UK Finance has released its Annual Report Fraud the Facts 2019: the definitive overview of payment industry fraud. As if any more information was required, it highlights the impact of data breaches on the commission of acts of fraud.

The brief overview to this 53 page report provides grim reading:

Unauthorised financial fraud losses across payment cards, remote banking and cheques totalled £844.8 million in 2018, an increase of 16 per cent compared to 2017.

Banks and card companies prevented £1.66 billion in unauthorised fraud in 2018. This represents incidents that were detected and prevented by firms and is equivalent to £2 in every £3 of attempted fraud being stopped.

In addition to this, in 2018 UK Finance members reported 84,624 incidents of authorised push payment scams with gross losses of £354.3 million.

In summary the report noted:

• Data breaches are a “major contributor” to fraud experienced in the UK;
• The number of phishing websites targeted against UK banks and building societies fell with the focus switching to  impersonating other organisations such as online retailers, travel and leisure firms, HMRC and telecommunication companies instead.
• Criminals using more low-tech methods such as distraction thefts and card entrapments to steal physical debit and credit cards, which are then used to commit fraud

There is nothing quite like the combination of a Government under stress and high profile privacy breaches to channel the inner reform in what was otherwise a reluctant Attorney General on matters privacy.

The Attorney General has been widely reported as flagging increased fines for serious and repeated interferences with privacy, from $2.1 to 10 million.  Alternatively the fine will be calculated on turnover or value of the misuse.  The flagged amendments will also permit the Australian Information Commissioner to issue infringement notices for minor data breaches.  As importantly the Commissioner will get $25 million to ramp up investigations of data breaches.

The media release provides:

Attorney-General, Christian Porter and Minister for Communications and the Arts, Mitch Fifield, announced the new penalty regime under the Privacy Act and other measures to ensure Australians were protected online and that major social media companies took action to protect the personal information they collect about Australians, particularly children.

“Existing protections and penalties for misuse of Australians’ personal information under the Privacy Act fall short of community expectations, particularly as a result of the explosion in major social media and online platforms that trade in personal information over the past decade,” the Attorney-General said.

“What the Morrison Government is doing today is outlining a new regime of protections for Australians and penalties for those who misuse Australians’ personal information.  This regime will update our privacy laws without impeding the continued innovation and development of companies working in the online space.”

Minister for Communications and the Arts, Mitch Fifield, said it was clear the Australian community enjoyed using social media and technology platforms, but was increasingly concerned about how personal data is captured, analysed and shared. This was particularly the case for children and members of other vulnerable community segments, he said.

“The tech industry needs to do much more to protect Australians’ data and privacy,” Minister Fifield said.

“Today we are sending a clear message that this Government will act to ensure consumers have their privacy respected and we will punish those firms and platforms who defy our norms and our laws.”

The amendments to the Privacy Act will:

• Increase penalties for all entities covered by the Act, which includes social media and online platforms operating in Australia, from the current maximum penalty of $2.1 million for serious or repeated breaches to $10 million or three times the value of any benefit obtained through the misuse of information or 10 per cent of a company’s annual domestic turnover – whichever is the greater
• Provide the Office of the Australian Information Commissioner (OAIC) with new infringement notice powers backed by new penalties of up to $63,000 for bodies corporate and $12,600 for individuals for failure to cooperate with efforts to resolve minor breaches
• Expand other options available to the OAIC to ensure breaches are addressed through third-party reviews, and/or publish prominent notices about specific breaches and ensure those directly affected are advised
• Require social media and online platforms to stop using or disclosing an individual’s personal information upon request
• Introduce specific rules to protect the personal information of children and other vulnerable groups.

“This penalty and enforcement regime will be backed by legislative amendments which will result in a code for social media and online platforms which trade in personal information. The code will require these companies to be more transparent about any data sharing and requiring more specific consent of users when they collect, use and disclose personal information,” the Attorney-General said.

“We will also be requiring platforms to implement a mechanism to ensure they can take all reasonable action to stop using an individual’s personal information if a user requests them to do so and have even stronger regimes to address these issues when the user is a child or other vulnerable person.”

The OAIC will be provided with an additional $25 million over three years to give it the resources it needs to investigate and respond to breaches of individuals’ privacy and oversee the online privacy rules.

Legislation will be drafted for consultation in the second half of 2019.

“This new regime builds on other Government initiatives to improve online safety and provide Australians with greater control over their personal data, including the Online Safety Charter and Online Safety Research program, and the Consumer Data Right,” the Attorney-General said.

“The draft legislation will also incorporate any relevant findings of the current Digital Platforms inquiry by the Australian Competition and Consumer Commission which is due to issue its final reportin June 2019.  Whilst focused on the impact of large digital media platforms on competition in news media, it is also touching on privacy-related issues and, in its interim report late last year, recommended the tougher penalty regime being outlined today by the Morrison Government.”

The Australian has the best coverage to date in Read the rest of this entry »

In A’la Carte Homes Pty Ltd v AAPD CO P/L [2019] VSC 108 the Supreme Court, per Randall AsJ, set aside a statutory demand. The key issue was the failure of the assignment of a debt being described in the statutory demand or accompanying affidavit.

