Implementation of GDPR results in increased data protection complaints in the UK.

September 2, 2018

There is something of a myth propogated by those who would prefer less not more privacy protections, that there is no need for improved privacy protections and the community is not clamouring for more protections.  It is an entirely paternalistic approach to public policy that rarely squares with the evidence.  When surveyed there is a concern about lack of privacy protections and use/sharing of personal information.  For example the Pew Research Center in 2014 found that 91% of Americans agreed or strongly agreed that people have lost control over how personal information is collected.  Last year Pew found Read the rest of this entry »

Data breaches in West Australian health systems

Staff accessing personal information is a chronic problem in the health, police and financial services sector.  In Victoria the Victoria Police’s Leap data base, which contains personal information of most Victorians, has been misused on a depressingly regular basis with inadequate sanction for those breaches.  Only in the financial services sector does enforcement action tend to be swift and decisive.

In the health sector the culture is poor and breaches tend not to result in significant sanction.  And the private health sector is most vulnerable to data breaches.  And there are so many ways that those in the health sector can cause data breaches including in the last week a mailing error which resulted in releasing children’s health information in Missouri,  in the UK a hospital worker accessed the medical records of her boyfriend’s ex partner.  She used the details obtained to text obscenities to the victim of this privacy breach.  Given the nature of the breach and the subsequent misuse of the information it is not surprising that the health worker is no longer employed by the NHS. And a nurse at the Texas Children’s hospital was fired after posting on social media information about a rare measles case involving a boy aged between 1 – 3 years of age.  All of these cases involved human error at increasing levels of stupidity and incompetence.

Today there is another confirmation that the problem in the health sector continues unabated in Australia is a report from Perth Now that between 2014/15 and 2016/17 there were 40 breaches of patient confidentiality under West Australia’s health Act.  The actual number of data breaches are likely to be greater given Read the rest of this entry »

Trkulja v Google LLC [2018] HCA 25 (13 June 2018): Defamation, publication, summary dismissal, imputations arising out search engine results

The High Court in Trkulja v Google LLC [2018] HCA 25 upheld an appeal from the Victorian Court of Appeal regarding a summary judgment application. It is a very significant decision in relation to pleading the of defamation when the imputations arise from search engine results.

FACTS

While not enamoured of the drafting the Court noted that the Appellant’s (Trkulja”) Amended Statement of Claim was  sufficiently comprehensible to convey that Trkulja alleged that:

  • Google defamed him by publishing images which convey imputations that he:
    • “is a hardened and serious criminal in Melbourne”, in the same league as figures such as “convicted murderer” Carl Williams, “underworld killer” Andrew “Benji” Veniamin, “notorious murderer” Tony Mokbel and “Mafia Boss” Mario Rocco Condello;
    • is an associate of Veniamin, Williams and Mokbel; and
    • is “such a significant figure in the Melbourne criminal underworld that events involving him are recorded on a website that chronicles crime in [the] Melbourne criminal underworld”[3].
  • Google published the defamatory images between 1 December 2012 and 3 March 2014 to persons in Victoria, including several named persons, upon those persons accessing the Google website, searching for  Trkulja’s name or alias (Michael Trkulja and Milorad Trkulja), and then viewing and perceiving the images presented on-screen in response to the search [4].
  • the allegedly defamatory matters  comprising two groups:
    • “the Google Images matter” and
    • “the Google Web matter” [5]
  • some of the pages include an image that contains text stating, inter alia, “Google lawsuit in court”, “COLOURFUL Melbourne identity Michael Trkulja” and “Mr Trkulja an associate of Mick Gatto” [7]
  •  the images matter and the web matter are defamatory of  Trkulja in their natural and ordinary meaning and  carry the following defamatory imputations:

Read the rest of this entry »

A G Coombs Pty Ltd v M & V Consultants Pty Ltd (in liq) [2018] VSC 468 (22 August 2018): failure to comply with statutory demand, interlocutory injunction, allegation of abuse of process

August 31, 2018

The Victorian Supreme Court in A G Coombs Pty Ltd v M & V Consultants Pty Ltd (in liq) [2018] VSC 468 considered and dismissed a plaintiffs’ application for injunctive relief to prevent an application under section 459 of the Corporations Act 2001 being made.

