Peter A Clarke

The private lives of celebrities have always been the subject of fascination, and a source of coin for certain parts of the media.  Magazines such as New Idea, Women’s Day, Women’s Weekly spent big on photos of couples doing what couples do..up to a point.  That earned them good readership and lots of advertising revenue.  That the magazine trade has hit the cyber wall does not mean the appetite to know about the private lives of celebrities has dimmed.  Far from it.  If anything the demand is more voracious. 

The Nine newspapers more into covering the the rich, not so rich, the famous and the just pleasant to look at to keep readership up on line.  Click bait trumps everything. Hence the Culture/Celebrity/Private Sydney column.   

Which brings us to the Rebel Wilson, privacy and the Sydney Morning Herald’s tenuous connection to journalistic ethics. 

The Sydney Morning Herald thought it was onto something when it heard from friends and associates that Rebel WIlson was in a new relationship and then spied a social media post that the relationship was with another woman.  Or at least that it is what Andrew Hornery, of the SMH, says.  Given Rebel WIlson had supposedly identified as hetrosexual that makes for a story.  So Sydney Morning Herald emails Rebel with questions and she, no doubt with the advice of her PR team, take control of the story and announce, if that is the right word for it, the relationship. 

The Wilson camp think she was going to be “outed” while the SMH felt it had a right to ask a question.  It copped a social media firestorm and has done a mea culpa of sorts with I made mistakes over Rebel Wilson, and will learn from them.  It is yet another example of the outsize influence of campaigners on social media to affect many aspects of our lives and the mainstream media.  Some of it is for the good.  Often times it is frightening and a threat to a robust but respectful exchange of views.  Here the outcome is probably good but some of the social media commentary is over the top.

At its core this is all about privacy.  The right of Rebel Wilson to decide to show to world what relationship she is in or not to show to the world what relationship she is in.  Her relationship status has no bearing upon how the economy operates or national security.  The simpering apology by the SMH talks about Read the rest of this entry »

The use of closed circuit television has been a matter of concern in for privacy commissioners in Europe and the UK for some time.  Now the Privacy Commissioner in New Zealand has provided guidance on the use of the CCTV, responding to the concerns about the use of surveillance cameras.  Unfortunately in Australia at the Federal level the Information Commissioner has showed scant interest with one short page saying pretty much nothing about the issues.  That is a pity.   The potential of privacy intrusion through the misuse of cctv technology is significant. 

The media release provides:

From our experience, putting up a CCTV or surveillance camera can get a strong reaction from the public.

Our Privacy Concerns and Sharing Data 2020 survey found 41 percent of people over 18 years old were concerned about the use of surveillance cameras.

Because CCTV captures images of people, which can be used, stored, manipulated, and disseminated, those who operate the systems need to be aware of how to manage privacy issues.

Good management of personal information is essential to the effective running of CCTV systems. Businesses can only take advantage of the full benefits available from CCTV technology if they manage their system with privacy in mind.

All organisations considering using CCTV need to be mindful of their obligations under the Privacy Act 2020. Organisations must only collect personal information if it is for a lawful purpose connected with their functions or activities, and the information is necessary for that purpose. 

We always recommend that agencies minimise the amount of personal information they collect. Any information that is collected should also be securely disposed of once it’s no longer needed for the organisation’s purpose.

The guidelines provides, with Read the rest of this entry »

It has been a feature of US law that the states are enacting privacy and data security laws at quite a rate to make up for the lack of federal oversight.  In that way some states in the USA is surpassing Australia, such as in California. 

Features of the Vermont law Read the rest of this entry »

Privacy and cyber security in the health industry is both critical and critically inadequate in the main.  Health organisations are notoriously vulnerable to cyber attack and poor privacy privacy practices on a day to day in person basis.

The US Food and Drug Administration (“FDA”) is in the process of revising its guidance to deal with cyber threats. To that end it is released the draft Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions and will be reviewing it in June and July.

The abstract provides:

The need for effective cybersecurity to ensure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and network- connected devices, portable media (e.g. USB or CD), and the frequent electronic exchange of medical device-related health information. In addition, cybersecurity threats to the healthcare sector have become more frequent, more severe, and more clinically impactful. Cybersecurity incidents have rendered medical devices and hospital networks inoperable, disrupting the delivery of patient care across healthcare facilities in the US and globally. Such cyberattacks and exploits can delay diagnoses and/or treatment and may lead to patient harm.

