Peter A Clarke

Legislatures, and courts, being slow to fill gaps in the law is hardly a news story.  And it is axiomatic that there is legislative inertia in the face of new technologies. The history of road rules for motor vehicles is a classic example.  But the inertia and failure to respond to the threat of cyber attack has been a protracted and sad story of public policy failure.  Hacking, phishing, spoofing and any number of attacking a network has existed as long as the internet has been publicly accessible.  Protecting against that has been ad hoc and generally Read the rest of this entry »

The Government has issued the Letters Patent into the Royal Commissioner into misconduct in the Banking, Superannuation and Financial Services Industry.  It will be a frenetic time to meet the timetable set down by the Government, an interim report by 30 September 2018 and a final report by 1 February 2019.  In practical terms that means Read the rest of this entry »

It is always in the enforcement that regulators are judged.  And how effective legislation is.  In the privacy sphere that is no different.  The Privacy Amendment (Notifiable Data Breaches) Act 2017  commences operation on 22 February 2018.

The Australian Information Commissioner has released the final resources (used to be called guidelines) on the operation of the Act and what is expected of organisations and agencies.  They are set out below.

Resources are one thing it is the culture that is as important.  The excellent article When cultures collide: the debate we’re not having on data privacy highlights Read the rest of this entry »

The Federal Court announced today that forms used in proceedings under the Federal Court criminal Proceedings Rules are now accessible and can be lodged by external users.  The Rules can be found Read the rest of this entry »

There is significant controversy about whether data can be scrubbed so that it can not be re identified.  What is less controversial is that many organisations put insufficient effort into de identifying data.  The authors of a paper Health Data in an Open World have demonstrated how they have re identified patients in an supposedly de identified open health data set.  The authors, academics at the Shcool of Computing and Information Systems at the University of Melbourne summarised what they did Read the rest of this entry »

Law firms have long been a target for hackers.  They hold vast troves of valuable information about clients and significant sums of money in trust.  They generally constitute a soft target because they have a poor understanding of cyber security and what their obligations are under the Privacy Act 1988 and do not Read the rest of this entry »

There has been a flurry of stories relating to the internet of things and lack of data security, to wit businesses being hacked through access points existing courtesy of connected devices.  In the UK dozens of British Heating systems have been found to be vulnerable to hacking.  In that case Read the rest of this entry »

The Commonwealth Attorney General has announced a formal reference to the Australian Law Reform Commission, made on 11 December 2017, of class actions and litigation funders.  The heading of the media release leaves little doubt on what is on the Government’s mind: Protecting Australians from exorbitant legal fees.  It is hard to see class actions being abolished given Read the rest of this entry »

MacAfee has released a 2018 Threats Predictions Report.  While the European Banking Authority has released its risk assessment report. In that report the EBA found:

•  cyber risk and data security were identified as the “main drivers for increasing operational risk”
• 55% of banks “foresee an increase in operational risk in their bank”. This is an increase from 43% last year and 35% in 2015.
• most EU banks are still taking steps to address the weaknesses stemming from the technology-driven evolution to their industry.
• because of the reliance on  IT platforms, digitalised product channels for banking services, outsourcing to third-party providers  42 % of the respondents stated that cyber risk and data security is the main cause of increasing operational risk
• that cyber risk is  one of the key risks threatening data integrity and business continuity in the financial system”. It also said that banks are facing increasing complex cyber attacks from “intruders trying to gain unauthorised access to critical systems and data”.
• cyber risks pose operational, legal and reputational risks including business interruptions, data and software loss, cyber extortion, fraud, breach of privacy, network failure liabilities and damages to physical assets, which can result in financial losses
• the growing use of third party services by financial services may impact on the ability of institutions to manage their risks such as strategic, reputational, compliance and operational risk and that is a cause of increased systemic risk. The EBA noted that these risks should be mitigated adequately by banks and embedded in a sound and efficient risk management policy.  That means money and effort.

The EBA produced a draft guidance designed to support the adoption of cloud-based solutions by banks earlier this year. Interestingly the EBA Read the rest of this entry »

The US Supreme Court has been remarkably strong on recognising a right to privacy through various Amendments to the Constitution, mainly the Read the rest of this entry »