CyberWatch: Australia

Insight on how cyber risk is being mitigated and managed in Australia and across the globe.

 

1
Pushing for Gold: Organisers of the Tokyo 2020 Olympics adopting Facial Recognition Technology and Robotics to Ensure Peak (Security) Performance
2
Poker Face: Problem Gamblers Being Identified through Facial Recognition Technology
3
You Can’t Throw the (Face)Book at Them: Affected Users Unable to Pursue Damages Claim against Facebook
4
A JEDI Uses the Force for Knowledge and Defense: The Pentagon awards US$10billion JEDI cloud deal to Microsoft
5
California’s answer to the GDPR – the California Consumer Privacy Act kicks in on 1 Jan 2020
6
Double-Edged Sword: Cambridge Analytica Whistle-Blower exposes the dual nature of Technology
7
Proposed Regulations under the California Consumer Privacy Act: A Step in the Right Direction but Far from the Destination
8
Lead the Way: Liechtenstein and Bavarian Data Protection Authorities Publish Guidance on Data Access and Security
9
Pushing for Change: Congress Pushes for Privacy Legislation ahead of CCPA
10
Could your ERP system make you a victim of cybercrime?

Pushing for Gold: Organisers of the Tokyo 2020 Olympics adopting Facial Recognition Technology and Robotics to Ensure Peak (Security) Performance

By Cameron Abbott, Max Evans and James Gray

It seems that Facial Recognition Technology (FRT) is the flavour of the month. Recently, we blogged about the adoption of FRT in the SkyCity Adelaide Casino to identify barred gamblers, which comes following the commencement of Perth’s 12 month trial of FRT conducted in co-operation with law enforcement agencies. However, on an international stage, organisers of the 2020 Tokyo Olympics have begun testing of FRT access systems to boost security, according to a Report by the Australian Financial Review.

Read More

Poker Face: Problem Gamblers Being Identified through Facial Recognition Technology

By Cameron Abbott, Max Evans and James Gray

Facial Recognition Technology (FRT) is being used by the popular SkyCity Adelaide Casino to detect barred gamblers, according to a report by Adelaide Now.

The FRT is capable of identifying even those attempting to conceal their identities with hats and sunglasses, with one staff member detected by her smile. According to the report, casino staff escorted barred gamblers off premises following identification using the FRT, before asking the relevant gambler whether they are in contact with their counsellors. The report states that detected problem gamblers were almost always appreciative of staff’s intervention.

Read More

You Can’t Throw the (Face)Book at Them: Affected Users Unable to Pursue Damages Claim against Facebook

By Cameron Abbott, Max Evans and James Gray

A US federal judge has ruled that the 29 million Facebook users affected by the September 2018 data breach may not seek damages as a remedy, but can only pursue the enforcement of better security practices at Facebook, according to a report by Reuters. Judge Alsup of the US District Court stated that Facebook’s repetitive losses of users’ privacy indicated a long-term need for supervision, which comes in addition to prior judgment which indicated that Facebook’s views about user’s privacy expectations were “so wrong”.

Read More

A JEDI Uses the Force for Knowledge and Defense: The Pentagon awards US$10billion JEDI cloud deal to Microsoft

By Cameron Abbott and Tan Xin Ya

In October, the US Department of Defence (DoD) awarded the Joint Enterprise Defence Infrastructure (JEDI) contract to Microsoft to overhaul its IT infrastructure – a huge show of confidence in infrastructure as a service (IaaS).

The DoD’s award of the 10-year, $10 billion JEDI contract to Microsoft is an endorsement of the secure nature of Azure, Microsoft’s cloud computing service. Under this deal, Microsoft’s task is to create a globally responsive network and monitor ongoing issues such as bugs and breaches. Part of the deal involves moving sensitive data, including classified mission operations, to Microsoft Azure. The system must be fortified with robust cyber security and encryption as Microsoft bears the important responsibility for the defence of the US.

The DoD’s decision to move to the cloud is a clear signal that IaaS has come of age, considering when such a security sensitive operation is able to use the service.

California’s answer to the GDPR – the California Consumer Privacy Act kicks in on 1 Jan 2020

By Cameron Abbott ,Tan Xin Ya and John ReVeal

In just a short few weeks, a monumental change of privacy regulations will kick in for US businesses. On 1 January 2020, the California Consumer Privacy Act (CCPA) will come into effect, with a compliance deadline at the end of January 2020, and signifies a shift in tone in the privacy sphere for the US – with a move closer to global privacy norms, and away from the perspective that personal data is a company asset.

A series of data disasters such as Facebook’s Cambridge Analytica scandal and the massive Equifax breach left many Americans feeling powerless. Regulators stepped in after the fact to punish the companies, but at the time, there was little that U.S. consumers could do to prevent data breaches. Under the CCPA, Americans (well, Californians, mostly) move a step closer to general privacy protection. However, the Act only targets larger companies or those with prolific data use so there is still a long way to go to being general protection.

In October, the California Governor signed five bills to amend CCPA to provide some regulatory relief for businesses when the CCPA comes into effect. For a detailed analysis on the amendments, we refer you to Volume 2 of our colleagues’ Volume 2 of The Privacists available at the K&L Gates Hub.

Double-Edged Sword: Cambridge Analytica Whistle-Blower exposes the dual nature of Technology

By Cameron Abbott, Max Evans and James Gray

In his cautionary tale, 1984, author George Orwell spoke of a paradigm where the unregulated use of powerful technology, referred to as “telescreens”, manifested a society beholden to the ethics of the controller. This paradigm is perhaps more real than ever, according to an article by Reuters

By exploring the views of Cambridge Analytica whistle-blower Christopher Wylie, the article advises that the deep, multifaceted involvement of big tech companies in consumers’ lives, the ultimate dependence that arises from such involvement and the overwhelming vulnerability of such consumers renders tech companies “too big to fail”. Wylie argues that the vast imbalance of power and information in favour of these companies over users is resulting in a constant scrambling by regulators to control the rapid adoption of such technology forms.

Read More

Proposed Regulations under the California Consumer Privacy Act: A Step in the Right Direction but Far from the Destination

By Cameron Abbott and Max Evans

We recently blogged about the intention of Californian lawmakers to enact stringent privacy regulations through the California Consumer Privacy Act (CCPA). In particular, we noted the useful guidance provided by our colleagues over at The Privacist on the impact of potential contingencies for organisations.

Read More

Lead the Way: Liechtenstein and Bavarian Data Protection Authorities Publish Guidance on Data Access and Security

By Cameron Abbott and Max Evans

Drawing on the requirements imposed in respect of privacy and data protection by the General Data Protection Regulation, Liechtenstein and Bavaria have published some useful guidance on several key elements of the relevant regulation.

Read More

Pushing for Change: Congress Pushes for Privacy Legislation ahead of CCPA

By Cameron Abbott and Max Evans

With the California Consumer Privacy Act (CCPA) looming, Californian lawmakers have affirmed their intention to enact stringent privacy protections, with the legislature adjourning without making any major changes to the state’s landmark privacy laws.

Read More

Could your ERP system make you a victim of cybercrime?

By Cameron Abbott and Allison Wallace

We frequently blog here about incidents where companies, government agencies or public have suffered data or security breaches at the hands of hackers. They’re often incidents that come to light because they affect the public in some way – by shutting down hospitals, exposing sensitive personal information, or threatening government security. But what about hacks that, while not having wide-reaching public implications, go to the core of a business’ operations?

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.