Peter A Clarke

One aspect of data protection that defies an easy, if any, technological response is the role staff play in the leakage of data from an organisation.  Staff can be responsible for a data leakage for a range of reasons; storing personal information on BYODs which are lost or stolen, being caught by a sophisticated phishing attack, accidentally or, out of ignorance, providing personal information in breach of the Privacy Act.  And then there is the problem of data theft by staff, for revenge or profit.  Two recent articles highlight the problem, Restaurant staff ‘stole bank card details’, Medical worker stole patient identities, committed credit card fraud, Bergen prosecutor saysand Former Georgia deputy sentenced in identity theft plot. Under the Australian Privacy Principles it is necessary to take reasonable steps to protect personal information.  That includes Read the rest of this entry »

The Australian has something of a schizophrenic approach to privacy.  Mention a statutory (or any other) right to privacy and the paper reaches into its archives and dredges up another piece against the proposition.  And if it is really hackneyed and cliched, put it in the Legal Affairs Section.  High dudgeon a plenty but not much in the way of analysis.  But then the paper does run some quite good pieces on data protection. For example in Defending your data is not a bad piece on protecting privacy.  It is Read the rest of this entry »

Wired in The Gyroscopes in Your Phone Could Let Apps Eavesdrop on Conversations reports on findings whereby apps can access to a smartphone’s  gyroscopes and use them as microphones to overhear conversations.  And with Android phones there is no way for users to deny the apps access to such sensors data.  The privacy implications are Read the rest of this entry »

In a continuing series the Privacy Commissioner has, today, released a video titled What can I do about my neighbour’s security camera?

It is found Read the rest of this entry »

The piece ACTE members’ data stolen by hackers  reports that the data of all members of the ACTE on 11 August 2014.  Interestingly the Association responded very promptly about the data breach, both to the authorities and to the public generally.  It is a very different attitude to Read the rest of this entry »

Disposal of old records during a move, a spring clean or just a clean up is a continuous source of data breaches.  It is almost invariably a product of poor data management.  Files accumulate, rather than being progressively destroyed or de identified as the records are no longer of use and then stored in an isolated area and forgot about when staff move on.  Poor record keeping adds to the confusion.  When furniture or buildings are sold or there is a move to declutter there is no real methodology in reviewing whether what is being sold, removed or other thrown out contains personal information.  Such practices are clear breaches of the APPs and may attract enforcement action by the Privacy Commissioner.

In Sensitive student records found in dumpster outside Denver middle school boxes of student records were Read the rest of this entry »

As of today the amendments to the Privacy Act have been in force for 5 months.  According to Zdnet’s article Australian businesses uncertain about data handling: IDC notwithstanding that time period, the preceding 14 months between passage and enactment of the amendments and the reasonable media coverage almost 20% of organisations are not aware of the changes and 70% of organisations are still seeking guidance on how to manage data.  In a sense that is an improvement on previous analysis as at March 2014 where the estimate of awareness was hovering at 40%.  But it is still a concern.  The article is based on an IDC study (found here).  What is clear Read the rest of this entry »

Will technology solve threats to privacy that the law will (rather than can not) do?  That has been a hope and prediction by some software programmers and other wonks.  The focus has been on encryption.  But in Could peer-to-peer technology solve the privacy conundrum? one possible solution is peer to peer technology.  Of course it would be better to have both the privacy enhancing technology as well as coherent and comprehensive privacy regulation which Read the rest of this entry »

The Information Commissioner’s office (the “ICO“) has entered into an enforceable undertaking with Thamesview Estae Agents who engaged in practices inconsistent with properly handling personal information and disposing of it securely, to wit it left transparent bags of documents containing personal information on the street for collection and disposal by a third party.  The contents of the bags could be viewed Read the rest of this entry »

The US Federal Trade Commission has been raising concerns for some time regarding privacy weaknesses in mobile apps,including taking actions against some app developers.  Mobile shopping apps are popular and almost ubiquitous.  But, as in the FTC reports in What’s the Deal there are real problems with notices to consumers about data collection and use and data security practices.

Regarding collection of consumer data the FTC found Read the rest of this entry »