The Ashley Madison breach of 2015 when 25 gigabytes of data, including personal information was accessed and stolen was one of the biggest breaches to that date.  It also resulted in huge embarrassment for users of the Ashley Madison website and major reputational damage for Ashley Madison.  Not only did it Read the rest of this entry »

The UK Information Commissioner’s Office (the “ICO”) has its detractors however as a regulator it has been by far more energetic than its Australian equivalent.  The legislative structure is different as is the resourcing.  The UK Data Protection Act provides more scope for enforcement action and the penalties can be swingeing.  That said the approach taken by the ICO in both adopting an educational approach, the carrot, but also high profile and tough regulatory action, monetary penalty notices, highlights a difference with the Office of the Information Commissioner, which has been all about the education and very little about the enforcement. That has had a deleterious effect on privacy and data protection compliance in Australia.

The ICO took action against the Royal Free London NHS Foundation Trust for failing to Read the rest of this entry »

The National Institute of Standards and Technology (“NIST”) has released a draft of is Application Container Security Guide.  While the NIST is an American agency its guides have Read the rest of this entry »

The passport details of Flight Centre customers have been released to third parties who were working with Flight Centre in developing business products.  The extent of the breach, in terms of numbers of passport holders personal information being leaked and what exactly was released to the unauthorised party, has not been disclosed.  That level of opaqueness in notification tends to be typical in Australia but much less so in the United Kingdom and the United States. Curiously the Flight Centre stresses that human error, rather than a systems failure, was the cause of the breach.  As if that makes it better or less serious.  The Privacy Act Read the rest of this entry »

After a 6 day trial a jury found for the plaintiff in the defamation proceeding of Sheales v The Age & Ors [2017] VSC 380.  The Court awarded damages in the sum of $175,000.  The current maximum amount awardable for non-economic loss is $381,000.

FACTS

The Plaintiff, Sheales, is a Victorian barrister practicing mainly in criminal law and sports law. The Third Defendant, Patrick Bartley, was a journalist who wrote an article about the Plaintiff’s appearance before a Racing Victoria stewards hearing on 2 August 2015. An issue before the steward’s hearing that day concerned the alleged use of the chemical element cobalt by the plaintiff’s clients [1]. Fairfax Digital Australia and New Zealand Pty Ltd, the second defendant, published the article online. The first defendant, The Age Company Pty Ltd, the owner and publisher of The Age newspaper, published the article, with some small differences on 3 August 2015 [2].

The Plaintiff alleged that he had suffered injury to his professional reputation and feelings, had been humiliated, embarrassed or Read the rest of this entry »

The theft of personal information and subsequent sale on the internet, the “darknet” to be more dramatic, is common, lucrative and, because poor privacy and cyber security policies and protections by many organisations, an increasingly attractive way for criminals to make money. It is not necessary to obtain credit card or bank details.  Getting official identifiers like social security numbers have intrinsic value.  Which is why the report of Medicare numbers being sold on line is Read the rest of this entry »