FACTS

The application was made under ss 459G, 459H and 459J of the Corporations Act 2001 (Cth). The orders sought were Read the rest of this entry »

Mr Justice Warby in Linklaters LLP Linklaters Business Services Intended Claimants v Frank Mellish [2019] EWHC 177 (QB) considered an application for injunctive relief regarding a breach of confidence action.  The information was sensitive but not commercially sensitive in the strict sense of the word. The decision does demonstrate the relative flexibility of the principles applied to more unusual fact situations.

FACTS

The claimants are:

• the multi-national law firm Linklaters; and
• the company through which Linklaters employed its UK-based employees (“LBS”).

Read the rest of this entry »

It is something of an understatement that the last few years have been busy in the defamation space.  And generally uncomfortable for the defendants with big awards in the Rebel Wilson (after reduction by the Court of Appeal) and Chris Gale cases.  As significantly has been the proliferation of cases arising out of commentary on line, often through social media.  Another interesting development is the growing preference for plaintiffs to issue proceedings in the Federal Court rather than in the state courts.  This obviates the need for a jury trial, often times a comfort for defendants.  This has resulted in significant comment and calls for reform by news outlets.   

The Council of Attorneys General are in the process of undertaking a review of defamation law. 

On 26 February 2019 the Council released a 43 page discussion paper titled “Review of Model Defamation Provisions.”    The NSW Attorney General also issued a media release.

There are 18 questions posed Read the rest of this entry »

The Victorian Court of Appeal in Yang v Finder Earth Pty Ltd [2019] VSCA 22 again highlighted the caution the courts are now taking in dealing with applications which determine a claim without trial such as summary judgment applications and default judgment applications. It is also a case which highlights the fact that pleadings matter. 

FACTS

Luo and Yang entered into the principal agreement, in October 2015 (the ‘agreement’) [8] for the stated purpose of:

to successfully obtain the 888 visa for Luo and her family to migrate to Australia and to be granted the Permanent Resident Visa (hereinafter referred to as ‘the Immigration Project’).

The agreement:

• was described as a partnership between Luo and Yang

Read the rest of this entry »

Following hot on the heals of the ransomware attach on the Melbourne Heart Group last week the Fairfax Press reports on 3 separate attacks, being the Catholic Archdiocese, TelstraSuper and Toyota with varying degrees of success. 

While the targets are high profile here, which makes for interesting the reality is that ransomware attacks are becoming Read the rest of this entry »

In C Tina Pty Ltd v Warners Electroplating Pty Ltd [2019] VSC 66 Associate Justice Gardiner set aside a statutory demand.

FACTS

On 1 October 2018, the defendant (‘Warners’) served on the plaintiff (‘C Tina’):

• a creditors statutory demand for payment of debt; and
• an affidavit in support sworn by Grant Warner on 26 September 2018 [1].

The Demand related to two invoices totalling $166,332.10 for work and labour done and materials supplied [2].

On 19 October 2018, C Tina made application by originating process to set aside the Demand [3].

The application is based on the ground that C Tina has a genuine dispute in relation to the debt in that it never contracted with Warners and that Read the rest of this entry »

The Fairfax press reports in Crime syndicate hacks 15,000 medical files at Cabrini Hospital, demands ransom that the Melbourne Heart Group, specialists who lease rooms at the Cabrini Hospital has suffered what is almost certainly a ransomware attack. 

Ransomware attacks are particularly prevalent in the health care industry.  The impact of an attack is immediate and serious if not catastrophic and the need to remedy it, by paying the ransom, urgent.  Health data is particularly sensitive.  In early February an optometry clinic in Connecticut was hit impacting 23,578 patient records, In Jacksonvill Florida a Obstetrics and Gynecology practice suffered a data breach involving ransomware in early January while a health center in Rhode Island was hit by a ransomware attack in early December last year.   In November hospitals in Ohio and Ireland were hit by ransomware attacks.  And the list goes on and on and on.

Ransomware attacks are maturing and becoming more, not less effective.  The average ransom in the US has increased by 13% in the last quarter of last year over the previous quarter from $5,973 to $6,733. 

That a specialist cardiology unit at Cabrini could be so compromised by the attack indicates that there was either no or inadequate back up of the health records  in that unit.  If the records were Read the rest of this entry »

There has been no shortage of breathless and generally meaningless articles about the Government’s statement that political parties and the Australian Parliament have been the subject of state sponsored cyber attacks.  The Government boffins have come out with statements both  highlighting the risk and claiming everything is under control.  It has given rise to ponderous commentary about attacks on democracy and then spins out to truly odd dystopian pieces as Peter Hartcher did with Farewell tech utopia: how governments are readying the web for war which swallows the  twaddle about the internet being balkanised and ruined. 

The reality is that cyber attacks by state players, mainly Russia, China and North Korea have been a regular occurrence for a decade.  Then there are the plethora of non state hackers in India, the various Stans and Africa who sometimes are engaged by instruments of state to create mischief.  It is a feature of life in the age of the internet. 

Rather than reading the Henny Penny the sky is falling reportage and the end of innocence blather the best article to get an understanding of what is going on and why is the ABC piece Cyber attacks by foreign governments, malicious companies and enterprising hackers are on the rise. And the biggest problem is you. It sets out in plain undramatic terms that most cyber attacks succeed because someone in an organisation or government agency is fooled by an email containing malware.  And, as the article makes clear, that problem is one of Read the rest of this entry »