September 18, 2015
Data breach notification legislation is becoming a mandatory feature of most data legislation in the developed world. There are some quirks here and there, with the USA having data breach notification in most states but not at a Federal level. There is no data breach notification legislation in Australia at a state level and very limited at a Federal level, confined to breaches relating to some health records. There is no general requirement. That has always been a concern. Given there is now mandatory data retention laws in Australia by telcos that is now a significant failing. Telecommunications firms have been notorious for their poor compliance with the privacy legislation and quite obdurate Read the rest of this entry »
Posted in Privacy
|
Post a comment »
Yesterday the Government introduced and read for a first and second time the Health Legislation Amendment (eHealth) Bill 2015.
The Bill is a 126 page behemoth which will warrant close scrutiny. Briefly it is worth noting some notable features of the Bill:
- Part 3 provides for the collection, use and disclosure of the healthcare identifiers, identifying information and other information. The simplified outline describes the process as:
Read the rest of this entry »
Posted in Commonwealth Legislation, Commonwealth Privacy Commissioner, Privacy
|
1 Comment »
September 16, 2015
In Our Inboxes, Ourselves Slate reports on tentative first steps to review and hopefully reform the outdated laws protecting the privacy of individuals email. As the article makes clear the development of privacy protections when it comes to email was blighted by the fact that it was technology specific. It was focused on the technology of the day. The protections did not cover the developments of that technology. In this case email stored on servers is not covered and a warrant is not required to access it. Similarly metadata Read the rest of this entry »
Posted in Privacy
|
1 Comment »
It has long been predicted that the increasing use of drones will prompt, eventually, some form of substantive legislative response. The reckless use of drones will bring that one more quickly. Legislatures around the world have tended to ignore the issue though state legislatures have responded on an ad hoc basis, sometimes quite assertively. The ongoing “Valley Fire”, in Northern California may prompt a change in the law. As the BBC reports in Raging Valley fires could mean swift new drone laws that this reckless use of drones have disrupted the deployment of air tankers and helicopters. It is entirely predictable that Read the rest of this entry »
Posted in Privacy
|
1 Comment »
September 15, 2015
The Economist has long been interested in cyber security and privacy issues. In Trouble shooting it highlights the longstanding (by internet standards) problem of hacking for commercial and national security gain. China, see Fighting China’s hackers, and Russia, see Russian hacker group exploits satellites to steal data, hide tracks have stood out.
While the focus is on nation v nation cyber attacks and their impacts on commerce and IP there are valuable lessons to take at a local level, such as Read the rest of this entry »
Posted in Privacy
|
1 Comment »
September 14, 2015
Data breaches involving health information are particularly concerning. In the Privacy Act health related information is defined as sensitive information. Under the Personally Controlled Electronic Health Records Act 2012 (PCEHR Act) there is mandatory reporting of data breaches and the Privacy Commissioner has Read the rest of this entry »
Posted in Privacy
|
1 Comment »
September 13, 2015
On Friday the Privacy Commissioner published its Guide to mandatory data breach notification in the PCEHR system.
It provides:
1. Introduction
The PCEHR system and breach notification
The Personally Controlled Electronic Health Record (PCEHR) system, established by the Personally Controlled Electronic Health Records Act 2012 (PCEHR Act), is designed to facilitate access, by the consumer and treating healthcare providers, to a summary of health information about an individual. The information is drawn from a number of different sources with individuals controlling what information is included on their record and who may access it. Read the rest of this entry »
Posted in Commonwealth Privacy Commissioner
|
1 Comment »
The Guardian reports in Labor to introduce bill outlawing revenge porn that the Federal Opposition will be introducing a bill to criminalise the posting and distribution, or the threat to post or distribute, private images of a sexual nature without prior consent. This odious practice has been labelled revenge porn because the perpetrators are partners or former partners do the posting and distribution or provide it to those who do.
The scope of the bill as described highlights the chronic piecemeal nature to regulating in this area. Why criminalise the behaviour without providing some civil recourse to victims? Why focus only on Read the rest of this entry »
Posted in Privacy
|
3 Comments »
The Australian in Vodafone ‘hacked’ reporter’s mobile reports on, if correct, a very substantial privacy breach by a telco, to wit Vodafone, in accessing one of its customers phone records in 2011. The customer, Natalie O’Brien, is a Fairfax journalist who ran a story, Vodafone mobile records leaked earlier in 2011 about a data breach by Vodafone. Unfortunately telcos have a dreary record when it comes to poor privacy practices and are notable in Read the rest of this entry »
Posted in Privacy
|
1 Comment »
September 9, 2015
In the United States there is some form of legislative structure developing regulating the use of drones in built up areas. As is the way it is being done on a state by state basis. In Australia the States have looked to the Commonwealth while the Commonwealth looks at its shoes. In the aviation sphere the Commonwealth has Read the rest of this entry »
Posted in Privacy
|
Post a comment »