The Victorian Supreme Court in A G Coombs Pty Ltd v M & V Consultants Pty Ltd (in liq) [2018] VSC 468 considered and dismissed a plaintiffs’ application for injunctive relief to prevent an application under section 459 of the Corporations Act 2001 being made.

FACTS

On Friday 15 June 2018, the plaintiffs sought urgent interlocutory relief and final relief by way of an injunction to enjoin the defendant from making an application under s 459P of the Corporations Act 2001 (Cth) to wind up each of the plaintiffs in insolvency in connection with statutory demands Read the rest of this entry »

Universities and institutes of higher learning hold enormous amounts of intellectual property that is valued by foreign governments or those wanting to obtain financial advantage without the effort.  They are prime targets for cyber attacks.  As are law firms which often have data relating to intellectual property claims or litigation.

In March 2018 the United States filed indictments against Iranian Revolutionary Guards for hacking computers of 7,998 professors at 320 computers involving 144 universities as well as other institutions  over the last 5 years.  In early July 2018 the Guardian reported that the Australian National University was hit by Chinese hackers.  As did the Australian.

This week ARN reports in Seven Australian universities targeted in global hacking campaign reports that 7 Australian Universities as part of a global action targeting Read the rest of this entry »

Privacy breaches in the health industry are depressingly common.  Almost commonplace in hospitals.  The reasons are not hard to find; many access points to information from clip boards at a patients bed or in a rack at a counter to a click of a button at a computer accessed by many staff, a large number of staff and high turnover and a generally poor privacy culture by senior medical staff.   That is compounded by generally poor privacy protocols, inadequate training and an implied preference to be criticised for inevitable breaches rather than a root and branch change in policy and practice.  It helps not one bit that the State and Federal regulators are lackluster operators.

So it is not at all surprising to Read the rest of this entry »

Yesterday there was a very significant privacy breach at a Victorian school, Strathmore Secondary College, involving the release of health information of students including mental health conditions, medications and learning and behavioural difficulties.  It is reported in the Guardian and SBS, among others.  The exposure of 300 school student’s records on the school’s intranet was likely the result of human error.  That bespeaks a very ordinary privacy training and controls.  Which is not uncommon.

These events provide a useful application of how the privacy legislation in Victoria may work for those who are affected by the breach.  Under the Privacy and Data Protection Act 2014 those affected by Read the rest of this entry »

The Government has amended the Broadcasting and Enhancing Online Safety Act 2015 by giving the eSafety Commissioner with powers to seek civil and criminal penalties to deal with image based abuse, mainly revenge porn in practical terms.  The civil penalties apply for failing to remove images and criminal penalties for transmitting private sexual material or a if there has been 3 civil penalty orders made against a person.

In principle the laws are welcome.  In practice it really depends on the vigour of the eSafety Commissioner.  Australia has a poor reputation in regulating privacy infringing behaviour.  The amendments themselves highlight a very process laden means of achieving a legislative end. It

What is more than passing strange is that for all of these amendments the Government has not provided individuals with the power to take enforceable action relating to an interference with their privacy, either under the Enhancing Online Safety or the Broadcasting Acts.  Everything must be channeled through the eSafety Commissioner.  That might work for some or many people but others may wish to take steps themselves, such as obtaining compensation as well as taking down the images.  It is a somewhat patronising omission. It is also the triumph of bureaucracy over freedom of the individual to take action in their own right.

A statutory cause of action for interference with privacy is the simple and straightforward way of giving individuals a right to take action.   This has been suggested for many years but most formally by the Australian Law Reform Commission in 2008 and again in 2011.  It has been emphatically rejected by the current government and ignored by the previous government.  In short there has been a bipartisan policy failure in this area. Read the rest of this entry »

The Federal Government introduced the My Health Records Amendment (Strengthening Privacy) Bill 2018 today.

It is very much a patch like amendment to the Act, inserting a Read the rest of this entry »

The work of the Information and Privacy Commissioner continues to not go on.  But the Government has appointed a permanent successor to the previous Commissioner, Timothy Pilgrim.  The Interim Information Commissioner and Privacy Commissioner, Angelene Falk, has been appointed Read the rest of this entry »

The UK Information Commissioner has taken strong action in the form of a Monetary Penalty Notice of £140,000 for on selling personal information of one million people, from Emma’s Diary, which provides advice on pregnancy and childcare, to Experian Marketing Services, which is used by the Labour Party.  That information was used as a database which was used to profile new mums for use during the 2017 General Election.  The key with data for political parties is to allow them to micro target voters with carefully structured messages.

Under both UK and Australian privacy legislation personal information collected for one purpose can not be disclosed to a third party for another purpose unless one of the exceptions applies.

The actions by Emma’s Diary was particularly cynical given Read the rest of this entry »

A problem which predates the My Health Records Act is the poor state of data security in the Health Sector.  It is a chronic problem.  The extent of the problem is highlighted in the discovery of 1,000 medical records relating to 400 patients of an Aged Care centre found in a building in South Sydney and 7,000 patient records exposed on line at South Australia’s Women and Children’s hospital.

The Hong Kong Department of Health was recently hit with a ransomware attack.   And in Nova Scotia the Privacy Commissioner has investigated a privacy breach by a pharmacist employed by a large pharmacy chain who viewed the private medical records of 46 people who were not that person’s patients, including a child who was a friend of her child, that child’s parents, friends and Read the rest of this entry »