Privacy Commissioner speech at launch of Privacy Awareness Week
May 17, 2016
The Privacy Commissioner has done what he does best. Another speech. This time for the launch of Privacy Awareness Week.
The speech Read the rest of this entry »
May 17, 2016
The Privacy Commissioner has done what he does best. Another speech. This time for the launch of Privacy Awareness Week.
The speech Read the rest of this entry »
May 16, 2016
Data breaches are equal opportunity problems, they affect both the private sector and government agencies. With data breaches of government sites the problem is not so much economic as economic and, often times, political. In the United States cyber breaches at the Federal Deposit Insurance Corporation, the agency that safeguards bank deposits, has caused both political and economic problems for the agency and raised the ire of Congress. In April it was reported that a cyber breach affected 44,000 of the FDIC’s customers which revealed inadequate security controls. Even though the breach was Read the rest of this entry »
May 15, 2016
Cyber attacks on banks are nothing new. Banks not surprisingly generally have better cybersecurity systems than most organisations, though not universally so. One form of attack against banks (and here) is by means of malicious software, also known as malware. Malware is a regularly occurring problem with businesses and organisations of all types such as accountants, American Dental Association, government bodies, hotels and small businesses.
The global financial network SWIFT has issued a warning about a new very sophisticated malware threat which is obviously designed to exploit a vulnerability but has Read the rest of this entry »
The Information Commissioner’s Office (the “ICO”) has imposed another swingeing fine for a breach of the Data Protection Act, on this occasion an NHS Trust publishing the national insurance numbers, dates of birth, religious beliefs and sexual orientation of 6,574 members of its staff on its web site. As a result the Blackpool Teaching Hospitals NHS Foundation Trust has been fined £185,000. While the breach was egregious it was inadvertent. Even so, the distinction between inadvertent and deliberate goes more to penalty rather than Read the rest of this entry »
May 4, 2016
The former High Court justice Michael Kirby has had a very long history with privacy and data protection issues. He was Read the rest of this entry »
May 1, 2016
Gumtree has had a data breach of indeterminate proportions last week according to the Hackers steal Gumtree users’ personal details, Gumtree ‘fesses up to breach and personal information leak and Australian Gumtree users targeted in hacking attack, with personal details stolen.
The Government website, Staysmartonline has also highlighted the potential of phishing attacks now Read the rest of this entry »
One of the biggest challenges in privacy and data protection is having staff who use the data being properly trained and applying that training properly. Having Read the rest of this entry »
April 21, 2016
The Information Commissioner has fined Kent Police £80,000 for providing the data contained in a woman’s mobile phone to her ex partner’s solicitor. The solicitor disclosed that information to his client, the woman’s ex partner. That person happened to be a member of the Kent Police.
On the technical side the case highlights Read the rest of this entry »
The much reported launch of the Australian cyber security strategy by the Australian Prime Minister has data security at its core. It was attended on a very exciting story of a cyber attack on the Bureau of Metereology last year which infected that agencies computers. The reportage focused on Australia’s ability to counter attack aggressors but that is only one element of the strategy, and a minor one at that. The key is protection of personal information, intellectual property, governmental information, national security related data and data that is key to the operation of a modern economy.
The problem from a practical point of view is that the focus on cyber security is an incomplete response if organisations and entities do not meet minimum cyber security standards. The Privacy Act 1988 and the regulator should Read the rest of this entry »
Australia is yet to have mandatory data breach notification legislation. The Attorney General’s Department has published the submissions it Read the rest of this entry »