Peter A Clarke

The Information Commissioner’s office (the “ICO“) has entered into an enforceable undertaking with Thamesview Estae Agents who engaged in practices inconsistent with properly handling personal information and disposing of it securely, to wit it left transparent bags of documents containing personal information on the street for collection and disposal by a third party.  The contents of the bags could be viewed Read the rest of this entry »

The US Federal Trade Commission has been raising concerns for some time regarding privacy weaknesses in mobile apps,including taking actions against some app developers.  Mobile shopping apps are popular and almost ubiquitous.  But, as in the FTC reports in What’s the Deal there are real problems with notices to consumers about data collection and use and data security practices.

Regarding collection of consumer data the FTC found Read the rest of this entry »

Wearable fitness, health devices are becoming de rigour wear for the health conscious and for those who keen to know their personal rhythms.  As the article Tech giants gambling on health technology makes clear, it is also big business.  These devices and apps involve an almost continuous data stream of personal information.  The privacy issues are obvious but poorly regulated in Australia and beyond.

The article Read the rest of this entry »

The Privacy Commissioner has released a third video, this time titled How to access my personal information.

It is Read the rest of this entry »

The consequences of the data breach at Target continue.  The Huffington Post reports in Data Breaches May Result in Board Breakups that Read the rest of this entry »

The law may dither but the technology does not.  Privacy regulators across the globe vary in their powers and enthusiasm for taking enforcement action.  In Australia the new enforcement powers available to the Privacy Commissioner since March 2014 has not resulted in any high or any profile actions. That is not to say work is not being done. It is just not visible as yet. And with any form of regulation a certain profile is necessary to send the right message to the market.

On line security is a fundamental part of confidence of the public using a particular site or another. Google has take some steps on its own initiative in Read the rest of this entry »

Encryption should be part of an organisation’s data security framework.  Encrypting personal information reduces the likelihood that a breach of data security by a cyber attack will directly impact an organisation’s customers.  Encrypting emails, currently possible with the appropriate programs, is not generally used by the mail internet service providers.  Given personal information is often transmitted via email there is a risk of a privacy breach if email is intercepted and viewed by third parties.  In the USA that has the additional overlay of the NSA’s prism program which has involved mass collection of emails and other data.  The politics are one thing but the harm to the business reputation of internet service providers is another.  Google, Microsoft and others, including Yahoo, have not enjoyed being seen as a cypher for a governmental collection program.  Some, perhaps much, of that criticism has been unwarranted or at least exaggerated but in a market where users have concerns about security and privacy the Snowden revelations have caused industry wide damage.  Read the rest of this entry »

Breach of confidence actions involving personal information are more famously litigated in the United Kingdom.  Privacy related actions have developed and matured there while the action remains more tentative in Australia.  Or at least less developed.  That is not to say equity does not afford protection.  And that includes injunctive relief.  The Herald Sun reports in Suzie Wilks’ estranged husband Nick O?Halloran in court bid to prevent publication of top-secret letter about an injunction granted to a Mr O’Halloran by the Supreme Court last week.  There is no formal publication of any order or reasons for decision  according to Read the rest of this entry »

In How to Create Security Awareness in the Workplace American Express comes up with a reasonably good starter guide on how to approach developing a sustainable approach to data security.  The positive of the article is that it focuses on training and reviewing programs on a 90 day cycle.  The “set and forget” approach to data security is flawed and Read the rest of this entry »

The Privacy Commissioner has issued a statement about the Commonwealth Government’s data retention proposal.

In Australian Government’s data retention proposal — statement he Read the rest of this entry »