Drones use and misuse attracting more attention…reform required but will it come

August 20, 2017

The misuse of drones, or to be more precise unmanned aerial vehicles, has always been a real problem since they moved from military to commercial and then to everyday use and their capacity grew from a difficult to control curiosity to a highly sophisticated aerial vehicle which can mount powerful cameras and videos on stable platforms.  Along with the incredible benefits that have come from the commercial use of drones has come real and potential privacy intrusive activity.  The lack of regulation has been apparent from the outset.

The legal issues and gaps in the law have been apparent for a long time ( I have posted on them here, here, here, here, here, here, here, here and here for example) For some reason this problem has in the last few days attracted the attention of both the Australian with Drone reforms needed to protect privacy  and the Canberra Times with ‘Highly intrusive’: Drone complaints on the rise in Canberra and its editorial  Drone misuse in Canberra a real concern for all. The articles cover well worn ground but are welcome nevertheless.

Drones are a challenge in Read the rest of this entry »

UK Information Commissioner fines a North London council for security flaw which exposed thousands of people’s personal information

The UK Information Commissioner (“ICO”) continues to set a brisk pace in taking action against data breaches, this time imposing a £70,000 fine on the Islington Council for failing to keep personal information secure on its parking ticket system website.  It highlights that breaches of privacy laws are as much about ensuring that personal information is secure from potential breach as responding to a breach itself.  The infraction can be just as costly.

In the case of Islington council the ICO found that its website which allowed people to see an image of their parking offence had design faults which Read the rest of this entry »

Hackers target shipping industry for significant theft

August 18, 2017

Hackers are enterprising.  Those who are also thieves are particularly keen to search out industries who are cash rich and security poor.  According to the BBC they have found it in the shipping industry as How hackers are targeting the shipping industry reports.  Hackers have intercepted emails and, acting as cuckoos, changed banking details on emails from suppliers asking for payment.  Given shipping companies work in Read the rest of this entry »

National Institute of Standards and Technology issues a new draft of its influential publication and privacy controls for information systems and organisations

The National Institute of Standards and Technology (“NIST”) produces excellent technical publications on data security and privacy which have wide application throughout both the US Government but also many organisations.  It is in many ways the gold standard.  That is not to detract from the Australian Government Information Security Manual which is an excellent resource but not used nearly enough by practitioners in the data security field.

The NIST has announced the release of its new revision of  Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations.  What is notable about this publication is that it is now focused on both Government and private systems.  The NIST is providing a resource to assist any organisation, or person, to maintain Read the rest of this entry »

UK Information Commissioner slaps a 100,000 pound fine on Telco firm TalkTalk for failing to look after its customer’s data

TalkTalk has had a dreadful few years courtesy of data breaches.  In 2016 it received a record fine of £400,000 for theft of personal data involving 157,000 customers which had not been encrypted as a result of a hack in 2015.  It later estimated Read the rest of this entry »

Uber settles Federal Trade Commission complaint that it engaged in deceptive claims about privacy and data security protections

August 17, 2017

The Federal Trade Commission (“FTC”) has entered into a agreement with Uber Technologies (“Uber”) arising from the FTC’s formal complaint that Uber had failed to fulfill its claims that it monitored employee access to consumer and driver data.

As the media release and the complaint makes clear Uber did what many organisations with a poor privacy and data security culture did, put Read the rest of this entry »

Data breach of medical information from West Australian Government laboratory

August 16, 2017

Human error, frailty or just plain old fashioned misbehaviour remains a huge problem for maintaining data security.  As a recent Beazley report on data breaches highlighted that while ransomeware attacks attract the headlines accidental acts or omissions are a major cause of data breaches.  They account for 30% of breaches, slightly Read the rest of this entry »

Theft of ANZ executive’s identity and its use to obtain Westpac loan highlights parlous privacy practices and compliance

August 13, 2017

The Australian Financial Review in ANZ executive’s identity stolen and used for $30,000 Westpac loan highlights the chronically poor state of privacy protection by many businesses and the culture of non compliance. The likely scam was simple, an Read the rest of this entry »

HBO loses programming in cyber attack

August 1, 2017

It is no longer news that intellectual property is a lucrative and high status target for hackers.  And entertainment ip, such as films, is particularly sought after .  In 2014 Sony was hacked, probably by North Korea, and lost a huge trove of data, including personal information, highly embarrassing email communications and also some films which had been yet to be released.  Earlier this year Netflix was hacked and 10 episodes of Orange is the New Black was stolen and leaked on line after Read the rest of this entry »

What the growth of WhatsApp and decline of Twitter reveal about consumers appetite for privacy

July 30, 2017

The Wired in Privacy Isn’t Dead. It’s More Popular Than Ever highlights what researchers and privacy practitioners have long known, that people do value their privacy and when given the opportunity will protect it.  The Pew Research Center in the 2015 report titled  Read the rest of this entry »