This guidance is intended to provide recommendations to industry regarding cybersecurity device design, labeling, and the documentation that FDA recommends be included in premarket submissions for devices with cybersecurity risk. These recommendations can facilitate an efficient premarket review process and help ensure that marketed medical devices are sufficiently resilient to cybersecurity threats.

It is a very useful detailed and dense 49 page resource.  Impossible to summarise in a post.  For those interested in privacy law it is a great resource.

Some useful comments Read the rest of this entry »

The National Institute of Standards and Technology (“NIST”) has released the draft Using Business Impact Analysis to Inform Risk Prioritization and Response the Abstract.

The NIST states:

Traditional business impact analyses (BIAs) have been successfully used for business continuity and disaster recovery (BC/DR) by triaging damaged infrastructure recovery actions that are primarily based on the duration and cost of system outages (i.e., availability compromise). However, BIA analyses can be easily expanded to consider other cyber-risk compromises and remedies.

This initial public draft of NIST IR 8286D provides comprehensive asset confidentiality and integrity impact analyses to accurately identify and manage asset risk propagation from system to organization and from organization to enterprise, which in turn better informs Enterprise Risk Management deliberations. This document adds expanded BIA protocols to inform risk prioritization and response by quantifying the organizational impact and enterprise consequences of compromised IT Assets.

The Abstract provides:

Read the rest of this entry »

In Alarming Cyber Statistics For Mid-Year 2022 That You Need To Know Forbes has undertaken a comprehensive review of developments in 202.  It is one of the best articles of the year to describe the current developments with cyber attacks,  the state of readiness to meet them and what needs to be done.  It is an excellent article. Depressingly it seems the preparedness in the United States is just as inadequate as it is in Australia. 

The other benefit of the article is that it links to other excellent articles.

The article Read the rest of this entry »

The  Monetary Authority of Singapore has  revised Guidelines on Business Continuity Management for financial institutions to strengthen resilience against service disruptions arising from a range of circumstances including cyber attacks, and physical threats. 

The media release provides:

The Monetary Authority of Singapore (MAS) today issued revised Guidelines on Business Continuity Management (BCM) for financial institutions (FIs), to help FIs strengthen their resilience against service disruptions arising from IT outages, pandemic outbreaks, cyber-attacks and physical threats. The revisions take into account learnings from the handling of the COVID-19 pandemic and increased digitalisation in the financial sector.

2 The revised Guidelines provide new insights on measures that FIs can take to better manage the increasingly complex operating environment and threat landscape to enable the continuous delivery of services to their customers.  Under the revised Guidelines, FIs should:

a)adopt a service-centric approach through timely recovery of critical business services facing customers;

b) identify end-to-end dependencies that support critical business services, and address any gaps that could hinder the effective recovery of such services; and

c) enhance threat monitoring and environmental scanning, and conduct regular audits, tests, and industry exercises. 

3 Mr Vincent Loy, Assistant Managing Director (Technology), MAS, said, “Against the backdrop of an increasingly volatile and complex environment, the new Guidelines will help financial institutions to take an agile and holistic approach in sustaining their critical business services when faced with threats and risk of disruption.” 

The guidelines are found here.

On a more sombre note Crikey reports that federal government departments have not fulfilled cybersecurity basics.  That Read the rest of this entry »

The National Institute of Standards and Technology (“NIST”) has announced a review on FIPS 180-4, Secure Hash Standard (SHS). 

In its media release the NIST states Read the rest of this entry »

The health industry is a prime target for cyber attack.  The volume of data collected by health services providers is enormous.  A person is required to provide a detailed history, including name, address, date of birth, health insurance details as well as information about one’s physical and mental condition.  A hacker’s nirvana. KordaMentha raised this point, which I have made for years, in Why healthcare is a red-hot cybercrime target.

Not surprising that it has been reported  in Hack of Medical Imaging Provider Affects Data of 2 Million that Shields Health Care Group in the Massachusetts has had a data breach involving access topersonal information of 2 million persons.  That makes it the biggest health data breach this year in the United States.

It Read the rest of this entry »

A change of Federal government gives rise to a new opposition and some new shadows.  Senator James Paterson has been made Shadow Minister for Cyber Security. 

As part of that responsibility the good Senator in Cyber security needs ‘like-minded’ nations: Paterson has been reported as calling for more collaboration to combat transnational cyber security threats.  The report Read the rest of this entry »