Peter A Clarke

The successful cyber attack on TalkTalk was, by any measure, a very serious and damaging breach. Telcos are a honey pot of personal information and TalkTalk had 4 million customers.  Four million sets of names, addresses, credit card numbers and other tit bits of data which would give a fraudster a superannuation pot to die for.  It has been a disastrous hit to TalkTalk’s reputation.  And in cyberspace reputation is vital.  Users are notoriously skittish on data security issues.

As much as the breach was worrying at least as worrying was the fact that TalkTalk had been the subject of two earlier attacks this year.

The UK House of Commons Culture, Media and Sport Committee have launched an inquiry into cyber security.  The terms of reference include Read the rest of this entry »

The Australian Communications and Media Authority (“ACMA”) has taken action against Spin Tel Pty ltd (“Spin Tel”) for breaches of the Telecommunications Act 1997  (“the Act”).

FACTS

SpinTel is a carriage service provider (a “CSP”), within the meaning of the Act, which supplies fixed line, broadband, and mobile telecommunications services across Australia [3]  It is a ‘Data Provider’ within the meaning of clause 2.2 of the IPND Code and a ‘Supplier’ within the meaning of clause 2.1 of the TCP Code [4]. The integrated Public Number Database (“the IPND”) is an industry wide database of all listed and unlisted public telephone numbers.

Clause 4.1 of the IPND Code provides Read the rest of this entry »

From time to time the Guardian publishes a jeremiad on the state of privacy.  Back in August last year there was the none to imaginative The death of privacy.  Subtle it wasn’t but the meaning was clear. The latest offering from the good people at Guardian comes Privacy is starting to seem like a very 20th-century anomaly.  It proceeds with the usual incorrect and woefully simplistic assumption that in days of yore, such as the Middle Ages there was no such thing as privacy.  That everyone knew what everyone was doing, when and how.  The piece, not surprisingly then proceeds to claim that a right to a private life only Read the rest of this entry »

The great imponderable with drones is not whether they are going to have a huge impact on commerce but rather on what areas of commerce and how quickly.  In 2010 the US Federal Aviation Authority in its Aerospace Forecast for the Fiscal Year 2010 – 2030 predicted:

However as the technology matures, increasing numbers of units will be operated by civil and commercial users, and could have greater impacts on the NAS. However the volume of units is relatively small – approximately 15,000 units by 2020 and 30,000 units by 2030

Woops! On 26 September 2015 the Economist reported that more than 15,000 are sold in the USA every month and the number of drones sold world wide this year will exceed Read the rest of this entry »

It is not common for a Government to highlight privacy concerns about technology, particularly regarding law and order technology.  Usually privacy and data protection is an afterthought. The Canberra Times reports Read the rest of this entry »

It is trite to say that Government agencies collect huge amounts of personal data.  Often that data is compelled.  Taxation information falls into that category.  Accordingly it is critical that government agencies properly protect that data and have proper systems to avoid fraud through identity theft.  The Fairfax press highlights the latter problem in Cyber thieves target tax time,  Identity fraudsters attack Tax Office at least 11,000 times in one year and Sydney nurse demands answers after twice being victim of tax refund fraud. The problem appears to be systemic but the real twist is which system.  Personal information stolen from a private organisation and then used to attempt to draud the Commonwealth is not a data security problem of the ATO.  It is however a fraud prevention issue for the ATO.  At that point the individual whose personal information is being misused is caught in the middle.

In some of the states privacy structures are fairly rudimentary.  There is no proper privacy legislation and regulator in South Australia and West Australia for example. The West Australian auditor has highlighted in a report (found here) the woeful state of privacy protection in WA, as Read the rest of this entry »

But for a loose lip there would have been a Read the rest of this entry »

The Guardian reports in World’s biggest tech companies get failing grade on data-privacy rights that Google and Facebook amongst others according to Ranking Digital Rights project.  It is also Read the rest of this entry »

Always read the privacy policy.  Step 1 of  privacy practice.  Not that things remain constant.  Just look at the changes to the Facebook privacy settings.  A change to a privacy Read the rest of this entry »

Encryption is a key part of data security.  A realistic assumption is that at some stage even with the best of planning, up to date programs and proper training there will be a data breach.  A slip by an employee in leaving a USB on a bus, infiltration through a compromised third-party with access to the site or a fault that is not detected in time can all lead to a breach.  Encryption is then an important part of any data security plan.  Privacy regulators support Read the rest of this entry »