Archive: 2018

1
Eureka! California Just Adopted a Strong Consumer Privacy Law
2
Facebook fined £500,000 over Cambridge Analytica scandal
3
OAIC’s controversial decision broadens scope for the disclosure of personal information
4
Ambulance chasing through data sharing? Health app accused of sharing personal health information with law firm
5
Former MasterChef contestant falls victim to online fraud attack
6
Research reports say risks to smartphone security aren’t phoney
7
Report savages US Government agencies’ cybersecurity efforts
8
Not so happy families: Online genealogy website suffers data breach
9
Proposed anti-terror laws to give law enforcement access to personal data
10
When employee data does fall within the legal privacy net

Eureka! California Just Adopted a Strong Consumer Privacy Law

By Susan P Altman

While the rest of us were still recovering from the May 25 effective date of the EU’s General Data Protection Regulation (GDPR), California, the most populous and largest economy of any of the United States, confidently adopted a broad consumer privacy law. The California Consumer Privacy Act of 2018 (CCPA) was enacted June 28 and becomes operative on January 1, 2020. Unlike existing industry-specific U.S. privacy laws, the CCPA has a broad overall scope, more like the GDPR. It ensures California residents the right to know what information about them is being collected and sold or disclosed, to reject the sale of their personal information, to access the information, and to receive equal service and price, even if they exercise their privacy rights.

Unlike the GDPR, the CCPA does not extend to extra-territorial coverage. The CCPA applies only to for-profit businesses doing business in California and sets certain thresholds for business activity and size, thereby protecting most of the Silicon Valley start-up community from the cost of compliance. The CCPA protects the rights of “consumers,” who are natural persons residing in California, and generally does not apply to California residents while they are outside of California.

A business that is required to comply with CCPA will need to update its website, and include a conspicuous link on the homepage to a page titled, “Do Not Sell My Personal Information.” In addition, the website must describe the consumer’s privacy rights and annually update its privacy policy to reflect current practices. Consumers will be able to opt-out of collection practices; although children (or their parents) must opt-in. Consumers must be able to contact businesses regarding their collected information. Amendments and corrections to the CCPA are expected.

 

Facebook fined £500,000 over Cambridge Analytica scandal

By Cameron Abbott and Sarah Goegan

The UK Information Commissioner’s Office (ICO) has issued a notice of intent to levy a £500,000 fine against Facebook for breaches of the UK’s Data Protection Act 1998. The ICO found that Facebook failed to protect its users’ data and be transparent about how that data was being harvested. This failure, ICO said, did not enable users to understand how and why they may be targeted by a political party or campaign.

The fine comes as part of a larger investigation by ICO into misuse of data in political campaigns, and responds to the highly publicised allegations that Cambridge Analytica used data obtained from Facebook to target voters in the 2016 US presidential election.

Read More

OAIC’s controversial decision broadens scope for the disclosure of personal information

By Warwick Andersen, Rob Pulham and Georgia Mills

In 2017 Andie Fox, a recipient of Centrelink benefits, wrote a highly critical opinion piece on Centrelink’s debt recovery system, alleging that she was being pursued for a non-existent debt.  In response Centrelink provided Ms Fox’s personal information, previous communications and claims history to a journalist who published an article claiming that Centrelink had been ‘unfairly castigated’ by Fox.  The OAIC commenced an investigation into the release and has controversially confirmed Centrelink’s disclosure as permitted under the Privacy Act.

Read More

Ambulance chasing through data sharing? Health app accused of sharing personal health information with law firm

By Cameron Abbott and Sarah Goegan

The idea of lawyers “ambulance chasing” seems to have taken on a new form. An investigation by the ABC has revealed how technology is being used to share health information with lawyers to generate work.

The ABC has revealed that HealthEngine, Australia’s largest online doctor’s appointment booking service, shared daily lists of prospective clients with law firm Slater and Gordon, based on personal medical information shared by users with the app.

Read More

Research reports say risks to smartphone security aren’t phoney

By Rob Pulham, Warwick Andersen and Sarah Goegan

Beware! Your favourite apps may be putting your phone and data at risk. Reports from Allot and BitSight have examined rising threats to the security of our mobile devices.

Read More

Report savages US Government agencies’ cybersecurity efforts

By Cameron Abbott and Sarah Goegan

You would think government agencies would have a keen focus on cybersecurity risks, but apparently not! A report by the United States Office of Management and Budget (OMB) has found that nearly three-quarters of Federal agencies reviewed have either “at risk” or “high risk” cybersecurity arrangements. 71 of 96 agencies assessed were either missing, had insufficiently deployed or had significant gaps in their fundamental cybersecurity policies, processes or tools.

Read More

Not so happy families: Online genealogy website suffers data breach

By Cameron Abbott, Rob Pulham and Sarah Goegan

Online genealogy platform MyHeritage suffered a major data breach in which email addresses and hashed passwords of over 92 million users were leaked. The data breach occurred in October 2017, but was not discovered until 4 June 2018.

MyHeritage became aware of the breach after a security researcher found a file named “myheritage” on a private server. The file contained all the email addresses of MyHeritage users who signed up through to 26 October 2017, and their hashed passwords.

Read More

Proposed anti-terror laws to give law enforcement access to personal data

By Warwick Andersen, Rob Pulham and Sarah Goegan

Last week, the Australian Government announced that it would propose new anti-terror laws that force telecommunications and multinational tech companies to give law enforcement agencies access to encrypted data of suspected criminals and terrorists.

Cyber Security Minister Angus Taylor said the laws would give police, intelligence and security agencies the ability to bypass encryption on messaging (such as private messages sent on Whatsapp and Facebook), phone calls, photos, location and apps.

Read More

When employee data does fall within the legal privacy net

By Cameron Abbott, Warwick Andersen and Georgia Mills

PageUp, a leading HR software support company has revealed it has fallen victim to a massive data breach, potentially compromising the personal details of thousands of Australians.  Boasting over 2 million active users worldwide and counting a roll call of major Australian companies together with a number of government agencies as clients, the breach may be the largest since the introduction of mandatory data breach notification laws in February (which we blogged about here).

Read More

Copyright © 2018, K&L Gates LLP. All Rights Reserved.