Peter A Clarke

Data security is a key issue in the regulation of privacy.  Security from hacking is the prominant issue for web sites.  Direct attacks can be difficult to protect against but not as complex as third party access.  In Contractor creds used in Target hack itnews reports that the massive breach of Target’s data occured because of stolen log credentials of a third party, an air conditioning contractor.  Net result a loss of records of 110 customer payment cards and personal records.  This poses a dilema for large organisations which use third parties, often smaller operations with less sophistacted IT system and protection.  The changes to the Privacy Act in March requires organisations to maintain adequate security.  Take reasonable steps in fact. If an organisation is concerned about the security of its contractors it will have to take steps to restrict their access to its site or require the contractors to upgrade their security.  The consequences of a Read the rest of this entry »

Even though the article is titled Internet privacy: how Australia’s new laws will work the Guardian piece is, properly, about the general changes to the Privacy Act.  In my recent experience the reaction from those who should be most concerned about making sure they are compliant is a weary “meh”.  Almost as if – it wasn’t a problem in the past why should it be a problem into the future.  The analysis is flawed of course.  Previously the Privacy Act had little impact on businesses covered by it because the powers available to the Privacy Commissioner were very limited and any exposure to penalty so slight as to be almost academic.  As of 12 March the regulatory landscape will change from peaceful meadows to tangled weeds and steep cliffs for organisations Read the rest of this entry »

Forbes reports that Mark Zuckerberg’s apparent softening on privacy, at least as far as supporting anonymity, in  Zuckerberg’s Embrace Of Anonymity Marks Shift In Attitudes Toward Privacy.  It may be a nuanced change but a step, even if of the micro variety, is to be welcomed.  As the article ponders, the proof is in the eating.

The article provides:

In an interview with Bloomberg BusinessWeek on Thursday, Facebook CEO Mark Zuckerberg admitted that he thought it was “somewhat of a burden” if you are “always under the pressure of a real identity.”

If anyone else had said something so obvious it would be completely unremarkable.  But coming from the same person who once threatened “the age of privacy is over” and having Read the rest of this entry »

The California Assembly passed the Bill 1256 (AB 1256) – Privacy and Buffer Zones and Bill 1356 (AB 1356) – Stalking Reform last week. Both Bills were the product of the work of the Paparazzi Reform Initiative.

The Privacy and Buffer Zone Bill provides:

The Guardian in Microsoft, Facebook, Google and Yahoo release US surveillance requests reports on a slight but important increase in transparency about data given to US Surveillance agencies pursuant to secret court orders.  A small start in getting more transparency which is Read the rest of this entry »

The Age has again run a story on the impending changes to the Privacy Act with Privacy deadline nears: are you ready? Twelve March 2014 is looming closer and closer and in my observation the level of preparadness is quite patchy.  Given the scope and depth of what will now be required, particualrly for those involved in providing credit (a broad term as defined in section 6G of the Privacy Act), this is a worry.  If the Privacy Commissioner adopts an assertive approach to regulation there could be some reputational damage and financial outlays on the part of chastened organisations. The key will be the approach taken by the Privacy Commissioner.

The article provides:

Australian companies have just weeks to get their data collection, storage, management and disposal practices in order before several changes to the privacy regime come into effect.

On March 12, the Information Privacy Principles and National Privacy Principles, which apply to federal government agencies and businesses respectively, will be replaced by 13 Australian Privacy Principles (APPs).

The APPs require organisations to be Read the rest of this entry »

Mobile Apps are all too often the weak link in privacy protections.  This has well been well recognised by regulators.  It was the subject of a communique, known as the Warsaw declaration on the “appification” of society. In Track Star Slate reports on iBeacon being used with third party apps to track users.  The beauty of the article is, using a popular app Shopkick, it demonstrates how intrusive the data collection process is and how misleading and, effectively useless, the privacy policies are.  The problems identified in the article regarding privacy policies would probably not be compliant with the Australian Privacy Principles.  In Australia the issue would be that most app developers, especially the start ups, aren’t covered.  They don’t gross more than $3 million per year.  That is a huge problem because Read the rest of this entry »

Reports of data breaches are coming thick and fast.  Many instances highlights the need for data security to deal with hackers.  And there are data breaches caused by humans.  Which is what happened in South Korea In Card Sharps the Economist reports on how an IT contractor allegedly stole personal information of around 20 million individuals held in 104 million accounts.  All with the use of a USB Stick.  The soon to be enforceable Australian Privacy Principles make it clear that there needs to be proper data security, both technical but also training, programs and processes involving staff.  Errors or theft by staff, either permanent or contractors, are a major source of problems in maintaining data security.  Organisations after implementing processes fail Read the rest of this entry »

Today is Data Privacy Day.  Perhaps a bit paradoxical as it comes just after a spate of spectactular data breaches in the US.  The Privacy Commissioner has issued a press release titled  Australians’ right to privacy strengthened with new privacy laws (found here) which provides:

‘With the introduction of new privacy laws, people’s privacy rights will be enhanced and strengthened in areas such as direct marketing, the disclosure of personal information overseas and requesting access to and correction of personal information held by an organisation,’ Australian Privacy Commissioner Timothy Pilgrim said.

From 12 March 2014 new privacy laws mean that Australians can more easily:

• ask an organisation Read the rest of this entry »

Zdnet reports in  FBI issues security warning to US retailers that the US Federal Bureau of Investigations is warning retailers to be aware of malware infecting point of sale systems.  This leads to significant data breaches.

The article provides:

The US Federal Bureau of Investigation (FBI) is warning US retailers Read the rest of this entry »