Last Friday, 26 July 2019, the Australian Competition & Consumer Commission released its long anticipated and comprehensive final report.  At 623 pages it is something of a tome, not surprisingly given the broad and comprehensive recommendations it makes. The executive summary is found here.

The scope of the recommendations cover issues of competition and protecting diversity in the media, issues of critical importance but beyond the usual coverage of this publication.

Relevantly, for this site, is the recommendations for more privacy protections. That includes Read the rest of this entry »

There has been widespread coverage of data breach at the NAB involving personal information of 13,000 customers being uploaded two data companies without permission. The data provided to the mysterious data companies is extensive; names, date of birth, contact details and sometimes government issued identifiers.  Close to enough to undertake some identity theft and get close to accessing accounts.  It is serious but mitigated by the fact that the breach was only to third party providers known to the NAB.  From the tenor of the story it is likely that the data providers knew of and have or had some form of relationship with the NAB. As such the disclosure is more containable than a disclosure to the world or a hack.  The difficulties with personal information being provided to third party providers is that Read the rest of this entry »

The Federal Trade Commission (FTC) has formally imposed a $5 billion fine on Facebook arising out of its breach of the 2012 FTC order.  The breaches related to sharing of data with third party users, to wit making that information available to Cambridge Analytica, as well as launching Privacy Shortcuts and Privacy Checkup in 2014 which were supposed to help with managing privacy settings but did not disclose Read the rest of this entry »

It is something of a myth that there is no privacy and data protection regulation in the United States.   In the United States privacy and data protection in certain sectors, such as health and finance, is the subject of comprehensive regulation and the authorities are not afraid to enforce the law.  Another area of strong regulation is consumer protection with the Federal Trade Commission using its powers to litigate, enter into onerous and long term enforceable undertakings and levying heavy fines for breaches.

The most recent example of the FTC wielding the very big regulatory stick is its proposed settlement with Equifax to settle its complaint regarding its 2017 data breach which affected approximately 147 million people. The FTC brought a formal complaint in the US District Court. As is common the FTC alleged a misrepresentation as to protecting privacy, providing security and confidentiality of personal information.

Today in a 74 page proposed settlement Equifax has agreed to a judgment being entered against it in the sum of $425 million.   Of that $300 million will Read the rest of this entry »

In Omar Property Pty Ltd & Others v Amcor Flexibles (Port Melbourne) Pty Ltd [2019] VSC 446 the Supreme Court, per Mukhtar AsJ considered the principles of ambit of discovery and the use of redactions in a hard fought discovery application.

FACTS

The five-day trial dated was vacated because of three intervening discovery fights [1].

This decision related to the first fight.

The proceeding is a dispute over a commercial lease of industrial premises. The question is whether the defendant has validly exercised an option to renew its lease or is entitled to renew the lease. The plaintiff says Read the rest of this entry »

With the General Data Protection Regulation in force in the United Kingdom the Information Commissioner has greatly enhanced powers to fine those who breach data protection laws.  And in that vein the Commissioner announced on 8 July 2019 an intention to fine British Airways £183.39 million for a data breach in September 2018 which resulted in personal information of 500,000 were compromised.  As is often the case investigation after the breach revealed Read the rest of this entry »

Although the Federal Trade Commission (“FTC”) has not made a formal announcement the detailed reporting of the deliberations and voting by FTC Commissioners in favour ( 3-2) make it almost certain that once the civil division of the Justice Department approves the settlement, an almost certainty, an announcement will be formally made and Facebook will be liable to pay $5 billion. The Wall Street Journal broke the story with FTC Approves Roughly $5 Billion Facebook Settlement. 

Wired has undertaken a comprehensive report of the saga, which started with the FTC opening its investigation in March 2018, a week after the Cambridge Analytica scandal broke.  

The problem Facebook faces Read the rest of this entry »

On 27 June the relatively new Information Commissioner signed off on an enforceable undertaking with the Commonwealth Australia Bank arising out of 2 data breaches, the first involving the loss of 2 magnetic data tape containing what the Information Commissioner customer statements relating to 20 million customers in 2016.  The CBA was not able to work out whether the records were destroyed or something else came of them.  The second breach arose in August 2018 with sensitive information being available to those who were not able to access that material. This enforceable undertaking was entered into with the CBA already the subject of a very critical APRA report on the CBA’s risk management and reactive approach to compliance.  The CBA entered into a enforceable undertaking from the CBA in early May 2018.  And yet the CBA was involved in a second data breach 3 months later, in August 2018.  What does that say about CBA’s commitment to risk management?

There is a contrast in styles between the Information Commissioner’s media release and that of the Bank.

The Commissioner’s media release reads Read the rest of this entry »

The Full Bench of the Fair Work Commission recently handed down a very important decision in Lee v Superior Wood Pty Ltd [2019] FWCFB 2946 regarding the application of the Privacy Act. The Full Bench undertook a careful analysis of the Act and applied the Australian Privacy Principles (the APPs) to the facts in the context of an unfair dismissal claim, in this case appeal from a Commissioner at first instance.

The Facts

Superior Wood operates two sawmills at Melawondi and Imbil [2] in Queensland. It had approximately 150 employees, 80 of whom, including Lee,working at the Imbil site. Lee was employed as a casual general hand and worked for  3 ¼ years. Superior Wood is Read the rest of this entry »