The US Supreme Court has in recent times considered the use of new technologies and their privacy intrusive consequences and whether they constitute a constitutional breach.  In 2012 the Court in United States v Jones held that installing a GPS tracking device on a vehicle and using the device to monitor the vehicle’s movements constitutes a search under the Fourth Amendment. In Riley v California the Court unanimously held that the warrantless search and seizure of digital contents of a mobile phone during an arrest was unconstitutional.

On 5 June 2017 the Supreme Court  agreed to hear arguments in the October Term in Carpenter v United States as to whether police should obtain warrants to obtain location data of suspects.

The question presented to the Court is Read the rest of this entry »

In McDonald v Dods [2017] VSCA 129 the Victorian Court of Appeal considered the issue of inference of publication to unknown individuals who may have read a blog post.

It is an appeal from judgments of Bell J inDods v McDonald (No 1) [2016] VSC 200 (6 May 2016) and Dods v McDonald (No 2) [2016] VSC 201 (6 May 2016).

FACTS

The applicant, McDonald, was the administrator and author of the website ‘www.justice4tylercassidyjust15.com’ (the “website”) from December 2008 to October 2012 where he discussed the death of Tyler Cassidy by police shooting [3]. The respondent Read the rest of this entry »

Personal information relating to medical matters is highly sensitive.  The Cosmestic Institute, based in Bondi,  specialised in providing cosmetic surgery, holds a particularly subset of that type of information; before and after photographs, photographs of a highly intimate nature and details which are almost invariably kept confidential

Naked photos and medical records of hundreds of women were published on line at least as late last Saturday.  Possibly earlier.  It appears that the publication of this highly sensitive information included patient names, Medicare numbers and naked images of 500 people.  The breach involved Read the rest of this entry »

In Medussa Enterprises Pty Ltd v Nationwide Concrete Pumping Pty Ltd [2017] VSC 275  the Victorian Supreme Court, per Gardiner AsJ, dismissed an application to set aside a staututory demand on the basis that there was no genuine dispute.

FACTS

Medusa claimed Read the rest of this entry »

Australia’s mandatory data breach notification legislation, the Privacy Amendment (Notifiable Data Breaches) Act 2017,  takes effect on 22 February next year.  It has been a long time coming.

Last Friday the Privacy Commissioner released an exposure draft resources, whatever that means, for business and agencies on their obligations under the Act.  It is open for comment until 14 July 2017, Bastille Day (hopefully that symbolises nothing).

The broad overview Read the rest of this entry »

The United Kingdom’s Information Commissioner’s Office (the “ICO”) has imposed a severe fine of on Basildon Borough Council for publishing personal information on planning application documents. The argument run by the Council was that the planning laws prevented it from doing so even though it routinely redacted personal information on other applications.  In Victoria this has been an issue in the past where some councils have felt that they can not redact while others argue they can.  It appears that most do redact.

The ICO media release provides:

A council has been fined £150,000 by the Information Commissioner’s Office (ICO) for publishing sensitive personal information about a family.

Basildon Borough Council breached the Data Protection Act when it published the information in planning application documents which it made publicly available online.

The ICO’s investigation found that on 16 July 2015, the council received a written statement in support of a householder’s planning application for proposed works in a green belt. The statement contained sensitive personal data relating to a static traveller family who had been living on the site for many years. In particular, it referred to the family’s disability requirements, including mental health issues, the names of all the family members, their ages and the location of their home. Read the rest of this entry »

The conversion of drone technology from military to civilian use and then its development from a relatively expensive hobbyist vehicle to a widely affordable and necessary part of many industries has been a spectacular journey.  It has taken many by surprise.  In 2010 the Federal Aviation Authority predicted that there would be 15,000 units by 2020 and 30,000 by 2030.  A year ago in the United States more than 15,000 drones were sold every month.  Since the FAA commenced its registration system in December 2015 more than 800,000 drone owners have registered to fly.

While the technology has moved on at a exponential pace the Federal Governments in Australia and the United States have done nothing to deal with the intrusive potential of drones notwithstanding the ample need to do so.  For example Read the rest of this entry »

It would appear that the school management software of Camberwell High School has been accessed by a person without authority as reported in Camberwell High School becomes second target of major privacy breach in two weeks. Any breach is of concern but cyber threats, whether from overseas participants or bored students at the school is possibility.  In this case the damage limitation and advice to those affected has been dismal, and all too typical.  Government agencies, particularly at a state level are notoriously resistant to advising those whose personal information. As is often the case the shut down of communications or cover up occasionally makes a bad situation much, much worse.

The Camberwell High School Homepage provides no notice of comfort, providing contact details of those concerned about the breach.  Fairly typical “pull up the drawbridge” approach to information sharing.  According to the Camberwell High Schools Latest News:

Just a note to let you know that a small mudlark is protecting its nest along the Prospect Hill Road entries near the D building, it has also been sighted swooping near the E Building last week.  There have been a small number of students present with facial scratches so could you please be mindful and avoid the area when possible.

Please leave the mother bird alone as she will only be exhibiting this behaviour for a few weeks.

All for protecting mud larks and students from being scratched by them.  But losing personal information is a serious matter, as worrying if not more so than being swooped by the protective mudlark.  The cost of a data breach can be much greater!

What is interesting is that Read the rest of this entry »

It is something of a rite of passage for the Privacy Commissioner to release a report on privacy compliance or a survey about community attitudes to privacy around Privacy week.  This year is no different, with a 51 page report on a survey on Australian’s attitudes to privacy, privacy risks and trust in government and organisations.  The point of reference by comparison is a similar survey in 2013.  While the results are in the main consistent with 2013, there is a growing level of concern about online privacy.  This is not Read the rest of this entry »

The National Institute of Standards and Technology (the NIST) has issued an excellent guide to Blue Tooth Security. It should be mandatory reading for anybody interested in cyber security.

Bluetooth wireless technology is a ubiquitous technology used in linking devices.  It is an open standard for short-range radio frequency communication used primarily to establish wireless personal area networks (WPANs). It allows users to form ad hoc networks between devices to transfer voice and data. It is now integrated into business and consumer devices, including cellphones, laptops, automobiles, medical devices, printers, keyboards, mice and headsets.  It has recently been used in medical devices and personal devices such as smart watches, home appliances, fitness monitors, and trackers. Those devices hold and transfer large amounts of personal information.  Security is critical.

Bluetooth devices are susceptible to general wireless networking threats beyond Read the rest of this entry »