Organisations struggling with privacy policies and handling privacy complaints

May 5, 2015

That proper compliance with the Privacy Act 1988 is a news item seems strange to anyone with an interest in the field.  With the possible exception of sectors where privacy sensitivity has always been a priority and reputational damage is a real concern, such as finance and banking, privacy compliance is generally Read the rest of this entry »

Ben Grubb v Telstra Corporation Ltd [2015] AICmr: access to personal information, meta data, Privacy Act 1988

 The Privacy Commissioner has found that Telstra Corporation Ltd (“Telstra”) has breached National Privacy Principle 6.1 in failing to provide to the applicant, Ben Grubb (“Grubb”) access to his personal information in Ben Grubb v Telstra Corporation Limited [2015] AICmr 35.

FACTS

On 15 June 2013 Grubb sought access Read the rest of this entry »

Privacy Commissioner issues Privacy Business Resource on protection of customer’s information

May 4, 2015

First the quiet then the storm.  As part of the deluge of guides, announcements, reports and a decision released today is a Privacy Business Resource on protection customer information, found here.

It breaks no new ground.  It doesn’t have to.  Following the biblical precedent the Commissioner has listed 10 (not 9 or 11) tips to protect personal information.  Good and solid advice, as Read the rest of this entry »

Privacy Commissioner finds problems with privacy policies asssessed

The Privacy Commissioner has released his findings on assessment of the privacy policies of 20 large organisations/agencies in Privacy policies still have room for improvement.  He identified the 20 organisations/agencies but did not specify the deficiencies in Read the rest of this entry »

Foreign Affairs article on Drones.

April 29, 2015

The most recent edition of Foreign Affairs has an interesting essay on Drone technology, appropriately titled Drone On.  It is something of a Jeremiad on the the US Federal Aviation Authority with the theme being that its regulations are too restrictive for the commercial use of drones.  There is Read the rest of this entry »

Settlement of claims arising out of data breaches

Class actions relating to data breaches is straightforward in the United States.  In light of the very significant data breaches, usually caused by a company’s poor data handling practices, they are becoming quite common.  The Privacy Act provides for an individual taking action seeking compensation, in the Federal or Federal Circuit Court under the Privacy Act provided Read the rest of this entry »

Potentially more assertive privacy enforcement in the future in Australia predicts direct marketing body

April 28, 2015

Since the amendments to the Privacy Act took effect on 12 March 2014 there has been some Read the rest of this entry »

US Supreme Court to consider whether online search service should face class action for placing incorrect information

In US the courts are quite reluctant to award general damages Read the rest of this entry »

Launch of Cyber Security Centre Conference and discussion on cyber attacks in Australia

April 23, 2015

Yesterday the Attorney General gave the opening address at the Australia Cyber Security Centre Conference.  This morning there was an interview with the co ordinator of the Australian Cyber Centre, Major General Stephen Day. As speeches go it was good, touching all the right bases on all the right issues; that cyberspace ties in with most everything done in everyday lives (encompassing the internet of things amongst other matters), effective cyber security ties in with confidence in financial and other transactions, cyber attacks and attackers now have varied motives.  The Attorney General is wrong in claiming that the private sector has been investing heavily in cyber security.  Some industries yes, other areas not at all.  Part of the reason for that is Read the rest of this entry »

Mastercard settles with Target over data breach

April 22, 2015

Target America’s woes over the last 2 years is a standing salient lesson in maintaining adequate data security and segmentation and encryption of a customer’s financial information, in particular Read the rest of this entry »