ZdNet reports that the Commonwealth Government is still intent on legislating a power to access encrypted communications.  It will be fascinating to see how this is done legally. But legality is just the easy bit.  How does an Australian Government force an offshore entity to hand over its key or require Read the rest of this entry »

Facial recognition technology has long been touted as an effective tool in crime prevention and investigation as well as important for national security.  It is also touted as a way of improving efficiency in business and through social media.  Unfortunately the hype does not match the facts.  The algorithms and the quality of images that power facial recognition technology are often below par leading to many false positives.  The technology is also plagued by Read the rest of this entry »

The US Supreme Court in Byrd v United States, by a unanimous decision, restated that a strong belief in the privacy rights under the Fourteenth Amendment.  It is an important decision on reasonable expectations of privacy but does not change the approach taken by the court on such issues.

FACTS

Read the rest of this entry »

The My Health Record program, providing a summary of one’s personal health information which can be shared with health providers, has not been a public policy success story. The pick up rate has been poor, with about 20% covered but according to the article in last year’s Conversation  Why aren’t more people using the My Health Record? it has only been used by a small percentage of consumers and not even to its intended capacity.  It is not popular with the likely users of the system, general practitioners and hospitals who regard it as not fit for purpose.  The privacy concerns regarding the My Health Records system have been long standing with articles highlighting the problems in 2015.  There is considerable distrust of the system and its vulnerability to data breaches. particularly given Read the rest of this entry »

The issue of consent is very significant under all data protection acts, not least the Australian Privacy Act 1988.  The UK Information Commissioner has released its guidance on consent.  While it is directly applicable to the obligations under the General Data Protection Regulation (the GDPR) the contents will be of use in the Australian context.  Issues relating to consent are common across jurisdictions and the UK Information Commissioner’s guidances are generally Read the rest of this entry »

It is trite to say that Google lives off data.  That is the blood that flows through its veins and makes it the financial behemoth it is today.  It is not particularly discerning about how it gets data as Oracle has highlighted to the Australian in quite an impressive exclusive report We’re paying telcos to help Google spy on us.  Those using Android devices on smart phones have, according to Oracle, been transferring data to Google.  Worse still, telcos appear to be transferring data to Google for payment.  Google claims there has been consent, a truly vexed issue in privacy documents and permissions.  That side of the story needs more information. The story has also been covered by Read the rest of this entry »

Family Planning NSW has had its database of personal information of all clients who contacted it for the past two and a half years compromised by a cyber attack.

The nature of the data could not be more sensitive, and is defined as sensitive information in the Privacy Act, being not only health information but that which relates to contraception and fertility.  The nature of the breach was a bitcoin ransom demand Read the rest of this entry »

The Federal Trade Commissioner announced that it had settled with BLU Products arising from a complaint that it had deceived its customers regarding its privacy policies and data security practices.

Under the decision BLU and any business that it controls will need to Read the rest of this entry »

The overhaul/replacement of the UK’s Data Protection Act so as to be compliant with the incoming General Data Protection Regulation (GDPR) will result in increased powers of the Information Commissioner designed to deal quickly with urgent situations, known as urgent information notices from 7 days to 24 hours and empower the information commissioner to obtain a court order to require disclosure of the information referred to in the notice where there has been a failure to comply. There will also be a new offence which would criminalise the destruction, disposal, concealment, blocking or falsification of information and documents the subject of a formal request by  the information commissioner.

When enacted the new look Data Protection Act will be an even more superior piece of regulation to the Australian Privacy Act 1988.  More to the point the UK Information Commissioner has proven to be an effective regulator, using the powers available to her. In Australia the Information Commissioner has been careful not to use his enforcement powers and Read the rest of this entry »

As is the way of it big data breaches there has been a ripple effect with the Commonwealth Bank’s data breach of losing track of records affecting 12 million customers and 20 million accounts.  The banks initial “not much to see here” explanation on its home page has morphed into a sort of acceptance, via comment to the media, that it should have come clean earlier.  Which is in and of itself a misrepresentation.  It never actually came clean with the public.  The breach was exposed and only then did it state that it had advised the Information Commissioner.  That is not coming clean. The CBA is now notifying affected customers.  Two years after the event.

The CBA’s explanation has been the rightly subject of criticism.  Typical of that criticism, and that of the regulators, is the Read the rest of this entry »