Peter A Clarke

The My Health Records Act 2012 is a dreadful piece of legislation.  Privacy professionals have known this for some time.  They have been saying it for some time.  While the system involved voluntary placement of records onto the systems the Government could avoid grumblings from various groups.  The Privacy Commissioner was on an extended tea break on the issue.  Nothing new there. So the legislation was untouched and the agency responsible for its management, the ADHA, filled forms, ignored complaints and generally kept a low profile.

Then the opt out provisions came into effect and various commentators “discovered” the privacy invasive aspects of the system. Janet Albrechtson took up the cudgels as did Peter Van Onsolen at News Ltd.  Similar negative treatment came from Read the rest of this entry »

The Australian Information Commissioner has released another quarterly report of notified data breaches.  It has grown into a 33 page document from its humbler beginnings of a single page.  At the outset it is relevant to note that these figures are not the last word on actual data breaches.  There is a balancing act organisations go through before deciding to notify.  That is a weakness in the legislation.  There is also likely to be some non compliance with the legislation.  Finally many organisations are not subject to the operation of the Privacy Act and therefore will not notify because they do not have to.  That said it is a valuable report.

Putting the issue of data breaches in its broader context itgovernance has calculated that there were data breaches and cyber attacks in July 2018 which resulted in unauthorised access to 139,731,894 records.  And health records were a significant percentage of the records affected.

In the quarter there was 242 notifications, compared to 63 in the previous quarter, which were Read the rest of this entry »

As if the victims hadn’t suffered enough.  The Independent Inquiry into Child Sexual Abuse suffered a major data breach.  Of the all too common own goal variety.  A staff member sent an open email to 90 victims of sexual abuse, thereby allowing each person to identify the emails of others.  More than the majority of the email addresses listed the full name of the recipients.  Given the nature of the inquiry and the sensitivity of at least some of the recipients it was a dreadful and entirely avoidable error.  The Inquiry released personal information without consent.

Under the Monetary Penalty Notice the contravention was Read the rest of this entry »

Another case of compare and contrast between privacy regulators.  In the UK the Information Commissioner’s Office has announced the finding of investigations involving the use of personal information provided to Facebook by Cambridge Analytica.  The size of the breach of the Data Protection Act is enormous involving up to 87 million users worldwide.  The UK Information Commissioner commenced it investigation into Facebook in February.  It now announces its intention to fine Facebook a maximum of £500,000 as well as Read the rest of this entry »

The Australian in Facebook hit by Australian compensation case for data theft reports that the litigation funder IMF Bentham have lodged a representative complaint with the Office of the Information Commissioner arising out of the Cambridge Analytica use of personal information gleaned from Facebook.  One of the more egregious breaches of privacy by Facebook in recent times.  Which is saying something!  The story is also picked up by the Guardian in Compensation sought for Australians caught up in Facebook privacy breach.

Representative claims before the Information Commissioner is a rarely used provision.  The IMF Bentham quite lengthy statement relevantly Read the rest of this entry »

The Australian Government Agencies Privacy Code came into effect yesterday.  That is effectively today.

As the Privacy Commissioner notes on its media release under the Code agencies are Read the rest of this entry »