Peter A Clarke

The Sony Hack demonstrates that the legal consequences of a breach of cyber security are but a mere tremor compared with the commercial losses not to mention the reputational damage to a major corporation.  Risk Based Securitym in  A Breakdown and Analysis of the December, 2014 Sony Hack has set out in detail the ever growing calamity of the hacking attack on Sony.  The impact of Read the rest of this entry »

Privacy professionals are waiting patiently to see how the Privacy Commissioner proposes to exercise his new found powers.  And patience is the watchword.  After 6 months he has issued a Regulatory Action Policy which, as the release notes, explains the powers available to the Commissioner.  Chapters 1,3,4,7, 8 and 9 of the Guide to the privacy regulatory action is in the consultation process.  Whether the Read the rest of this entry »

From a slow start the coverage of drones has moved into hyperdrive in the Australian media.  It is as if the technology has suddenly “landed” in our midst ( I have been posting on the technology and its impact on law for years, here, here, here, here, here, here, here and here for example). But it is good to see some reasonable coverage.   The Fairfax press has two large pieces, the first being in the Age with Law enforcement drones: Privacy concerns v public safety and NSW Police to trial unmanned drones while the Australian Financial Review (behind the pay wall) From Tiger Moths to toy stores: how drones have taken off  and  Game of drones: business is toying with them and Santa is too

 The regulation of drones is all about air safety and where and how they may be flown.  Very little about Read the rest of this entry »

The Federal Court proceeding of Professor Barry Spurr v At Large Media Pty Ltd ACN 144 75 316 & Anor  has resolved today.

The Court per Wigney made the following orders by consent:

BY CONSENT THE COURT ORDERS THAT:

1.  The First and Second Respondents be restrained for further using, publishing and/or disclosing the contents and/or substance of any email to or from the Applicant which is in the possession, custody or control of the First and/or Second Respondents without the Applicant’s express written authority.
2.  The names and identities of the individuals referred to in paragraphs 4, 5, 6, 8, 10, 11, 12, 16 and 17 of the Applicant’s affidavit sworn 21 October 2014 not be published.
3. Any document (including the Applicant’s emails) revealing the identity or name of any individual addressed or referred to in the Applicant’s emails, including (but not limited to) the individuals names at paragraphs 4, 5, 6, 8, 10, 11, 12, 16 and 17 of the Applicant’s affidavit sworn 21 October 2014 may only be distributed or disclosed to the legal representatives of the parties.
4. The proceedings otherwise be dismissed, with each party to pay his or its own costs.

Any thoughts or hopes that this case would advance the law of privacy and confidentiality or just provide some judicial guidance on the operation of the Privacy Act have evaporated. Probably for the better.  It was not the best vehicle for an exposition on the law of privacy in general and the Privacy Act in particular.  As the orders make clear, both sides Read the rest of this entry »

A growing battle in cybersphere is that between those developing surveillance resistant and privacy enhancing technologies and governments, in particular security agencies and law enforcement bodies, who want access to some, and sometimes much more than that, data.  Encryption software of the Read the rest of this entry »

The Federal Trade Commission (” the FTC”) has announced a settlement with PaymentsMD LLC and its former CEO regarding egregious privacy invasive practices.  Consumers in signing up for an on line billing portal, to allow them to view their billing history, were in fact providing consent for the company and its partners to access their medical information.  By no reasonable measure could the authorisation constitute a proper consent for access to Read the rest of this entry »

The major data breach of Sony Pictures is resulting in a familiar wave of consequential loss and damage; cost of repair, reputational damage and loss leading response to mitigate damage.  In Sony hires Mandiant to clean up after cyber attack the story focuses on the very expensive and embarrassing task of having outside security experts having to work through the cyber wreckage left by hackers.  The cost of the hack for Sony has been the leaking of valuable IP, in the form of yet to be released films as reported in  Upcoming Sony Pictures films leak online in wake of hack.  All of this highlights the critical importance of maintaining adequate data security and response strategies in the event of a breach.
Read the rest of this entry »

In Thrill-seeking stunts elicit drone safety concerns the Sydney Morning Herald does a good roundup of how drones are both becoming more common, used more adventoursly and becoming a growing mobile safety concern. As a piece it is a reasonable Read the rest of this entry »

The Economist in the excellent article Cryptography for dummies highlights the development in on line security which is both a boost and a bane for regulators.  Encryption is a key tool to Read the rest of this entry »

Earlier this month the Federal Trade Commission (the “FTC”) again flexed its regulatory muscles, this time in obtaining injunctions against Read the rest of this entry »