October 19, 2014
The Privacy Commissioner issued a statement last week titled Recent online security incidents with some advice on what can be done to improve security on line while Zdnet reports in Facebook explains how it protects user passwords in light of data breaches how it takes steps to protect passwords. While both are good responses to a Read the rest of this entry »
The Guardian reports in Asylum seekers’ personal details stolen in second immigration data breach reports on another breach of data security relating personal information of asylum seekers. This breach reportedly involves the loss of hard drives holding data which was not password protected. If the report is accurate the personal information would include sensitive information for the purposes of the Privacy Act. Information relating to mental health issues and minors is particularly sensitive. The loss also highlights the need to maintain proper security for mobile devices, whether they are USB stick/portable hard drives, flash drives, memory cards, phones or whatever means by which data are stored in a digital form. Password protection is a minimum as should be proper encryption. If a breach of this nature occurred Read the rest of this entry »
October 18, 2014
The Commonwealth Telecommunications Organisation announced the beginning of the process to create a Common Thread Network to allow Read the rest of this entry »
October 16, 2014
On Melbourne ABC radio today Jon Faine announced receipt of information from a whistleblower highlighting the insecure transmission of highly sensitive medical information through its emergency paging system. It has been picked up by the Age in Private medical information used by emergency services ‘insecure’, claims whistleblower which Read the rest of this entry »
On 15 October 2014 the UK Information Commissioner’s office issued its updated CCTV code of practice (found here). As the press release notes the UK is one of the leading users of CCTV in the world. Australia fares poorly by comparison with the UK in terms of privacy protections through the use of CCTV. The absence of Read the rest of this entry »
October 15, 2014
The Californian Attorney General has announced a settlement with Aaron’s over a number of breaches, including breach of privacy legislation. The privacy breach related to the installation of spyware on rental computers without client’s consent. The complaint is found here and the consent orders are found here. This follows on Federal Trade Commission entering into final orders involving the installation of spyware. Where the powers are available the regulators in the USA are Read the rest of this entry »
October 9, 2014
The Washington Post in How the Postal Service put your change-of-address information at risk reports on an audit of the US Postal Service which uncovered a significant weakness in the data security privacy breach. The weakness was poor controls over those outside groups who were given access to those records including a failure to follow its own procedures. One of those procedures was to require entities to submit security plands when they apply for licences. This episode highlights 2 issues in privacy protection; that weaknesses Read the rest of this entry »
October 6, 2014
It has been over 6 months since the amendments to the Privacy Act took effect. While the Privacy Commissioner’s office has been reasonably active in publishing guidelines, releasing statements and handing down 3 determinations a robust use of the enforcement powers has not been in evidence yet. That may be consistent with the softly, softly then gradually escalating model as set out in its statement The OAIC’s enforcement approach to new privacy laws from 12 March 2014 which Read the rest of this entry »
October 3, 2014
In December 2013 I posted on JP Morgan’s notification of a data breach (found here). As of the end of last year JP Morgan believed the personal information of 465,000 customers had been compromised. That was bad but now JP Morgan announces that in fact the cyber attack involved customer acccounts of 83 million customers as reported by itnews in JPMorgan reveals 83 million customers exposed by hack. This makes the data breach one of the largest in history.
It provides:
The JPMorgan Chase & Co systems hack has joined the ranks of the biggest data breaches in history, as the company revealed overnight that 83 million households and small business accounts were affected by the attack.
The bank revealed the scope of the previously disclosed breach on Thursday, saying that there was no evidence that account numbers, passwords, user IDs, birth dates or Social Security numbers had been stolen. Read the rest of this entry »
October 1, 2014
Health care facilities, especially hospitals, hold sensitive information (as defined in the Privacy Act). They are also quite prone to data breaches. There are a number of reasons for this, poor systems, reasonably regular turnover of staff, a large number of individuals concentrated in a small space often in quite busy (if not chaotic) environment and often a culture which is not given to more modern strictures on data handling. In Hospital patient takes peek at info of others Stuff NZ reports on a patient in Hutt’s emergency department using Read the rest of this entry »