Peter A Clarke

Over the last year the Federal Trade Commission (the “FTC”) has been taking stronger action to deal with privacy intrusive behaviour both in terms of undertakings and fines.  It has also Read the rest of this entry »

From the land of the CCTV, the United Kingdom, comes a story that highlights how technology once thought of the province of government agencies and large organisations are readily available for use by the average citizen.  Sometimes the below average citizen.  In Neighbourhood watch: how domestic CCTV is sweeping the UK the Guardian highlights the complexities and privacy intrusive behaviour associated with the misuse of CCTVs. The UK is quite far advanced in having some legal means of dealing with privacy intrusive behaviours thought as the story makes clear it is far from a perfect solution.  CCTVs are often not the solution to an underlying problem, as highlighted in CCTV increases people’s sense of anxiety

At least the UK has a surveillance camera commissioner.  In Australia Read the rest of this entry »

‘Tis the season for lists.  In that vein the Wired article on The Year’s Worst Hacks, From Sony to Celebrity Nude Pics is a good coverage on the highlights of 2014’s hacks.  And it has been a Read the rest of this entry »

Privacy protection is moving in a two pronged direction; through development of law and by technological innovation.

In Australia the law is moving painfully slowly, mainly through regulation of the Privacy Act 1988.  The Act was enacted in 1988 to cover government agencies, amended in 2000 to cover some but not all privacy sector organisations and amended again earlier this year to give the Privacy Commissioner enhanced powers, to actually do something about privacy breaches.  In the 9 months after the amendments came into force there has been Read the rest of this entry »

It is no understatement to say that 2014 was a banner year for data breaches worldwide.  The Sony breach marked an apogee for the year though it might seem hum drum when viewed Read the rest of this entry »

As recently noted by Peter Timmons excellent blog Open and Shut the most recent Sydney Law Review has an excellent article titled Enhancing Press Freedom through Greater Privacy Law: A UK Perspective on an Australian Privacy Tort which considers an actionable privacy right in the context of the need for freedom of expression.  It also Read the rest of this entry »

The Australian Privacy Commissioner, with Privacy tips for the festive season, and the UK Information Commissioner’s office, with Is protecting data on your Christmas list?, have issued posts/statements on the need to maintain proper data security.  As far as they go they are reasonable and easily understood suggestions.  Given the Read the rest of this entry »

In Delta site flaw lets passengers access others’ boarding passes Itnews reports on a significant weakness in Delta’s website which enabled passengers to access the boarding passes of others.  Clearly this is a significant privacy violation.  While the vulnerability was fixed it is indicative of problems with organisations failing to review their web site interface to check for vulnerability.
Read the rest of this entry »

Under the Privacy Act there is an obligation to provide adequate data security, at Australian Privacy Principle 11.  The Privacy Commissioner’s guidelines attempt to set out what is expected of entities.  Those guidelines are drafted in the broad and suffer from being very generalised.  Absent determinations, enforceable undertakings it is difficult to determine what the benchmarks are.  Clearly industry standards are relevant.  As posted previously (found here) the New York Department of Financial Services has issued a detailed letter regarding what is expected in the event of an IT/cybersecurity examination. It is an area where the United States Regulators are, albeit in a piecemeal and sectoral manner, taking more detailed an pro active steps than Read the rest of this entry »

Australia lacks a mandatory data breach notification legislation in relation to breaches under the Privacy Act.  By comparison, most American States have such legislation and there is a serious effort to introduce it at a Federal level if for no other reason than to impose some uniformity on notifcation requirements.  It is good public policy to have such legislation.  Individuals are entitled to know if their personal information has been compromised.

With a lack of mandatory reporting there is a lack of Read the rest of this entry »