March 16, 2015
Privacy regulators throughout the world have highlighted the potential privacy problems associated with apps. Often their security infrastructure is poor, their privacy policies tend to the inadequate and often the means by which data is transmitted is quite insecure. But applications are hugely popular and often very useful. The problem is Read the rest of this entry »
March 15, 2015
The UK Information Commissioner’s Office (“ICO”), like the US Federal Trade Commission, have been quite active in taking action against those who breach privacy related laws for which each office is responsible. This has led to a good body of precedent, to Read the rest of this entry »
March 12, 2015
The Privacy Commissioner has marked the first anniversary of the significant tranche of amendments to the Privacy Act 1988, passed in December 2012, coming into force. Whether the centrepiece of the amendments the substitution of Read the rest of this entry »
March 8, 2015
The National Telecommunications & Information Administration has followed up on the US President’s memorandum regarding the commercial use of drones with the commencement of the discussion process with NTIA Seeks Comment on Process for Developing Best Practices for Commercial and Private Use of Unmanned Aircraft Systems. The framework for discussion includes dealing with the privacy issues. It is a welcome Read the rest of this entry »
March 2, 2015
The Privacy Commissioner has released 3 international money determinations Read the rest of this entry »
Data breaches are bad enough. Often disastrous for an organisation and the customers. They are sometimes caused by hackers breaching sophisticated cyber defences. Usually they are the product of inadequate protections, out of date programs, poor maintenance and poor understanding of what data security means and woeful practice manuals and a lack of training. To the extent that data breaches are brought to the attention of the Privacy Commissioner they may be a breach of Australian Privacy Principle 11. The problem is that without mandatory data breach notification it is a matter of good/bad fortune that the Privacy Commissioner finds out about such lapses or intrusions. That is a flaw in the legislative structure. In the United States even though there is no Federal mandatory data breach notification laws there are such laws in most of the States and Territories. if anything the States are increasing their data protections laws, most recently amendment to the Wyoming Data Breach Notification legislation (see bill here). To show how data breaches have an impact on businesses and consumers read the Cyber angst: Orange County companies zero in on data breaches. Read the rest of this entry »
February 27, 2015
The New Jersey Law Journal has published a very interesting and illuminating article in Read the rest of this entry »
Yesterday the Privacy Commissioner issued a brief, general and somewhat opaque statement saying he would “make preliminary enquiries”into the hack of Gemalto which likely resulted in compromise to the SIM cards. There is a clear privacy implications and it would be caught under the Privacy Act. It would be Read the rest of this entry »
February 26, 2015
The mandatory data retention debate is deeply political. The opponents and advocates eye each other off across a great political chasm. It is not a right v left debate either. For example Read the rest of this entry »