October 18, 2014
The Commonwealth Telecommunications Organisation announced the beginning of the process to create a Common Thread Network to allow Read the rest of this entry »
October 16, 2014
On Melbourne ABC radio today Jon Faine announced receipt of information from a whistleblower highlighting the insecure transmission of highly sensitive medical information through its emergency paging system. It has been picked up by the Age in Private medical information used by emergency services ‘insecure’, claims whistleblower which Read the rest of this entry »
On 15 October 2014 the UK Information Commissioner’s office issued its updated CCTV code of practice (found here). As the press release notes the UK is one of the leading users of CCTV in the world. Australia fares poorly by comparison with the UK in terms of privacy protections through the use of CCTV. The absence of Read the rest of this entry »
October 15, 2014
The Californian Attorney General has announced a settlement with Aaron’s over a number of breaches, including breach of privacy legislation. The privacy breach related to the installation of spyware on rental computers without client’s consent. The complaint is found here and the consent orders are found here. This follows on Federal Trade Commission entering into final orders involving the installation of spyware. Where the powers are available the regulators in the USA are Read the rest of this entry »
October 9, 2014
The Washington Post in How the Postal Service put your change-of-address information at risk reports on an audit of the US Postal Service which uncovered a significant weakness in the data security privacy breach. The weakness was poor controls over those outside groups who were given access to those records including a failure to follow its own procedures. One of those procedures was to require entities to submit security plands when they apply for licences. This episode highlights 2 issues in privacy protection; that weaknesses Read the rest of this entry »
October 6, 2014
It has been over 6 months since the amendments to the Privacy Act took effect. While the Privacy Commissioner’s office has been reasonably active in publishing guidelines, releasing statements and handing down 3 determinations a robust use of the enforcement powers has not been in evidence yet. That may be consistent with the softly, softly then gradually escalating model as set out in its statement The OAIC’s enforcement approach to new privacy laws from 12 March 2014 which Read the rest of this entry »
October 3, 2014
In December 2013 I posted on JP Morgan’s notification of a data breach (found here). As of the end of last year JP Morgan believed the personal information of 465,000 customers had been compromised. That was bad but now JP Morgan announces that in fact the cyber attack involved customer acccounts of 83 million customers as reported by itnews in JPMorgan reveals 83 million customers exposed by hack. This makes the data breach one of the largest in history.
It provides:
The JPMorgan Chase & Co systems hack has joined the ranks of the biggest data breaches in history, as the company revealed overnight that 83 million households and small business accounts were affected by the attack.
The bank revealed the scope of the previously disclosed breach on Thursday, saying that there was no evidence that account numbers, passwords, user IDs, birth dates or Social Security numbers had been stolen. Read the rest of this entry »
October 1, 2014
Health care facilities, especially hospitals, hold sensitive information (as defined in the Privacy Act). They are also quite prone to data breaches. There are a number of reasons for this, poor systems, reasonably regular turnover of staff, a large number of individuals concentrated in a small space often in quite busy (if not chaotic) environment and often a culture which is not given to more modern strictures on data handling. In Hospital patient takes peek at info of others Stuff NZ reports on a patient in Hutt’s emergency department using Read the rest of this entry »
At the 3/4 mark in the 2014 calendar year the Identity Theft Resource Center reports that 75 million records have been compromised in 568 breaches. This has been reported by SC Magazine in Report: 75 million records compromised so far in 2014. With no mandatory data breach notification legislation it is difficult to assess how many breaches there are in Australia. That is Read the rest of this entry »
September 30, 2014
That mobile apps are a privacy worry has moved from speculation through to allegation and are moving into the realm of a truism. Regulators have known about this for years and have in 2013/14 raised concerns, conducted reviews and surveys to highlight the problems with mobile apps. Those problems include non existent to poor privacy policies, failure to notify users of what will be done with their personal information, generally poor security, inadequate protections when transmitting information across wifi networks and poor quality software. In US man charged for selling spyware phone app the problem is even more concerning, an app designed to be installed by another person for the purpose of intercepting communications, including Read the rest of this entry »