Even the Australian sees the need for proper privacy protection in usage of data

October 2, 2017

The Australian newspaper has long had a set against increased privacy protections.  Its reaction, usually through its commentators, to any proposal that the Federal Government legislate a statutory right to privacy borders on paranoia.   To be fair, its opposition has been consistent, longstanding and been open.  See for example my post in 2012 about Ainslee Van Onselen’s criticism of the Rudd Government’s consideration of a statutory right to privacy in 2012.  It was very much a henny penny “sky – is – falling – sort – of -piece” that is a sub specialty of the Australian on its topics of hate.

It is then more than a little surprising that  Peter Van Onselen (definitely relation of Ainslee, as in spouse) writes a shock horror piece in today’s Australian about political parties being able to use our data without any oversight or regulation in We have no say over what political parties can do with information collected about us in today’s Australian.  The exclusion of political parties (and the media) from the Privacy Act 1988 has been there since Read the rest of this entry »

National Institute of Standards and Technology releases Application Container Security Guide

For those interested in practical privacy and compliance with data security standards the various guides published by the National Institute of Standards and Technology (the “NIST”) are particularly useful.  The Australian Privacy Principles are written in the general and the Commissioner’s guidelines are quite anodyne.  The NIST guidelines are best practice.

The latest publication by the NIST, Application Container Security Guide, deals with Read the rest of this entry »

US Securities and Exchange Commission suffers data breach through a hack attack

September 22, 2017

It doesn’t get much more embarrassing than this.  The US Securities and Exchange Commission (“the SEC”), that branch of the US Government charged with regulating the financial sector and taking action against those who breach the rules has been hacked.  Not last week, or last month, but last year.  This is the body that puts the cuffs on insiders and puts them through a perp walk to court.  Here the breach likely resulted in “illicit gain through trading.”  Insider trading of a different specie.

The source of the breach was Read the rest of this entry »

The US National Institute of Standards and Technology publishes reports titled Enhancing Resilience of the Internet and Communications Ecosystem & Cybersecurity Framework Manufacturing Profile and draft publication titled Trustworthy Email

September 20, 2017

The National Institute of Standards and Technology (“NIST”) produces very useful, if somewhat technical, reports, on cyber security.  They are invaluable resources for those interested in the technical side of data security and privacy.  NIST yesterday published two very useful reports:

  1. NISTIR 8192, Enhancing Resilience of the Internet and Communications Ecosystem, and
  2. NISTIR 8183, Cybersecurity Framework Manufacturing Profile

The NIST has also published for comment a publication on Trustworthy Email.  Very topical and highly useful.  At 120 pages it is not a breezy read.

UK Data Protection Bill introduced in the UK Parliament

September 17, 2017

The Data Protection Bill was  last week introduced into the United Kingdom parliament.    Notwithstanding Brexit the primary purpose of the bill is to Read the rest of this entry »

Canadian Health employee sacked for looking into health records of patients, including family member

September 12, 2017

The Office of the Saskatchewan Information and Privacy Commissioner has prepared a report into the activities of an employee of Prince Albert Parkland Regional Health Authority who accessed the medical records of 14 people including several members of her own family.  While there was a data breach it is relevant to note that Read the rest of this entry »

Facial recognition technology and privacy issues

Alibaba, one of the world’s largest on line service providers, has installed facial recognition as a means of making payments on machines owned by one of its affiliates Ant Financial.  Smile to pay is the catchy description. Not to be outdone Apple is expected to use facial recognition to unlock the homescreen on its new phones.

Facial recognition technology has gone from clunky and a hit and miss affair to  something approaching effective operability.  That said there are significant in built problems, such as a bias against people who are not white.  Most of the database and the AI learning is comprised of white faces.

The dystopian elements to facial recognition systems, beyond the long predicted threat of living in a virtual and real panopticon, is the Read the rest of this entry »

US Federal Trade Commission settles with Lenovo on charges that it preinstalled software that compromised online security and the privacy of users

September 6, 2017

The Federal Trade Commission announced a settlement between it, 32 State Attorneys General and Lenovo relating to a complaint that it harmed consumers privacy and compromised data security with preloaded man in the middle software onto some of its laptops.  The software, described as VisualDiscovery, delivered ads to the lap top owners but in doing so compromised security protections.

This is a huge settlement which deals with Read the rest of this entry »

Duchess of Cambridge awarded 100,000 euros in French Court for breach of privacy case against Closer magazine

In 2012 a paparazzi used a zoom lens to take photographs of a relaxing, topless, Duchess of Cambridge while she was sunbathing on a terrace inside a private property during a holiday in France.  The resulting photographs were hawked around the various publications.  British papers turned down the offer but the French magazine Closer did not. It published the shots and the Duchess, with her husband, filed a criminal complaint for invasion of privacy and successfully obtained an injunction against the further use of the photographs. The Duchess also commenced civil action alleging an invasion of privacy.

Overnight the Duchess of Cambridge was successful with a French court ordering  Closer to pay €100,000 and Read the rest of this entry »

UK Information Commissioners office fines Nottinghamshire Council 70,000 pounds for leaving vulnerable peoples personal information on line for 5 years

September 5, 2017

The UK Information Commissioner’s Office has again taken action for breaches of data security. This time it issued a monetary penalty notice, of £70,000, against the Nottinghamshire Council for exposing the personal information of vulnerable people for 5 years.  While the legislative structures are different the assertive approach by the ICO compares favourably to the lethargic and timid approach taken by the Australian Privacy Commissioner.

The nub of the problem was that Nottinghamshire County Council had set up a portal to allow social care providers to confirm that they had capacity to support a vulnerable person.  The architecture of the portal was flawed.  A member of the public discovered Read the rest of this entry »