FACTS

On Friday 15 June 2018, the plaintiffs sought urgent interlocutory relief and final relief by way of an injunction to enjoin the defendant from making an application under s 459P of the Corporations Act 2001 (Cth) to wind up each of the plaintiffs in insolvency in connection with statutory demands Read the rest of this entry »

Seven Australian universities hit by hackers in search of intellectual property

August 30, 2018

Universities and institutes of higher learning hold enormous amounts of intellectual property that is valued by foreign governments or those wanting to obtain financial advantage without the effort.  They are prime targets for cyber attacks.  As are law firms which often have data relating to intellectual property claims or litigation.

In March 2018 the United States filed indictments against Iranian Revolutionary Guards for hacking computers of 7,998 professors at 320 computers involving 144 universities as well as other institutions  over the last 5 years.  In early July 2018 the Guardian reported that the Australian National University was hit by Chinese hackers.  As did the Australian.

This week ARN reports in Seven Australian universities targeted in global hacking campaign reports that 7 Australian Universities as part of a global action targeting Read the rest of this entry »

Ryde Hospital has a significant privacy breach with medical records of sexual assault victim being given to another patient

August 23, 2018

Privacy breaches in the health industry are depressingly common.  Almost commonplace in hospitals.  The reasons are not hard to find; many access points to information from clip boards at a patients bed or in a rack at a counter to a click of a button at a computer accessed by many staff, a large number of staff and high turnover and a generally poor privacy culture by senior medical staff.   That is compounded by generally poor privacy protocols, inadequate training and an implied preference to be criticised for inevitable breaches rather than a root and branch change in policy and practice.  It helps not one bit that the State and Federal regulators are lackluster operators.

So it is not at all surprising to Read the rest of this entry »

Significant privacy breach at Strathmore secondary college … including access to health and medication data

Yesterday there was a very significant privacy breach at a Victorian school, Strathmore Secondary College, involving the release of health information of students including mental health conditions, medications and learning and behavioural difficulties.  It is reported in the Guardian and SBS, among others.  The exposure of 300 school student’s records on the school’s intranet was likely the result of human error.  That bespeaks a very ordinary privacy training and controls.  Which is not uncommon.

These events provide a useful application of how the privacy legislation in Victoria may work for those who are affected by the breach.  Under the Privacy and Data Protection Act 2014 those affected by Read the rest of this entry »

Enhancing Online Safety (Non-consensual Sharing of Intimate Images) Bill 2018 passed into law

August 22, 2018

The Government has amended the Broadcasting and Enhancing Online Safety Act 2015 by giving the eSafety Commissioner with powers to seek civil and criminal penalties to deal with image based abuse, mainly revenge porn in practical terms.  The civil penalties apply for failing to remove images and criminal penalties for transmitting private sexual material or a if there has been 3 civil penalty orders made against a person.

In principle the laws are welcome.  In practice it really depends on the vigour of the eSafety Commissioner.  Australia has a poor reputation in regulating privacy infringing behaviour.  The amendments themselves highlight a very process laden means of achieving a legislative end. It

What is more than passing strange is that for all of these amendments the Government has not provided individuals with the power to take enforceable action relating to an interference with their privacy, either under the Enhancing Online Safety or the Broadcasting Acts.  Everything must be channeled through the eSafety Commissioner.  That might work for some or many people but others may wish to take steps themselves, such as obtaining compensation as well as taking down the images.  It is a somewhat patronising omission. It is also the triumph of bureaucracy over freedom of the individual to take action in their own right.

A statutory cause of action for interference with privacy is the simple and straightforward way of giving individuals a right to take action.   This has been suggested for many years but most formally by the Australian Law Reform Commission in 2008 and again in 2011.  It has been emphatically rejected by the current government and ignored by the previous government.  In short there has been a bipartisan policy failure in this area. Read the rest of this entry »

Amendments to the My Health (Strengthening Privacy) Bill 2018 introduced and read for a first time

The Federal Government introduced the My Health Records Amendment (Strengthening Privacy) Bill 2018 today.

It is very much a patch like amendment to the Act, inserting a Read the rest of this entry »

Australian Government appoints Information and Privacy Commissioner

August 19, 2018

The work of the Information and Privacy Commissioner continues to not go on.  But the Government has appointed a permanent successor to the previous Commissioner, Timothy Pilgrim.  The Interim Information Commissioner and Privacy Commissioner, Angelene Falk, has been appointed Read the rest of this entry »