Peter A Clarke

Health records are a particularly popular target of hackers who use ransomware to extract quick payment. Hospital records are self evidently critical in patient care.  Hospitals are notorious for their poor data security practices.  That is a function of a culture resistant to implementing modern data security practices, a large number of staff accessing records and emails and generally poor security protocols and even worse Read the rest of this entry »

Technology has no morals or ethics.  It is the operators of the technology who have those.  Or don’t. Commonly enough the law, which restrains or otherwise regulates behaviour, falls far beyond the technology.  That is clear from the operation of airborne surveillance.  While intercepted telephone conversations and bugging of physical locations require a warrant, no such restriction applies to planes, drones and other forms of lighter than air vehicles photographing images and recording conversations.

In The Sneaky Program to Spy on Baltimore From Above the Atlantic reports on a practice undertaken by Baltimore police to record Baltimore residents by means of 4 – 6 cameras fixed to a plane flying overhead.  The images taken were stored for future use. The police force did it without notifying even the City Government because it used a private company with private funding. Wired in How Baltimore Became America’s Laboratory for Spy Tech   covers similar territory but goes so much further in showing how a police department without restraint can use technology to the point of giving dystopia a physical address, Baltimore Maryland.

In another setting it would be a fairly standard Read the rest of this entry »

The Australian Privacy Commissioner has taken action against Ashley Madison data breach in July 2015 was a sensation.  As has the Canadian Privacy Commissioner.  They have released joint findings.  Joint findings are found here.

It is likely to be an influential findings as the combined report does undertake a detailed analysis of both the facts and the expectations under the various privacy principles.  Given the dearth of authorities this will provide valuable guidance.

As with many data breaches/interference with privacy complaints followed up by regulators the initial cause of the breach/interference gives rise to a broader investigation which almost invariably highlights deficiencies in compliance throughout the organisation.  It is commonly the case that a breach of security has many causes; out of data software protection, poor protocols, inadequate staff training, excessive data retention far beyond the date when it is usable or relevant to the organisations operations and a lack of understanding as to identity verification.

Ashley Madison, or more accurately its corporate entity Avid Life Media Inc (“ALM”), entered Read the rest of this entry »

The BBC reports in Domestic abuse privacy breach: Greater Manchester Police pays victim on a catastrophic series of blunders by police in Manchester in releasing personal information of a domestic abuse victim into the public domain.  The victim agreed that the police could use her experience in training sessions.  The caveat was that she would remain anonymous.  Not an unreasonable request and Read the rest of this entry »

A perennial problem in data security is staff taking data off site through lap tops and bring your own devices, usually USB sticks.  The problem is more than removing the data offsite though that can and is a real challenge in data management.  The significant issue is ensuring data is secure when it is off site.

The Information Commissioner’s Office (the “ICO”) has issued a Monetary Penalty Notice, fining a nursing home in County Antrim, Northern Ireland, £15,000 for failing to secure sensitive personal data.  The breach occurred Read the rest of this entry »

Document management is the bane of many organisations.  Take that issue and put it on steroids and that is the scale of the potential disaster that awaits a breakdown in handling personal information.  Government agencies collect a large amount of personal information and are geared towards keeping detailed files.  That means a large volume of documentation.

The Hampshire County Council has been fined £100,000 as a result of 45 bags of confidential waste found in a disused building.  The documents contained sensitive information about adults and children in vulnerable situations.

It is a case of a failure to Read the rest of this entry »

The Federal Trade Commission has finalised its orders against ASUSTek Computer arising out its failure to take reasonable steps to secure software on its routers despite make promises about security.  The terms of the settlement are onerous.  As they should be.  It would be Read the rest of this entry »

Control of data and the consequential protection of privacy, is to a large degree dependent on staff receiving the proper training in information management and having an understanding of how the Privacy Principles operate.  The consequences of Read the rest of this entry »

The Australian in How Nmap, SuperScan and others make hacking your details easy has a somewhat breathless coverage of how easy it is hack into web sites.  The coverage is not particularly new but it is again useful to set out the opportunities available to hackers, usually through the inadvertence or negligence of Read the rest of this entry »

Data breaches can occur as easily in the public sector as the private sector.  In the public sector the consequences can be particularly worrying.  As with the personal details of 112,000 French police officers being put on line according to the BBC report French police hit by security breach as data put online.   This is all the more concerning given Read the rest of this entry »