August 25, 2014
Tracking through mobile phones is not new. In For sale: Systems that can secretly track where cellphone users go around the globe the Washington Post reports on the sale of system to track individuals through their mobile phones not only Read the rest of this entry »
August 24, 2014
Medical records containing personal information are, by definition, sensitive information under the Privacy Act 1988. Similar protections apply in the UK under statute. And yet medical data breaches in the health industry remain depressingly regular.
A few recent examples from the UK.
The Nottingham Post reports Read the rest of this entry »
The Information Commissioner’s Office reports in Birmingham banker fined for reading colleagues’ bank accounts on criminal charges, and fine, of a banker in Birmingham abusing his position and in the process breaching the law in reviewing bank accounts of colleagues at Santander. A very egregious data breach.
It provides:
A Birmingham banker has been fined after he admitted reading his colleagues bank accounts. Read the rest of this entry »
Data breaches are always a worry. Large data breaches are especially concerning. In South Korea 220 million items of personal information involving 27 million individuals have been accessed without authorisation. This is reported in Massive data leak in S Korea affects 70% of 15-65 demographic (also reported here). The worrying aspect of this breach, as if these bald figures weren’t Read the rest of this entry »
Gmail and android apps are turning into the gift that keeps on giving for hackers. Or so it appears from Read the rest of this entry »
That the internet of things doesn’t bring privacy challenges (to put it mildly) is hardly news. And Which? in Smart TV spying – are you watching TV, or is it watching you? provides an apt example of the problems of tracking Read the rest of this entry »
August 23, 2014
Two US Senators, Ron Wyden of Oregon, and Jay Rockefeller of West Virginia have raised concerns about data privacy practices in different contexts.
Senator Rockefeller is reported in Senator questions airlines’ data privacy practices has sent letters to US airlines about their practices of collecting personal information and Read the rest of this entry »
August 22, 2014
While those in the privacy sphere in Australia watch and wait to see how the Privacy Commissioner will excercise his newly acquired (since 12 March 2014) powers of enforcement under the Privacy Act 1988 the Federal Trade Commission (“FTC”) moves apace in taking to task those engaging in privacy intrusive conduct (via claims that the miscreants misrepresented that they protected their customers privacy). After announcing orders against Credit Karma and Fandango earlier this week (and posted here) the FTC approves final orders against GMR Transcription Services whose security practices were so deficicent as to expose personal information of thousands of consumers on line, some of which were medical histories adn examination notes. The settlement was first announced on 31 January 2014. The period of the settlement order is 20 years. Onerous by any measure but given the nature of the breach reasonable, particularly as the FTC has no power to fine GMR. In the UK the Information Commissioner may have been able to impose a monetary penalty. In the last 3 – 4 years the FTC has proven to be quite a vigorous regulator using the limited powers available to it in privacy regulation. It has also been active in calling for greater privacy controls through appearances before Congressional Committees.
In Australia the Privacy Commissioner may Read the rest of this entry »
August 21, 2014
How the law deals with the development of drone technology is a good study in what not to do from a public policy and legislative point of view. At a Federal level in Australia and the United States the legislative response has been inertia. Not even incoherence. But not for want of notice or knowledge. There have been no shortage of reports, news stories and expert advice on what drones do, will do and the privacy and commercial impact of their operations.
As with many changes in the privacy sphere it Read the rest of this entry »
I have recently posted (here, here and here) about data breaches by insiders who are acting maliciously, typically disgruntled or ex employees, or accidentally, often through phishing or poor password protocols or just negligent acts such as leaving data on BYODs which are lost or stolen. Data breaches are Read the rest of this entry »