Peter A Clarke

The Information Commissioner’s Office reports in Birmingham banker fined for reading colleagues’ bank accounts on criminal charges, and fine, of a banker in Birmingham abusing his position and in the process breaching the law in reviewing bank accounts of colleagues at Santander.  A very egregious data breach.

It provides:

A Birmingham banker has been fined after he admitted reading his colleagues bank accounts. Read the rest of this entry »

Data breaches are always a worry.  Large data breaches are especially concerning.  In South Korea 220 million items of personal information involving 27 million individuals have been accessed without authorisation.  This is reported in Massive data leak in S Korea affects 70% of 15-65 demographic  (also reported here).  The worrying aspect of this breach, as if these bald figures weren’t Read the rest of this entry »

Gmail and android apps are turning into the gift that keeps on giving for hackers.  Or so it appears from Read the rest of this entry »

That the internet of things doesn’t bring privacy challenges (to put it mildly) is hardly news.  And Which?  in Smart TV spying – are you watching TV, or is it watching you? provides an apt example of the problems of tracking Read the rest of this entry »

Two US Senators, Ron Wyden of Oregon, and Jay Rockefeller of West Virginia have raised concerns about data privacy practices in different contexts.

Senator Rockefeller is reported in Senator questions airlines’ data privacy practices has sent letters to US airlines about their practices of collecting personal information and Read the rest of this entry »

While those in the privacy sphere in Australia watch and wait to see how the Privacy Commissioner will excercise his newly acquired (since 12 March 2014) powers of enforcement under the Privacy Act 1988 the Federal Trade Commission (“FTC”) moves apace in taking to task those engaging in privacy intrusive conduct (via claims that the miscreants misrepresented that they protected their customers privacy).  After announcing orders against Credit Karma and Fandango earlier this week (and posted here) the FTC approves final orders against GMR Transcription Services whose security practices were so deficicent as to expose personal information of thousands of consumers on line, some of which were medical histories adn examination notes.  The settlement was first announced on 31 January 2014.   The period of the settlement order is 20 years.  Onerous by any measure but given the nature of the breach reasonable, particularly as the FTC has no power to fine GMR.  In the UK the Information Commissioner may have been able to impose a monetary penalty. In the last 3 – 4 years the FTC has proven to be quite a vigorous regulator using the limited powers available to it in privacy regulation.  It has also been active in calling for greater privacy controls through appearances before Congressional Committees.

In Australia the Privacy Commissioner may Read the rest of this entry »

How the law deals with the development of drone technology is a good study in what not to do from a public policy and legislative point of view.  At a Federal level in Australia and the United States the legislative response has been inertia.  Not even incoherence.  But not for want of notice or knowledge.  There have been no shortage of reports, news stories and expert advice on what drones do, will do and the privacy and commercial impact of their operations.

As with many changes in the privacy sphere it Read the rest of this entry »

I have recently posted (here, here and here) about data breaches by insiders who are acting maliciously, typically disgruntled or ex employees, or accidentally, often through phishing or poor password protocols or just negligent acts such as leaving data on BYODs which are lost or stolen.   Data breaches are Read the rest of this entry »

The Federal Trade Commission (FTC) has approved two orders with two apps services, Credit Karma and Fandango, regarding very poor security protections against interception by third parties, known as “man in the middle” attacks.  These orders highlight Read the rest of this entry »

I have recently posted on the problem of internal threats to data security (see here and here).  Organisations may have strong cyber defences and office security may still be exposed to a significant risk of a data breach by the actions of ex employees, whether of the disgruntled or gruntled variety.  Poor practices in password management, closing access and accounts and generally preventing access to records by ex employees can easily expose a business to financial and reputational loss.  Similarly checking the on line and computer activities of employees soon to be former employees may prevent malware or other cyber bombs being placed within a businesses computer system.  These issues are illustrated in Why Former Employees Could Be Your Next Great Security Threat.

It provides, absent slides: Read the rest of this entry »