claim of impracticability to 2.2(b) to fairly limited types of situations and ones where anonymity or pseudonymity is reasonable.  It is a very poorly understood and appreciated APP and considerable work will be done to have organisations comply.

The other issue which is complementary to the legal right/ability to anonymous communication is the technical ability to anonymise Read the rest of this entry »

Itnews reports in Domino’s Pizza blackmailed over mass data leak that hackers who stole personal information of its customers, described as 600,000 customer details, want  €30,000 for the data.   It is a huge breach of data security which was effected through the vulnerability in an old ordering site.  If that is the case Domino’s has a real responsibility.  Organisations which Read the rest of this entry »

It would seem that Optus is a bit a jealous of of Telstra hogging all the limelight on the data breach/privacy interference stage for the last 3 years (see my post here, here and here though it has tried to show it was capable of poor data security – see article here).  So, as the Fairfax reports in Optus exposes customers’ silent listings it has managed to not only have a significant data breach of personal information of customer information but that of individuals who really don’t want their information publicised; those with silent numbers.   The very people who specifically ask for their phone details to be kept private have had them published online but also in print editions of the phone book. Those who especially are concerned for their privacy.  Sometimes for exceptionally good reasons, such as personal safety.

According to the story notices were sent out by letter on 2 June but Optus discovered the problem in April.  On the kindest assessment that is at least a 4 week delay.  With no mandatory data breach notification laws Optus doesn’t have to disclose of much of anything to the Privacy Commissioner or clients whose information was the subject of a data breach.  Given the Optus response to enquiries from Fairfax was at best a standard PR Read the rest of this entry »

The Federal Trade Commission has recently sought to rein in the excesses of data brokers in the United States (see my post on the subject here).  Whether that happens is a matter of conjecture and some sceptisism as the industry is well established, hugely profitable and the rate of improvement in broad ranging privacy regulation in the United States has been glacial.  With improvements in tracking techniquest such as onboarding, use of big data and algorithims the ability to track individuals on and off Read the rest of this entry »

A consistent problem with maintaining appropriate protection of personal information is training staff who handle that  information and maintain information systems, whether on line or in hard copy form.  The Australian Privacy Principles and their guidelines make clear that staff training is an important part of maintaining appropriate data security. Having appropriate anti virus software and appropriate protections in website architecture is important.  But having appropriate and easily understood protocols regarding the accessing, handling and posting of data is critical.  That necessarily involves training and monitoring.

Itnews reports in Review reveals extent of access to leaked Immigration data that the leakage of personal information about Read the rest of this entry »

The impact of technology in the classroom has been both profound and growing.  On the hardware side computers are ubiquitous but becoming outdated tools for school children and teachers.  Users are migrating to tablets. On the software side programmes are becoming more and more attuned to curricula needs. But there are real privacy concerns in the use of technology.  Collecting data Read the rest of this entry »