Peter A Clarke

Yesterday the Attorney General gave the opening address at the Australia Cyber Security Centre Conference.  This morning there was an interview with the co ordinator of the Australian Cyber Centre, Major General Stephen Day. As speeches go it was good, touching all the right bases on all the right issues; that cyberspace ties in with most everything done in everyday lives (encompassing the internet of things amongst other matters), effective cyber security ties in with confidence in financial and other transactions, cyber attacks and attackers now have varied motives.  The Attorney General is wrong in claiming that the private sector has been investing heavily in cyber security.  Some industries yes, other areas not at all.  Part of the reason for that is Read the rest of this entry »

Target America’s woes over the last 2 years is a standing salient lesson in maintaining adequate data security and segmentation and encryption of a customer’s financial information, in particular Read the rest of this entry »

The Hong Kong Privacy Commissioner  replaced its guidance on the use of CCTV surveillance with a guide relating to both CCTV and drones.  It issued Guidance on CCTV Surveillance and Use of Drones on 31 March 2015.  It is found here.

The announcement relevantly Read the rest of this entry »

The recent articles Amazon gets approval for new drone tests and  Up highlight the rapid movement of drones from the realm of hobbyists and specialist commercial operators to a ubiquitous form of transport.  The technology is Read the rest of this entry »

Baby cams, security cameras, sound systems, fridges and any number of other devices connected to the internet are prone to poor security.  Often the users password protection is Read the rest of this entry »

The Age in Figure 1: ‘Instagram for doctors’ offers medical ‘porn’ for the public reports on a fairly common practice engaged in by some members of the medical profession, the use of photographic devices to record some of their handiwork or unusual cases.  It is easy enough to do with a smart phone and any number of other portable Bring Your Own Devices such as Ipads.  Hospitals generally have a poor BYOD policies and poor implementation of what policies are in place.  Doctors taking their own devices into an operating theatre or emergency department is, anecdotally, quite a common practice.  While Figure 1 appears to protect the privacy of patients by anonymising the image the problem from a privacy perspective is more fundamental.  If the doctors are taking a photo of a patient in their care or who is within their camera range if they take a photo without consent there maybe a breach of the Privacy Act (Cth) or the Health Records Act (Vic).  Using the photos for a secondary purpose is almost certainly a breach of those Acts. And sending the photos for amusement or even eduction of others is hardly a primary purpose for collection.

Read the rest of this entry »

The Age has run a piece on privacy litigation in the United States in Is this Silicon Valley’s most hated man? It is as much a bio on the firm Edelson PC and its principal, Jay Edelson as an expose on privacy litigation but it does provide some insight on how class actions in the privacy sphere operate in the United States in this space.  Both regulation and enforcement by authorities and the ability of classes or individuals to bring a cause of action relating to interferences with privacy are important means of ensuring there is some integrity in the handling of data by organisations and data. Poor regulation and/or overly restrictive rights of action will not deter poor and negligent behaviour, giving rise to a poor privacy culture and lax data handling practices.  Heavy handed regulation and Read the rest of this entry »

The Daily Mail in Your pension secrets sold to conmen for five pence: On eve of pensions revolution, an exposé that will horrify every family in the land reports on a likely illegal sale of pension information without the owner’s knowledge.  It is the type of action which data laws are designed to prevent.  Not surprisingly the Information Commissioner’s Office Read the rest of this entry »

As if it were necessary to say that data security was a matter of proper corporate governance the Australian Security and Investment Commission (“ASIC”) has made that abundantly clear with its Report 429 Cyber Resilience: Health Check.  As far as ASIC is concerned it has a role to ensure that companies maintain proper cyber security standards. This is a very important development because Read the rest of this entry »

The Privacy Commissioner has announced the amendment of the Australian Privacy Principles (the “APPs”).  They are Read the rest of this entry »