Peter A Clarke

Disposal of old records during a move, a spring clean or just a clean up is a continuous source of data breaches.  It is almost invariably a product of poor data management.  Files accumulate, rather than being progressively destroyed or de identified as the records are no longer of use and then stored in an isolated area and forgot about when staff move on.  Poor record keeping adds to the confusion.  When furniture or buildings are sold or there is a move to declutter there is no real methodology in reviewing whether what is being sold, removed or other thrown out contains personal information.  Such practices are clear breaches of the APPs and may attract enforcement action by the Privacy Commissioner.

In Sensitive student records found in dumpster outside Denver middle school boxes of student records were Read the rest of this entry »

As of today the amendments to the Privacy Act have been in force for 5 months.  According to Zdnet’s article Australian businesses uncertain about data handling: IDC notwithstanding that time period, the preceding 14 months between passage and enactment of the amendments and the reasonable media coverage almost 20% of organisations are not aware of the changes and 70% of organisations are still seeking guidance on how to manage data.  In a sense that is an improvement on previous analysis as at March 2014 where the estimate of awareness was hovering at 40%.  But it is still a concern.  The article is based on an IDC study (found here).  What is clear Read the rest of this entry »

Will technology solve threats to privacy that the law will (rather than can not) do?  That has been a hope and prediction by some software programmers and other wonks.  The focus has been on encryption.  But in Could peer-to-peer technology solve the privacy conundrum? one possible solution is peer to peer technology.  Of course it would be better to have both the privacy enhancing technology as well as coherent and comprehensive privacy regulation which Read the rest of this entry »

The Information Commissioner’s office (the “ICO“) has entered into an enforceable undertaking with Thamesview Estae Agents who engaged in practices inconsistent with properly handling personal information and disposing of it securely, to wit it left transparent bags of documents containing personal information on the street for collection and disposal by a third party.  The contents of the bags could be viewed Read the rest of this entry »

The US Federal Trade Commission has been raising concerns for some time regarding privacy weaknesses in mobile apps,including taking actions against some app developers.  Mobile shopping apps are popular and almost ubiquitous.  But, as in the FTC reports in What’s the Deal there are real problems with notices to consumers about data collection and use and data security practices.

Regarding collection of consumer data the FTC found Read the rest of this entry »

Wearable fitness, health devices are becoming de rigour wear for the health conscious and for those who keen to know their personal rhythms.  As the article Tech giants gambling on health technology makes clear, it is also big business.  These devices and apps involve an almost continuous data stream of personal information.  The privacy issues are obvious but poorly regulated in Australia and beyond.

The article Read the rest of this entry »

The Privacy Commissioner has released a third video, this time titled How to access my personal information.

It is Read the rest of this entry »

The consequences of the data breach at Target continue.  The Huffington Post reports in Data Breaches May Result in Board Breakups that Read the rest of this entry »

The law may dither but the technology does not.  Privacy regulators across the globe vary in their powers and enthusiasm for taking enforcement action.  In Australia the new enforcement powers available to the Privacy Commissioner since March 2014 has not resulted in any high or any profile actions. That is not to say work is not being done. It is just not visible as yet. And with any form of regulation a certain profile is necessary to send the right message to the market.

On line security is a fundamental part of confidence of the public using a particular site or another. Google has take some steps on its own initiative in Read the rest of this entry »

Encryption should be part of an organisation’s data security framework.  Encrypting personal information reduces the likelihood that a breach of data security by a cyber attack will directly impact an organisation’s customers.  Encrypting emails, currently possible with the appropriate programs, is not generally used by the mail internet service providers.  Given personal information is often transmitted via email there is a risk of a privacy breach if email is intercepted and viewed by third parties.  In the USA that has the additional overlay of the NSA’s prism program which has involved mass collection of emails and other data.  The politics are one thing but the harm to the business reputation of internet service providers is another.  Google, Microsoft and others, including Yahoo, have not enjoyed being seen as a cypher for a governmental collection program.  Some, perhaps much, of that criticism has been unwarranted or at least exaggerated but in a market where users have concerns about security and privacy the Snowden revelations have caused industry wide damage.  Read the rest of this entry »