Peter A Clarke

Itnews reports in Experian investigated over data breach on a serious data breach at Experian.  The scope of the breach involves access to social security numbers of up to 200 million people.  Interestingly the focus of the investigation goes to whether there has been complience with data protection laws.  While the law is not directly analogous in Australia the Privacy Commissioner now has significant powers to investigate data breaches.  What does not exist yet is mandatory data breach notification laws.  Such a law almost passed in 2013.

It provides:

US law enforcement teams are jointly investigating a serious data breach involing a subsidiary of credit reporting firm Experian that exposed the social security numbers of some 200 million people to potential criminal activity.

The focus of the Read the rest of this entry »

I had the pleasure of attending a public lecture hosted by the Castan Centre on Surveillance and the right to privacy in a digital age  (see here) by Kenneth Roth, the Executive Director of Human Rights Watch.  It was a very useful overview of one of the biggest public policy issues relating to privacy, mass and untargeted surveillance.

Mr Roth has been active in the media in the last week and published an opinion piece in the Fairfax press, Privacy: rationales governments use to claim mass snooping is legal, which is a very interesting overview of the developments in privacy protections since Read the rest of this entry »

The Australian Law Reform Commission (the “ALRC”) has released its long awaited discussion paper on Serious Invasions of Privacy in the Digital Era (found here).

Submissions are due by no later than 12 May 2014.  That is a very short time frame given the size of the report, over 200 pages, and 47 recommendations.

The media release provides:

The Australian Law Reform Commission (ALRC) today released a Discussion Paper, Serious Invasions of Privacy in the Digital Era (DP 80, 2014). The Terms of Reference for this Inquiry ask the ALRC to consider the detailed legal design of a statutory cause of action and, in addition, other innovative ways the law might prevent or redress serious invasions of privacy.

The ALRC is Read the rest of this entry »

Itnews reports on a drone v helicopter near miss in Drone almost collides with Westpac Rescue chopper.   It is hardly an unexpected event.  The expansion in the use of drones by properly trained and accredited operators and the hobbyists, the limited enforcement of regulations is making for a complicated situation in the airwaves.  The lack of privacy protection is a significant issue both in Australia (where protections are weak and have been traditionally enforced sporadically) and the United States of America, where the legislative response has been focused at a state level.

It provides:

UAV aimed for helicopter.

One of two Bell 412 choppers the Westpac Rescue Helicopter Service operates was involved in a near miss with the UAV near Read the rest of this entry »

Telcos have proven to be prone to data breaches.  Massive amounts of data stored and significant interface with other service providers.  Telstra was earlier this month found to have breached the Privacy Act in relation to a data breach (see here) .

Now British Telecom finds itself under scrutiny from the UK Information Commissioner’s Office as reported in BT investigated by UK privacy watchdog over breach due to a hacking attack.

It provides:

Whistleblower says seven million customers exposed.

The ICO launched an inquiry on Read the rest of this entry »

The world today reports, in Obama says it will take time to regain trust after spying revelations, on the call by the US President to reform the collection of data by government.  Which may have receptive ears in the legislative branch (see here).  The executive has slowly been turning its attention to the collection of metadata.  Very slowly.  Last Friday the President met with tech CEOs on privacy issues (see here)

The report provides:

ELEANOR HALL: The US president Barack Obama has declared that he is determined to win back the trust of citizens who are disgusted by revelations of America’s spying activities.

He urged Congress Read the rest of this entry »

Today the Privacy Commissioner found that Telstra breached the National Privacy Principles 4.1, 4.2 and 2.1 arising out of the leak of personal information of 15,775 customers.  The Privacy Commissioner’s finding is found here.  The ACMI also found Telstra breached the Telecommunications Consumer Protections Code. It’s finding is found here.

The reportage has been long and loud.  The Age report is found here at Telstra breaches privacy of thousands of customers, the ABC with Telstra fined after breaching privacy of 15,775 customers and itnews with Telstra breached Privacy Act by exposing user data with the Australian’s Telstra leak breached privacy law: reports.

The Privacy Commissioner’s decision, absent footnotes, provides:

Overview

On 24 May 2013, the Australian Privacy Commissioner (the Commissioner) opened an own motion investigation into Telstra Corporation Limited (Telstra). This was in response to media allegations that personal information of Telstra customers was accessible online, which Telstra confirmed.

The Commissioner’s investigation focused Read the rest of this entry »

The US Federal Trade Commission and the UK Information Commissioner’s Office have signed a memorandum of understanding to promote increased co operation as part of increasing consumer privacy.

The media release (with pictures found here) provides (absent photographs):

The Privacy Commissioner has released a business resource on the de-identification of data and information. It is found here. De identification and anonymisation of data is the subject of some conjecture in the privacy community and with academic writers.  With the rise of big data and the harnessing of sophisticated algorithims some commentators believe it is virtually impossible to de-identify information.  That is not a position privacy regulators take though they acknowledge the danger of matching data across a range of sources which could identify data otherwise thought de identified.  It is an open issue.  For the regulator however an orthodox resource to provide some assistance has been produced.

It provides, without footnotes (though the sources are a necessary read to properly understand this issue):

Privacy business resource 4: De-identification of data and information

De-identification of personal information can Read the rest of this entry »

Today the Privacy Commissioner released the APP guidelines.  It is found here.

The accompanying press release provides:

‘March 12 will see the biggest change in privacy law in 25 years, and the APP guidelines are an essential tool for the implementation of this change,’ said Australian Information Commissioner, Professor John McMillan.

The APPs are a single set of principles that Read the rest of this entry »