March 10, 2022
The Information Commissioner has issued privacy guidance on individual Healthcare Identifiers (“IHIs”) on vaccination certificates. This in addition to the guideline titled Privacy guidance for businesses collecting COVID-19 vaccination information issued on 12 November 2021.
The guidance Read the rest of this entry »
The Information Commissioner has released the latest report on notifiable data breaches for the second half of 2021. There were 464 data breaches from July to December 2021. A total of 464 data breaches throughout all of Australia for a 6 month period. According to itgovernance there were 5.1 million records breached worldwide in February 2022 alone. Why there is such a ridiculously low number reported to the Commissioner is ample evidence of how flawed the data breach regime remains.
There are a number or reasons for this failure in public policy. A starting point is =the limited coverage of the Privacy Act. The small business exemption as well as the journalist and political party exemption leaves a large part of the economy which collects, holds and uses data outside of the coverage. The Data Breach Notification Scheme is self assessment using a long list of factors to determine whether there has been serious harm. For some organisations Read the rest of this entry »
March 9, 2022
The postscript to Re Slodyczka & Farren Pty Ltd [2022] VSC 102 is a decision by Associate Justice Hetyey regarding costs of the application.
in the substantive judgment the plaintiff’s application to wind up the defendant in insolvency was dismissed.
The relevant facts for the purpose of considering a costs order were:
The defendant opposed the winding up application on the following alternative bases [4]:
(a) service of the plaintiff’s statutory demand dated 3 February 2021 (‘the statutory demand’ or ‘the demand’) was defective;
(b) the defendant was solvent and could displace the statutory presumption of insolvency;
(c) the defendant should be given leave pursuant to s 459S of the Corporations Act2001 (Cth) (‘theCorporations Act’) to oppose the winding up application on a ground or grounds it could have relied on for the purpose of an application to set the demand aside. The grounds sought to be raised were: (i) there was a genuine dispute about the amount of the debt claimed in the statutory demand in accordance with s 459H(1)(a); (ii) the defendant had an offsetting claim for the purpose of s 459H(1)(b) of the Corporations Act; and (iii) the demand was defective and a substantial injustice would be caused to the defendant if the demand was not set aside pursuant to s 459J(1)(a) of the Corporations Act; and
(d) pursuant to s 467(1)(a) of the Corporations Act, the Court should dismiss the plaintiff’s application as a matter of discretion.
In the substantive judgment the court held that, [5]:
March 6, 2022
Associate Justice Heytey has had a busy start to the year with 2 decisions regarding applications under the Corporations Act 2001; Re Slodyczka & Farren Pty Ltd [2022] VSC 19 and Re Amville Constructions Pty Ltd [2022] VSC 65. Associate Justice Gardiner considered an application to set aside a statutory demand in Re Wynyard Victoria Pty Ltd [2022] VSC 81.
The key issue in this application was whether there was proper service of a statutory demand and whether the presumption of insolvency was rebutted.
Slodyczka & Farren Pty Ltd (‘the defendant’) was first registered on 14 December 2015. In response to the COVID-19 pandemic, it commenced a business in March 2020 for the manufacture and sale of face masks. Between April 2020 and August 2020, Lion & Horn Pty Ltd (‘the plaintiff’) providing it with marketing services to sell of its masks [1].
In early February 2021, the plaintiff purportedly served the defendant with a statutory demand dated 3 February 2021, which claimed the sum of $36,091.77 in relation to an outstanding invoice dated 28 August 2020 for its marketing services . The defendant did not comply with the demand within the 21-day statutory period.
By originating process filed on 11 April 2021, the plaintiff sought to wind up of the defendant pursuant to ss 459A and 459P of the Corporations Act 2001 (Cth) relying upon the statutory presumption of insolvency contained within s 459C(2)(a) of the Corporations Act.
The Court framed the questions for consideration as being, at [9]:
(a) was service of the statutory demand effective?
(b) is the defendant solvent?
(c) should the Court grant the defendant leave pursuant to s 459S(2) of the Corporations Act to oppose the winding up application on one or more grounds that the defendant could have relied upon in seeking to set aside the demand, but did not so rely? Further, is such a ground material to proving the Company is solvent?; and
(d) should the Court dismiss the plaintiff’s application under s 467(1)(a) of the Corporations Act as a matter of discretion?
