Peter A Clarke

The UK Information Commissioner (“ICO”) continues to set a brisk pace in taking action against data breaches, this time imposing a £70,000 fine on the Islington Council for failing to keep personal information secure on its parking ticket system website.  It highlights that breaches of privacy laws are as much about ensuring that personal information is secure from potential breach as responding to a breach itself.  The infraction can be just as costly.

In the case of Islington council the ICO found that its website which allowed people to see an image of their parking offence had design faults which Read the rest of this entry »

Hackers are enterprising.  Those who are also thieves are particularly keen to search out industries who are cash rich and security poor.  According to the BBC they have found it in the shipping industry as How hackers are targeting the shipping industry reports.  Hackers have intercepted emails and, acting as cuckoos, changed banking details on emails from suppliers asking for payment.  Given shipping companies work in Read the rest of this entry »

The National Institute of Standards and Technology (“NIST”) produces excellent technical publications on data security and privacy which have wide application throughout both the US Government but also many organisations.  It is in many ways the gold standard.  That is not to detract from the Australian Government Information Security Manual which is an excellent resource but not used nearly enough by practitioners in the data security field.

The NIST has announced the release of its new revision of  Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations.  What is notable about this publication is that it is now focused on both Government and private systems.  The NIST is providing a resource to assist any organisation, or person, to maintain Read the rest of this entry »

TalkTalk has had a dreadful few years courtesy of data breaches.  In 2016 it received a record fine of £400,000 for theft of personal data involving 157,000 customers which had not been encrypted as a result of a hack in 2015.  It later estimated Read the rest of this entry »

The Federal Trade Commission (“FTC”) has entered into a agreement with Uber Technologies (“Uber”) arising from the FTC’s formal complaint that Uber had failed to fulfill its claims that it monitored employee access to consumer and driver data.

As the media release and the complaint makes clear Uber did what many organisations with a poor privacy and data security culture did, put Read the rest of this entry »

Human error, frailty or just plain old fashioned misbehaviour remains a huge problem for maintaining data security.  As a recent Beazley report on data breaches highlighted that while ransomeware attacks attract the headlines accidental acts or omissions are a major cause of data breaches.  They account for 30% of breaches, slightly Read the rest of this entry »

The Australian Financial Review in ANZ executive’s identity stolen and used for $30,000 Westpac loan highlights the chronically poor state of privacy protection by many businesses and the culture of non compliance. The likely scam was simple, an Read the rest of this entry »

It is no longer news that intellectual property is a lucrative and high status target for hackers.  And entertainment ip, such as films, is particularly sought after .  In 2014 Sony was hacked, probably by North Korea, and lost a huge trove of data, including personal information, highly embarrassing email communications and also some films which had been yet to be released.  Earlier this year Netflix was hacked and 10 episodes of Orange is the New Black was stolen and leaked on line after Read the rest of this entry »

The Wired in Privacy Isn’t Dead. It’s More Popular Than Ever highlights what researchers and privacy practitioners have long known, that people do value their privacy and when given the opportunity will protect it.  The Pew Research Center in the 2015 report titled  Read the rest of this entry »

Confidence is critical for an economy to function properly.  Traditionally that has meant that confidence that a legal system is impartial and efficient, confidence that contracts are enforceable and that confidence that property rights are secure from arbitrary confiscation.  In the digital economy the other confidence is that data is secure, personal information is not misused and that electronic communication is free from intrusion and unrestrained surveillance.

In a recent Internet Society Survey on Policy issues in Asia Pacific 2017 the results show that there is a distinct lack of confidence in Read the rest of this entry »