Australia lacks a mandatory data breach notification legislation in relation to breaches under the Privacy Act.  By comparison, most American States have such legislation and there is a serious effort to introduce it at a Federal level if for no other reason than to impose some uniformity on notifcation requirements.  It is good public policy to have such legislation.  Individuals are entitled to know if their personal information has been compromised.

With a lack of mandatory reporting there is a lack of Read the rest of this entry »

If ever there was an argument for proper cyber security both at the firewall and within it is the cyber attack on Sony and the theft of up to 10 tera bytes of data. Sony issued a breach notification letter on 8 December 2014 which Read the rest of this entry »

Itnews reports in Google faces fine for web privacy violations that the Dutch Data Protection Authority is looking closely at Google’s practice of using private information to customise ads. The focus of the DPA’s concern is the lack of transparency and consent.  This form of behaviour would not be a constraint in the US. Read the rest of this entry »

There has been no consideration of Australian Privacy Principle (“APP”) 11 by the Privacy Commissioner through determination, enforceable undertaking or civil penalty proceeding. The APP guidelines are drafted in general terms. The guidelines on enforcement actions are in draft form and part way through the consultation process.  The nature and extent of actual implementation of measures to comply with APP 11 is a matter of some conjecture, often depending upon which expert has the microphone. What is clear is that the risk of breaches is real as set out in a report prepared by Trustwave titled The State of Risk 2014.

Some of the sobering findings are Read the rest of this entry »

The Hong Kong Privacy Commissioner has announced that Read the rest of this entry »

The Court of Justice of the European Union (CJEU) has today published its decision in the case of František Rynešfound that domestic CCTV which films a public area Read the rest of this entry »

The hacking attack on Sony continues to wreak damage on both the brand but also its relationship with those with whom it does business, especially its stars. The immediate impact of the breach was the loss of intellectual property, films which were stolen and downloaded.  This cost Sony revenue.  The latest source of excruciating embarrassment is the leak of emails from Sony executives to producers about actors as reported in Sony hack: Angelina Jolie called a spoiled brat in leaked emails, and Nasty Exchanges and Insults and about its mistakes in movie making as seen in Leaked e-mails show Sony botching its Steve Jobs movie.  There seems to have been a very poor privacy framework behind the firewall.  With proper privacy engineering such a broad ranging attack on differing components of Sony’s cyberspace architecture.  Obvious questions are whether data was properly segmented so that different segmentts can be handled with different privacy, encryption adn security rules, what technical measures were in place to ensure only authorised access and use of data, what security measures were in place to detect unauthorised access, was there a pervasive risk management approach applied to ensure effective privacy engineering.

The article Sony Hack Read the rest of this entry »

The Privacy Commissioner has issued a statement titled Global privacy authorities urge app marketplaces to make links to privacy policies mandatory. The laxity in privacy protections and compliance with data protection laws, including proper privacy policies and consents have been a long standing concern.  The Federal Trade Commission has been active in Read the rest of this entry »

The development and increased use of unmanned aerial vehicles (drones) is an example of how while laws may delay the technology does not.  And as the gap between the regulation and the use, numbers and capacity of drones grows it will be the law that is found wanting and forced to change in a hurry. Which is usually a recipe for Read the rest of this entry »

After a surge in their use, followed by some criticism, the use of injunctions in the privacy/misuse of private information proceedings in the United Kingdom has been quite restrained in the last few years.  That such an order is available to the court is demonstrated in the recent decision of AMM v News Group Newspapers [2014] EWHC 4063 (QB) where the Court, per Stewart J, granted an injunction restraining News Group Newspaper from publishing private information.

FACTS

The Defendant is the publisher of the Sun on Sunday. The application for an injunction sought Read the rest of this entry »