March 12, 2014
Today, 12 March 2014, the long-expected and patchily publicised amendments to the Privacy Act 1988 take effect.
The PM program has run a story on the changes in New privacy laws crack-down on personal data use. It provides:
MARK COLVIN: New privacy laws come into effect today in a major crack-down on those using our personal data.
Businesses are now compelled Read the rest of this entry »
March 11, 2014
For those following this site the existence of amendments to the Privacy Act 1988 is trite and the fact that they will take effect tomorrow is obvious and well known. The Privacy Commissioner has put out a media release to that effect with Privacy laws change tomorrow. Not Byronesque but clear and to the point as headings go. What more can you expect from a heading.
It relevantly provides:
Important changes to the Privacy Act 1988 commence on 12 March 2014.
The changes include Read the rest of this entry »
The Conversation is turning into quite an effective commentator on privacy law issues. In When data privacy goes missing, will the regulators hear it cry? on 7 March the issue is privacy and data breaches and, more importantly, what regulatory response is out there. As the author notes data breaches seem to becoming more common, almost ubiquitous and notification is made by external parties 70% of the time. In Australia there is no mandatory data breach notification laws. It is being a little too Polyannish to assume voluntary notification will take hold of the nations organisations and agencies. That is a serious flaw in privacy regulation.
The article also falls into the sceptical camp when it highlights the wording of the Read the rest of this entry »
Today the Privacy Commissioner found that Telstra breached the National Privacy Principles 4.1, 4.2 and 2.1 arising out of the leak of personal information of 15,775 customers. The Privacy Commissioner’s finding is found here. The ACMI also found Telstra breached the Telecommunications Consumer Protections Code. It’s finding is found here.
The reportage has been long and loud. The Age report is found here at Telstra breaches privacy of thousands of customers, the ABC with Telstra fined after breaching privacy of 15,775 customers and itnews with Telstra breached Privacy Act by exposing user data with the Australian’s Telstra leak breached privacy law: reports.
The Privacy Commissioner’s decision, absent footnotes, provides:
On 24 May 2013, the Australian Privacy Commissioner (the Commissioner) opened an own motion investigation into Telstra Corporation Limited (Telstra). This was in response to media allegations that personal information of Telstra customers was accessible online, which Telstra confirmed.
The Commissioner’s investigation focused Read the rest of this entry »
March 10, 2014
This Wednesday the amendments to the Privacy Act 1988 take effect. They should require a significant change to the manner in which privacy is regulated in Australia by the Privacy Commissioner. He has been given significant and varied enforcement powers. And the penalties for serious interferences with privacy, $340,000 for an individual and $1,700,000 for a company, and breaches of the Credit Reporting provisions of the Act (Part IIIA) are very significant. The question is, and has always been, how active and effective the regulator will be. Part of the problem in the past has been Read the rest of this entry »
The Target breach in the USA has been described as a tsunami of privacy breaches, the 9/11 of data security and any other number of hyperbolic monikers. It is clearly a catastrophic breach of security and a serious invasion of privacy. It has caused a shake up in privacy protection and a wake up call on the need to improve standards. There have been a range of lessons gleaned from the event; ensuring data security of third party contractors (through which hackers entered Target), separating data within sites, maintaining appropriate levels of data security, monitoring traffic of sites and the list goes on.
The issue raised by the Washington Post in No consensus on how to notify data breach victims is the patchwork of laws through the USA regarding notification of data breaches to those whose personal information was leaked. In the US most states have some form of mandatory data breach notification. But they are not uniform on how they operate, as the article makes clear. Compare this to Australia where Read the rest of this entry »
The use of drones to drop contraband into jails has been a recent trend internationally (see youtube report here). The trend has become actuality in Melbourne, Australia with an attempt to drop drugs into the Remand Centre via drone. The Age reports on the attempt in Arrest after ‘drone with drugs’ nabbed near Metropolitan Remand Centre. The article provides:
Police have intercepted a drone Read the rest of this entry »
March 8, 2014
The US Federal Trade Commission and the UK Information Commissioner’s Office have signed a memorandum of understanding to promote increased co operation as part of increasing consumer privacy.
The media release (with pictures found here) provides (absent photographs):
The U.S. Federal Trade Commission signed a memorandum of understanding (MOU) with the Information Commissioner’s Office (ICO) of the United Kingdom today to promote increased cooperation and communication between the two agencies in their efforts to protect consumer privacy.
The MOU was signed by FTC Chairwoman Edith Ramirez and the UK’s Information Commissioner and Chief Executive, Christopher Graham. It is designed to bolster their privacy enforcement partnership at a time when more and more consumer information is moving across national borders, increasing the need for cross-border enforcement cooperation.
March 7, 2014
Drones were the subject of a significant discussion by the Standing Committee of Social Policy and Legal Affairs on 28 February 2014. The transcript of the roundtable is found here (with the privay discussion being found at pages 40 – 53). The Australian in CASA rejects drone control role has a report on that discussion in its Aviation section. The article makes clear that CASA wants nothing to do with policing any privacy laws that may regulate drones in the future. Which is very sensible. CASA has a very clear defined role and privacy protections is not within that bailiwick. The rapid uptake of drone technology poses a multi agency challenge. As with the United States of America an overhaul of the regulations is required. On the legal front the current law is utterly inadequate to provide privacy protections from the misuse of drone technology. The legislature is barely rousing itself to deal with these issues. The problem is that the technology is not stopping for anyone.
The article provides:
THE aviation regulator has said it has no interest Read the rest of this entry »
There has been some critisism about the effectiveness of the Guidelines to the APP. That has prompted quite a lively response from the Privacy Commissioner (found here). He rarely reacts so quickly and assertively to media reportage. It is important issue to clarify. The extent of work undertaken to comply by organisations has been uneven, to put it mildly. That has been a subject of reports over the last 15 months. Having mixed signals in the marketplace can only hamper regulatory compliance. Ultimately the assertiveness of the Privacy Commissioner will influence how compliant organisations really become.
The consultation details relevantly provides:
Significant amendments to the Privacy Act 1988 (the Privacy Act), made by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (the Privacy Amendment Act), commence on 12 March 2014.
The amendments include Read the rest of this entry »