August 23, 2017
According to a very recent report titled FTSE 350 Cyber Governance Health Check Report 2017, of directors at the top 350 UK firms Directors at the UK’s top 350 businesses are not always given all the information they require to discuss cyber risks posed Read the rest of this entry »
On 15 July 2017 I posted on the very serious data breach by Flight Centre. It has been covered fairly widely by the media, on the ABC, MSN Nine and the Sydney Morning Herald to name a few.
A month later the Privacy Commissioner has decided to investigate the data breach. It made its announcement on 18 August 2017. The announcement provides:
On 15 August 2017, the Acting Australian Information Commissioner opened an investigation into Flight Centre, examining an alleged data breach involving the release of the personal information of customers to third-party suppliers.
Flight Centre is cooperating with the Office of the Australian Information Commissioner’s (OAIC) inquiries. Once the investigation has concluded a further statement will be published.
If any person has any concerns about how their privacy has been managed they can contact the OAIC at www.privacy.gov.au or on 1300 363 992.
This announcement has Read the rest of this entry »
Associate Justice Randall in FF (R & D) Pty Ltd v Australian Securities and Investments Commission [2017] VSC 482 considered the principles in granting leave nunc pro tunc to proceed in a proceeding and the exercise of discretion under section 500 of the Corporations Act.
The Plaintiff’s originating process sought :
On 6 October 2010 an explosion occurred at Fuji Fuels’ premises. The Plaintiff alleges Read the rest of this entry »
August 20, 2017
The misuse of drones, or to be more precise unmanned aerial vehicles, has always been a real problem since they moved from military to commercial and then to everyday use and their capacity grew from a difficult to control curiosity to a highly sophisticated aerial vehicle which can mount powerful cameras and videos on stable platforms. Along with the incredible benefits that have come from the commercial use of drones has come real and potential privacy intrusive activity. The lack of regulation has been apparent from the outset.
The legal issues and gaps in the law have been apparent for a long time ( I have posted on them here, here, here, here, here, here, here, here and here for example) For some reason this problem has in the last few days attracted the attention of both the Australian with Drone reforms needed to protect privacy and the Canberra Times with ‘Highly intrusive’: Drone complaints on the rise in Canberra and its editorial Drone misuse in Canberra a real concern for all. The articles cover well worn ground but are welcome nevertheless.
Drones are a challenge in Read the rest of this entry »
The Victorian Court of Appeal considered an appeal from an unsuccessful application to set aside a statutory demand in Modeca Investments Pty Ltd v Commonwealth Bank of Australia [2017] VSCA 203. The issue was the question of offsetting claim and its value as far as the applicant was concerned. Ultimately the question became whether the applicant could show there had been a breach of section 420A of the Corporations Act, most importantly whether the process could be successfully attacked.
The alleged debt arose out of a loan agreement entered into between the Commonwealth Bank of Australia (“CBA”) and Read the rest of this entry »
The UK Information Commissioner (“ICO”) continues to set a brisk pace in taking action against data breaches, this time imposing a £70,000 fine on the Islington Council for failing to keep personal information secure on its parking ticket system website. It highlights that breaches of privacy laws are as much about ensuring that personal information is secure from potential breach as responding to a breach itself. The infraction can be just as costly.
In the case of Islington council the ICO found that its website which allowed people to see an image of their parking offence had design faults which Read the rest of this entry »
August 18, 2017
Hackers are enterprising. Those who are also thieves are particularly keen to search out industries who are cash rich and security poor. According to the BBC they have found it in the shipping industry as How hackers are targeting the shipping industry reports. Hackers have intercepted emails and, acting as cuckoos, changed banking details on emails from suppliers asking for payment. Given shipping companies work in Read the rest of this entry »
The National Institute of Standards and Technology (“NIST”) produces excellent technical publications on data security and privacy which have wide application throughout both the US Government but also many organisations. It is in many ways the gold standard. That is not to detract from the Australian Government Information Security Manual which is an excellent resource but not used nearly enough by practitioners in the data security field.
The NIST has announced the release of its new revision of Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations. What is notable about this publication is that it is now focused on both Government and private systems. The NIST is providing a resource to assist any organisation, or person, to maintain Read the rest of this entry »
TalkTalk has had a dreadful few years courtesy of data breaches. In 2016 it received a record fine of £400,000 for theft of personal data involving 157,000 customers which had not been encrypted as a result of a hack in 2015. It later estimated Read the rest of this entry »
August 17, 2017
The Federal Trade Commission (“FTC”) has entered into a agreement with Uber Technologies (“Uber”) arising from the FTC’s formal complaint that Uber had failed to fulfill its claims that it monitored employee access to consumer and driver data.
As the media release and the complaint makes clear Uber did what many organisations with a poor privacy and data security culture did, put Read the rest of this entry »