In reviewing the legislation and legal principles the court Read the rest of this entry »
February 23, 2022
The European Union has activated its cyber security team to help Ukrainians from Russian cyber attacks. Actually, more Russian cyber attacks given the US attributed a DDoS cyber attack on the Ukrainian Ministry of Defence to the Russian Main Intelligence Directorate. On the back of that the Australian Government issued a joint media release by Ministers Andrews, Payne and Dutton (is there an election in the air?) saying the same thing as the US providing:
The Australian Government joins the United States and the United Kingdom in publicly attributing the cyber attacks against the Ukrainian banking sector on 15 and 16 February 2022 to the Russian Main Intelligence Directorate (GRU).
In consultation with our partners, the Australian Government assesses that the GRU was responsible for these distributed denial of service (DDoS) attacks.
The Australian Government stands in solidarity with Ukraine and our allies and partners to hold Russia to account for its ongoing unacceptable and disruptive pattern of malicious cyber activity.
The international community must not tolerate Russia’s misuse of cyberspace to undermine Ukraine’s national security, sovereignty and territorial integrity by seeking to disrupt essential services, businesses and community confidence.
Russia’s actions pose a significant risk to global economic growth and international stability.
The global community must be prepared to shine a light on malicious cyber activity and hold the actors responsible to account. All members of the international community – including Russia – should abide by existing international law and norms of responsible state behaviour which apply in cyberspace. Australia calls on all countries to honour and uphold their commitments.
Australia is committed to upholding the rules-based order online, just as we do offline, and supporting our partners in the face of cyber threats.
Australia will continue providing cyber security assistance to the Ukrainian Government, including through a new bilateral Cyber Policy Dialogue and further cyber security training for Ukrainian officials.
Australia commends the swift action taken by Ukrainian authorities and the private sector to substantially mitigate the impacts of this incident.
Governments, the private sector and households must remain vigilant about the ongoing threats we face in cyberspace.
The Government is taking concrete action to protect Australians against cyber criminals, investing $1.67 billion over 10 years to build new cybersecurity and law enforcement capabilities to protect Australian businesses and communities, and passing new laws to protect our critical infrastructure assets from malicious cyber attacks.
This was picked up in the Australian’s Australia offers cyber security aid to Ukraine.
The reality of modern conflict is that cyber attacks are Read the rest of this entry »
The SMH reports that there has been a data breach by NSW Department of Consumer Service in the publication of 500,000 addresses on a government website. According to the NSW Government the NSW information Commissioner was advised the day after it became aware of the information being in the public domain and that the Commissioner stated that this did not constitute a privacy breach. That story is based on a Nine News expose. As is the way the embarrassment of the breach is compounded by the negative coverage, going as far as the UK.
If there is some humour to be found in this all too familiar type of breach it is that NSW legislated to ban police from accessing QR code check in data in November last year.
The SMH article Read the rest of this entry »
It has long been the practice of authorities to provide maximum privacy to complainants in sexual assault and rape cases. In Australia and most overseas common law jurisdictions reporting of rape cases does not identify the victim. The report that data from rape kits of victims who alleged they were sexually assaulted are the subject of a data breach is devastating to those individuals. It also undermines the confidence in the police procedure. It may also prejudice the prosecution of cases where that data is a crucial piece of evidence.
What is more than passing strange is that the data breach took place on 18 November 2021 but details of that breach were only provided this week. The handling of the breach has been dreadful with the the Police Department stating that “certain sensitive personal and health-related information” may have been compromised. DNA Solutions took a different tack stating “The data did not include social security numbers, driver’s license information, or financial information. We have notified individuals or organizations whose data may have been impacted directly.” DNA Solutions stated what was not included in the data taken or exposed but does not say whether personal information was taken. That is a non answer answer.
