Peter A Clarke

Categories

  • Blogs

  • Civil Liberties & rights

  • Current Affairs

  • Data security

  • Legal blogs

  • Newspapers

  • Overseas legal sites

  • Oz Legal

  • Politics

  • Privacy sites

  • Technology

    • Over 4.3 million records breached worldwide in April 2023.

    May 8, 2023

    Itgovernance has published the list of reported or otherwise discovered data breaches in April 2023 and found that there were 120 publicly disclosed breaches which resulted in 4,353,257 records being compromised. Fortunately Australian entities did not feature April’s tally. They made up a significant part of the tallies in late 2022 and earlier this year.

    Some of the prominent breaches involved:

    Itgovernance highlight the the following data breaches in April:

    1. Shields Health Care Group

    The largest data breach of April 2023 was at the Shields Health Care Group, a Massachusetts-based medical services provider. Reports emerged near the end of the month that a cyber criminal had gained unauthorised access to the organisation’s systems and had stolen the personal data of 2.3 million people. Read the rest of this entry »

    Posted in Privacy | Post a comment »

    Federal Trade Commission proposes a blanket ban on Facebook monetizing youth data and other restrictions.

    Facebook has been the subject of action from the Federal Trade Commission (the “FTC”) on two occasions to date. The FTC announced on 3 May that it wants to amend its 2020 order against Facebook because it believes that Facebook has failed to comply with that order. Worse it claims the Facebook has misled parents about their control through its Messenger Kids app and misrepresented how much access it provides app developers to private user data.

    The use and misuse of children’s personal information is a very serious and topical issue.  The FTC clearly believes that Facebook is incorrigible in its collection of this data and the use it puts it to.  The orders it seeks are quite severe, including Read the rest of this entry »

    Posted in Privacy | Post a comment »

    Commonwealth Attorney General announces the (re) creation of the Privacy Commissioner.

    May 3, 2023

    Today the Attorney General announced that the Government will create a stand alone position of Privacy Commissioner. The statement provides:

    The Albanese Government will appoint a standalone Privacy Commissioner to deal with the growing threats to data security and the increasing volume and complexity of privacy issues.

    Australians rightly expect their privacy regulator to have the resources and powers to meet the ongoing challenges of the digital age and protect their personal information.

    The large-scale data breaches of 2022 were distressing for millions of Australians, with sensitive personal information being exposed to the risk of identity fraud and scams.

    This action is in significant contrast to that of the former Liberal Government, which left Australia disgracefully unprepared for this challenge by failing to strengthen privacy laws, and scrapping the position of a standalone Privacy Commissioner.

    The Albanese Government takes privacy regulation seriously and has already acted to significantly increase penalties for companies which fail to take adequate care of customer data and give the Australian Information Commissioner improved and new powers.

    The Australian people rightly expect greater protections, transparency and control over their personal information and the appointment of the standalone Privacy Commissioner restores the Office of the Australian Information Commissioner to the three-Commissioner model Parliament originally intended.

    Currently, the Australian Information Commissioner, Ms Angelene Falk, holds a dual appointment as the Privacy Commissioner. I thank Ms Falk for her dedicated service in this role since 2018. Ms Falk will remain Information Commissioner and head of the OAIC.

    A merit-based selection process to fill the role of Privacy Commissioner will commence today. Ms Falk will continue as the Privacy Commissioner until this process is finalised.

    Freedom of Information Commissioner

    In light of the recent resignation of Mr Leo Hardiman PSM KC as Freedom of Information Commissioner, I am also pleased to announce that we have appointed Ms Toni Pirani as acting Freedom of Information Commissioner, effective 20 May 2023. I thank Mr Hardiman for his significant contribution and wish him well in his future endeavours.

    Appointing an acting FOI Commissioner will ensure that the OAIC can continue to undertake its FOI functions until a permanent appointment is made.

    A merit-based selection process to select the ongoing FOI Commissioner vacancy will also commence today.

    Read the rest of this entry »

    Posted in General, Privacy | Post a comment »

    Privacy Act Review Report. Chapter 7: employee records exemption. A disappointingly non committal proposal.

    May 2, 2023

    Chapter 7 of the Attorney Generals’ Report into the Privacy Act 1988 considers the employee records exemption in the Privacy Act 1988. The employee records exemptionwas considered at length by the Australian Law Reform Commission in its 2008 Report on the Privacy Act 1988 (Report 108, For your information).  The Australian Law Reform Commission unequivocally recommended that the it be removed by the repeal of section 7B(3) of the Privacy Act.  Unfortunately this Report has ummed and ahhed in face of vociferous and largely spurious objections by employer bodies who wish to retain the exemption come what may.  As a result the Proposal is far from unequivocal and seeks to find a half way house of improving privacy protections of those records but not entirely removing the exemption.  It also wants further consultation. Because years and years of consultation is not enough.  It is a very disappointing chapter.  Not as poorly analysed as the small business exemption but not good nevertheless.

    The exemption applies to an act or practice of an organisation that is or was an employer as it directly related to its employment relationship with an individual.  In that circumstance an employee record it holds relating to the individual is exempt.  As the exemption applies to acts or practices of ‘organisations’ it covers non-public sector entities in their capacity as employers or former employers.  It does not extend to ‘agencies’.

    As with the small business exemption the basis for this exemption is based on flawed assumptions and poor public policy.  Here the rationale was that the ‘handling of employee records is a matter better dealt with under workplace relations legislation.’

    The exemption has led to anomolous outcomes.  The exemption applies even in relation to  the National Data Breach Notification scheme;.  As such any data breach involving personal information of employees in an employee record  is not subject to the scheme’s reporting requirements.

    The Discussion Paper questioned Read the rest of this entry »

    Posted in Privacy | Post a comment »

    It is privacy awareness week…. this years theme “Back to Basics.”

    May 1, 2023

    Any opportunity to highlight the need to take privacy seriously and comply with the law should be embraced.  Privacy Awareness Week has been a feature of the privacy calendar for many years now.  It is low key but has been known to get some press from time to time.  It provides little insight to lawyers or privacy practitioners.

    The message from the Commonwealth Information Commission Read the rest of this entry »

    Posted in Privacy | Post a comment »

    European Data Protection Supervisor publishes its response to the European Commission’s initiative on GDPR enforcement

    Enforcement of breaches of the GDPR should be of interest to Australian practitioners if the mooted reforms to the Privacy Act occur.  If the Commissioner is properly funded and changes temperament there could be real enforcement activity.  The European Data Protection Supervisor recently responded to the European Commission’s initiative to further specify procedural rules for enforcement of the GDPR.

    The amended rules highlights that the need for effective and efficient cooperation exists in cases where personal data moves from EU institutions, bodies, offices, and agencies (‘EUIs’) to public bodies or private entities, and vice-versa. The focus is Read the rest of this entry »

    Posted in Privacy | Post a comment »

    Next Entries »