Mr Justice Warby in Linklaters LLP Linklaters Business Services Intended Claimants v Frank Mellish [2019] EWHC 177 (QB) considered an application for injunctive relief regarding a breach of confidence action.  The information was sensitive but not commercially sensitive in the strict sense of the word. The decision does demonstrate the relative flexibility of the principles applied to more unusual fact situations.

FACTS

The claimants are:

• the multi-national law firm Linklaters; and
• the company through which Linklaters employed its UK-based employees (“LBS”).

Read the rest of this entry »

The Fairfax press reports in Crime syndicate hacks 15,000 medical files at Cabrini Hospital, demands ransom that the Melbourne Heart Group, specialists who lease rooms at the Cabrini Hospital has suffered what is almost certainly a ransomware attack. 

Ransomware attacks are particularly prevalent in the health care industry.  The impact of an attack is immediate and serious if not catastrophic and the need to remedy it, by paying the ransom, urgent.  Health data is particularly sensitive.  In early February an optometry clinic in Connecticut was hit impacting 23,578 patient records, In Jacksonvill Florida a Obstetrics and Gynecology practice suffered a data breach involving ransomware in early January while a health center in Rhode Island was hit by a ransomware attack in early December last year.   In November hospitals in Ohio and Ireland were hit by ransomware attacks.  And the list goes on and on and on.

Ransomware attacks are maturing and becoming more, not less effective.  The average ransom in the US has increased by 13% in the last quarter of last year over the previous quarter from $5,973 to $6,733. 

That a specialist cardiology unit at Cabrini could be so compromised by the attack indicates that there was either no or inadequate back up of the health records  in that unit.  If the records were Read the rest of this entry »

There has been no shortage of breathless and generally meaningless articles about the Government’s statement that political parties and the Australian Parliament have been the subject of state sponsored cyber attacks.  The Government boffins have come out with statements both  highlighting the risk and claiming everything is under control.  It has given rise to ponderous commentary about attacks on democracy and then spins out to truly odd dystopian pieces as Peter Hartcher did with Farewell tech utopia: how governments are readying the web for war which swallows the  twaddle about the internet being balkanised and ruined. 

The reality is that cyber attacks by state players, mainly Russia, China and North Korea have been a regular occurrence for a decade.  Then there are the plethora of non state hackers in India, the various Stans and Africa who sometimes are engaged by instruments of state to create mischief.  It is a feature of life in the age of the internet. 

Rather than reading the Henny Penny the sky is falling reportage and the end of innocence blather the best article to get an understanding of what is going on and why is the ABC piece Cyber attacks by foreign governments, malicious companies and enterprising hackers are on the rise. And the biggest problem is you. It sets out in plain undramatic terms that most cyber attacks succeed because someone in an organisation or government agency is fooled by an email containing malware.  And, as the article makes clear, that problem is one of Read the rest of this entry »

The Guardian with Revenge porn: nearly one in 10 adults admit to taking nude images without consent and the Canberra Times in One in 10 Australians have perpetrated ‘image-based abuse’ have reported on research by RMIT and Monash University in Image-based sexual abuse: The extent, nature, and predictors of perpetration in a community sample of Australian residents which found that 10% of adults have engaged in this problematical (and in many jurisdictions is criminal) conduct.  

The stories are not a product of detailed analysis but a pick up of the media release by the RMIT on Monday, 18 February 2019 which Read the rest of this entry »

David Crowe, one of the more energetic commentators at the Fairfax Press has put together a piece about the ridiculous exemption that political parties have from regulation of the Privacy Act 1988 in Political parties should be stripped of Privacy Act exemptions after hack: experts.  It is one of those topics that columnists dust off from time to time. Peter Van Onselen has repeatedly drawn from that well though pretty much saying the same thing again and again and again in an Australian article in Political parties violate our rights to privacy  on 23 July 2011, raising the issue Read the rest of this entry »

Yesterday, Rod Sims in a speech to the IIC Australian Chapter highlighted the issues that the ACCC raised in its Preliminary report on the Digital Platforms Inquiry.  The final submissions close on 15 February 2019.

As with the Preliminary Report Sims highlights the privacy issues that are associated with the current regime of data collection, the matching and lack of consent.  These are matters that should of primary concern to Read the rest of this entry »

The Information has published its Notifiable Data Breaches Quarterly Statistics Report for the last quarter of 2018.

The media release provides:

The latest quarterly report from the Office of the Australian Information Commissioner (OAIC) shows 262 data breaches involving personal information were notified between October and December 2018.

Facebook had a worse 2018 than Google but to a large extent that is merely a matter of degree. Facebook’s travails with its association with Cambridge Analytica and not doing much with the proliferation of false news stories planted by Russia and other actors made 2018 an annus horribilis. Google has had to deal with the phenonama of false news issues as well as years of litigation in the European Union, the UK and Australia.
It might be that Google will have a hotter time of it in 2019 with the French Regulators, the National Data Protection Commission, fining it 50 million euros for not getting valid user consent to gather data for targeted advertising. The regulators claim that Google breached the GDPR, the General Data Protection Regulation.

In July 2018 the Singaporean Government announced that there was a cyber attack which compromised the personal data of 1,495,364 people and led to outpatient prescription information for nearly 160,000 people being “exfiltrated”.

Police databases are a critically important investigative tool. They enable police to locate suspects, confirm addresses, check car ownership and registration and generally access information about individuals, often provided to the many governmental agencies through compulsion. It is then concerning when police abuse their powers to access data bases. There have been reports of such breaches in Queensland and Victoria.