There have been some very significant data breaches involving DNA data. On 29 November 2021 DNA Diagnostics Center Inc in Maine USA notified the Attorney General that there had been a data breach, from 24 May until 28 July 2021, which affected 2,102,436 people. In July 2019 it was reported that a DNA-testing service Vitagene Inc. left thousands of client health reports exposed online for years with more than 3,000 user files remaining accessible to the public on Amazon Web Services cloud-computer servers until 1 July 2019. The reports included genealogy reports which included customers’ full names alongside dates of birth and gene-based health information, such as their likelihood of developing certain medical conditions. Back in 2017 Ancestry.com had a huge, by those standards, data breach involving 300,000 credentials exposed.
The article related to the Oklahoma breach Read the rest of this entry »
December 25, 2021
As is tradition I wish all a very Merry Christmas. Probably a celebration more keenly appreciated and felt this year than most. This second year of COVID has been a grind and more difficult than 2020 when we first exerienced the effect of restrictions.
As is my practice I republish one of the most heartfelt and brilliantly written paean to the Christmas celebration and optimism and being unafraid to reject cynicism of our current age; Yes, Virginia: There is a Santa Claus. It is as apt today as it was in 1897. More so. The prose is wonderful and little wonder it is history’s most reprinted newspaper editorial.
The article provides:
DEAR EDITOR: I am 8 years old.
Some of my little friends say there is no Santa Claus.
Papa says, ‘If you see it in THE SUN it’s so.’
Please tell me the truth; is there a Santa Claus?
VIRGINIA O’HANLON.
115 WEST NINETY-FIFTH STREET.
VIRGINIA, your little friends are wrong. They have been affected by the skepticism of a skeptical age. They do not believe except they see. They think that nothing can be which is not comprehensible by their little minds. All minds, Virginia, whether they be men’s or children’s, are little. In this great universe of ours man is a mere insect, an ant, in his intellect, as compared with the boundless world about him, as measured by the intelligence capable of grasping the whole of truth and knowledge.
Yes, VIRGINIA, there is a Santa Claus. He exists as certainly as love and generosity and devotion exist, and you know that they abound and give to your life its highest beauty and joy. Alas! how dreary would be the world if there were no Santa Claus. It would be as dreary as if there were no VIRGINIAS. There would be no childlike faith then, no poetry, no romance to make tolerable this existence. We should have no enjoyment, except in sense and sight. The eternal light with which childhood fills the world would be extinguished.
Not believe in Santa Claus! You might as well not believe in fairies! You might get your papa to hire men to watch in all the chimneys on Christmas Eve to catch Santa Claus, but even if they did not see Santa Claus coming down, what would that prove? Nobody sees Santa Claus, but that is no sign that there is no Santa Claus. The most real things in the world are those that neither children nor men can see. Did you ever see fairies dancing on the lawn? Of course not, but that’s no proof that they are not there. Nobody can conceive or imagine all the wonders there are unseen and unseeable in the world.
You may tear apart the baby’s rattle and see what makes the noise inside, but there is a veil covering the unseen world which not the strongest man, nor even the united strength of all the strongest men that ever lived, could tear apart. Only faith, fancy, poetry, love, romance, can push aside that curtain and view and picture the supernal beauty and glory beyond. Is it all real? Ah, VIRGINIA, in all this world there is nothing else real and abiding.
No Santa Claus! Thank God! he lives, and he lives forever. A thousand years from now, Virginia, nay, ten times ten thousand years from now, he will continue to make glad the heart of childhood.
December 22, 2021
The ubiquitous use of some software coupled with their vulnerabilities makes for a massive cyber security headache as the Australian’s article Millions face cyber attack via compromised Log4j Java-based software makes clear. Log4j Java is installed on more than 100,000 devices, apps etc.. In cybersecurity terms it is a story that has been around for a while. On 11 December Kaspersky reported on the vulnerability. The Google Security blog put out a post, Understanding the Impact of Apache Log4j Vulnerability on 17 December.
The Australian article Read the rest of this entry »
December 21, 2021
The Court of Appeal upheld the summary judgment decision of Warby J in HRH The Duchess of Sussex v Associated Newspapers Limited [2021] EWCA Civ 1810 which found that Associated Newspapers Limited had breached the Duchess’ reasonable expectation of privacy with the publication of a letter from her to her father Thomas Markle.
The court summarised the facts as:
“concern because of the publicity they were likely to and did cause, and the impact on her, [the Duke], and [Mr Markle]”.[14]