Peter A Clarke

Poor data handling policies can lead to very embarrassing outcomes, particularly when it results in the use of emails to transmit sensitive information.  A common form of data breach.  A police officer at Dyfed Powys used the internal email system on 18 June 2015 to send  emails to five internal recipients.  One of the emails contained a list of 8 registered sex offenders in Powys including their names, addresses, telephone numbers and email addresses.

The officer sent the email to a person outside the police service, in other words, outside the internal email system.  The recipient was a member of a community scheme, who notified the police of the error.

The Information Commissioner found that Read the rest of this entry »

The Privacy Commissioner issued a statement today announcing that he is investigating a possible breach by the MUA.  The media release provides:

The facts are outlined in Read the rest of this entry »

Financial regulators are beginning to take great interest in data security.  In Australia the Australian Securities and Investment Commission issued Report 429 titled Cyber resilience: Health check in March 2015.  In this Read the rest of this entry »

Ransomware, malware that encrypts a victim’s files until they pay for a decryption key, is a serious problem in data security. There are two types of ransomware:

(1) Crypto Ransomware — it encrypts files

(2) Locker Ransomware — it locks computers, preventing its use.

It is a bad problem that is getting worse.  It is commonly preventable with tight security measures, adequate and up to date software,proper training and protocols and regular if not daily back ups of data.  The sort of thing that many organisations in Australia don’t have because of a poor privacy culture brought about by inadequate regulation.

The BBC highlights the problem in Read the rest of this entry »

Telcos tend to be prone to privacy breaches.  In Australia Optus has been the subject of an enforceable undertaking and Telstra has been the subject of determinations made against it by the Privacy Commissioner.  In New Zealand Vodafone breached a customer’s privacy when providing an woman’s ex phone account details.  This is reported in Vodafone apologises for privacy breach.

This is a more common mistake than one would think.  It is hugely embarrassing and Read the rest of this entry »

Regulators around the world highlight in their guidances, press releases, speeches and, sometimes, enforcement actions the need for strong passwords and, preferably two factor authentication.  But strong and unpredictable passwords are vital. Something Mark Zuckerberg, as in Facebook Zuckerberg, should have known.  But he didn’t and his password to his social media accounts were hacked as reported in Mark Zuckerberg’s social media accounts compromised due to weak password. It is gravely embarrassing and Read the rest of this entry »

Hackers are equal opportunity pilferers.  They go where the weakness lies and the money resides.  As the reported hack on Read the rest of this entry »

The consequences of a data breach can sometimes take an age to resolve.  The ongoing reputational damage can be excrutiating.  As Tumblr is discovering.  In 2013 there was a security breach into the Zendesk styem which resulted in data breaches into three of their clients; Twitter, Pinterest and Tumblr. This was reported by Wired in  Zendesk Security Breach Affects Twitter, Tumblr and Pinterest.

Tumbler has just notified its users Read the rest of this entry »

It is quite common for equitable claims for breach of confidence relate to private commercial information being taken by ex employees to be used by competitors.  A new take is Read the rest of this entry »

The need to keep proper data security comes into focus when the stories about the need to notify users that passwords have been compromised and need to be reset.  LinkedIn has been through that particular nightmare recently while Reddit has been forced to reset 100,000 passwords as reported in  Reddit Forced to Reset 100,000 Passwords After ‘Uptick’ In Hacked Accounts.

Compromised passwords mean Read the rest of this entry »