Peter A Clarke

For those with a long term interest and involvement in privacy and data security the danger of cyber attacks on utilities and vital infrastructure is well known.  And to an extent it has come to pass, with Read the rest of this entry »

Parents seeking to protect the privacy of their children from the snapping shutters of papparazi have given rise to significant jurisprudence, notably the New Zealand decision of Hosking v Runting and Murray v Express Newspapers.   The law has moved along in some common law jurisdictions, though not particularly well in Australia, where the jurisprudence is still mired in breach of confidence/misuse of private information claims in equity.  Clunky and not as good as a proper tort of invasion of privacy.

In Europe, France in particular, the privacy laws are quite strict.  It is therefore a little surprising that the BBC reports that a French Magazine, Voici, has published pictures of the Clooney’s infant twins taken by photographers who scaled a fence to enter private property and Read the rest of this entry »

The Fairfax press has run a legitimate, if breathless, report on fridges having the potential to turned into listening devices in Queensland police say fridges could be turned into listening devices.  The context of the story is about parliamentary inquiry into surveillance powers.  It touches on two neglected but potent developments; the new modes of surveillance, in this case using connected devices, and the expansion of the internet of things, with the attendant weakness with data security and privacy protections.  It is a timely reminder of Read the rest of this entry »

It is not too common that Sweden finds its itself as the victim of a massive data breach.  It was an early implementer of data protection laws and generally has been seen as having a good system in place to protect personal information.  As the itnews article  Sweden exposed sensitive data on citizens, military personnel and the New York Times with Swedish Government Scrambles to Contain Damage From Data Breach that maintaining proper data security is a constant challenge. It is likely to Read the rest of this entry »

Lloyds has published a report titled Counting the Cost where it estimates that of the potential economic impact of a hypothetical malicious hack on a cloud service provider, and attacks on vulnerable computer systems run by businesses around the world could be as high as $53bn and $28.7bn respectively. A cloud service disruption scenario, because of the uncertainty around aggregating cyber losses could result in losses as high as $121bn, or Read the rest of this entry »

It is almost embarrassing to say that data is big business.  Personal information is the wheat that is separated from the digital chaff. The Federal Trade Commission issued a complaint against Blue Global Media in what was an egregious program of getting consumers to fill out loan applications and on selling that data, including personal information and sensitive information which in the US context includes social security number and credit card details, to parties willing to pay for leads. As is commonly the case the FTC Read the rest of this entry »

The Ashley Madison breach of 2015 when 25 gigabytes of data, including personal information was accessed and stolen was one of the biggest breaches to that date.  It also resulted in huge embarrassment for users of the Ashley Madison website and major reputational damage for Ashley Madison.  Not only did it Read the rest of this entry »

The UK Information Commissioner’s Office (the “ICO”) has its detractors however as a regulator it has been by far more energetic than its Australian equivalent.  The legislative structure is different as is the resourcing.  The UK Data Protection Act provides more scope for enforcement action and the penalties can be swingeing.  That said the approach taken by the ICO in both adopting an educational approach, the carrot, but also high profile and tough regulatory action, monetary penalty notices, highlights a difference with the Office of the Information Commissioner, which has been all about the education and very little about the enforcement. That has had a deleterious effect on privacy and data protection compliance in Australia.

The ICO took action against the Royal Free London NHS Foundation Trust for failing to Read the rest of this entry »

The National Institute of Standards and Technology (“NIST”) has released a draft of is Application Container Security Guide.  While the NIST is an American agency its guides have Read the rest of this entry »

The passport details of Flight Centre customers have been released to third parties who were working with Flight Centre in developing business products.  The extent of the breach, in terms of numbers of passport holders personal information being leaked and what exactly was released to the unauthorised party, has not been disclosed.  That level of opaqueness in notification tends to be typical in Australia but much less so in the United Kingdom and the United States. Curiously the Flight Centre stresses that human error, rather than a systems failure, was the cause of the breach.  As if that makes it better or less serious.  The Privacy Act Read the rest of this entry »