Archive:2020

1
Uniformity of Law II: NSW Government pledges to introduce Mandatory Data Breach Reporting in respect to State Government Agencies
2
This is your digital life (of no consent or control): The Australian Information Commissioner takes Facebook to Court
3
Watching Me, Watching You: Chinese Surveillance Cameras Banned in South Australia amidst Security Concerns
4
Front and Centre: Privacy makes Front-Page, without a breach!
5
You’ve got mail…and lots of it according to the latest OAIC report!
6
Utilize and Protect: 2020 AmCham Tech Panel explores complexities of the Data World
7
No cyber insurance? Check your policy – you may be covered for more than you think
8
A New Low: Red Cross subject to Fraudulent Claims for Bushfire Grants by Cyber Thieves
9
Hand Out of a Different Cookie Jar: Google to Eliminate all Third Party Cookies
10
Toll’d You So: Cyber Security Incident Cripples Toll’s Supply Lines, Causes Customer Backlash

Uniformity of Law II: NSW Government pledges to introduce Mandatory Data Breach Reporting in respect to State Government Agencies

Cameron Abbott, Warwick Andersen and Max Evans

Following on from the consultation opened by the NSW Government in July 2019 (the subject of a previous blog), NSW Attorney-General Mark Speakman has committed to introducing a mandatory data breach scheme, according to an article by ITNews.

At present, neither NSW privacy laws nor the notifiable data breach scheme under Part IIIC of the Privacy Act 1988 (Cth) require public sector agencies in NSW to notify the NSW Privacy Commissioner and affected individuals where a data breach creates a risk of serious harm. This led to a consultation conducted by the Department of Communities and Justice in late 2019, which revealed “overwhelming public support” for the introduction of a mandatory data breach scheme in NSW, with the NSW Government “sharing a view” that the relevant scheme should be introduced.

Read More

This is your digital life (of no consent or control): The Australian Information Commissioner takes Facebook to Court

By Cameron Abbott, Rob Pulham and Rebecca Gill

In a first for Australia, the Australian Information Commissioner (Commissioner) has launched proceedings in the Federal Court of Australia, seeking penalties against Facebook for serious and/or repeated interferences with privacy. The contraventions relate to the conduct disclosed by the Cambridge Analytica scandal, which involved the This is Your Digital Life app (App). We’ve previously blogged about the App here.

It is unclear how the penalties will be calculated in this proceeding. The penalty rate applicable to the relevant period (being from March 2014 to May 2015) is a maximum of $1.7 million. Some have suggested that fines may be in the billions if the maximum rate is applied to each individual affected as a single “contravention” (with possibly over 300,000 contraventions in total!). This may be fun to calculate, but highly unlikely to be applied in reality.

Read More

Watching Me, Watching You: Chinese Surveillance Cameras Banned in South Australia amidst Security Concerns

By Cameron Abbott and Max Evans

Following Australia’s latest round of expanded 5G restrictions, the South Australian Government has made a decision to remove all close circuit surveillance cameras made by a Chinese surveillance giant from health department buildings, according to an article by the Sydney Morning Herald.

The article notes that the relevant cameras are made by the partially state-owned Chinese surveillance technology company Hikvision, which was blacklisted in October 2019 by the United States for their alleged role in human rights violations and in purporting to create a surveillance network amongst federal agencies. Issues with Hikvision in South Australia were first identified in the course of a Commonwealth-funded trial in which Hikvision cameras were to be used in the rooms of aged care residents as a means to improve overall safety.

Read More

Front and Centre: Privacy makes Front-Page, without a breach!

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

Privacy lawyers have been waiting for this day for years (some of us decades). Privacy is on the front page of the Sydney Morning Herald and the Age, despite there being no actual data breach. According to the article, Alinta Energy, one of the Australia’s biggest energy companies, is putting the privacy of its over 1.1 million retail gas and electricity customers at risk through poor privacy protections and a lack of proper oversight.

While this is an interesting piece of investigative journalism, what is really interesting is that privacy is now newsworthy even in the absence of a data breach.  It has been a long time coming but it seems society now rates privacy as front page news.  As our lawyers have already been pointing out in giving presentations this year – privacy has finally hit the big time!

You’ve got mail…and lots of it according to the latest OAIC report!

By Cameron Abbott and Michelle Aggromito

With email being one of the most common forms of communication, it’s not surprising that inboxes these days accumulate thousands of emails that, perhaps, aren’t always electronically filed or deleted (not ours of course).

As the Office of the Australian Information Commissioner (OAIC) has indicated in its most recent report on notifications received under the Notifiable Data Breach (NBD) scheme, email accounts are frequently being used for storage, and this raises inherent risk. Yes it’s convenient, but using email to send personal information, such as copies of passports, bank account details and credit card information, can very quickly lose its appeal. If the email account is accessed by a malicious actor through a phishing attack or a rogue employee, the end result can be exploitation of that information for criminal gain.

Read More

Utilize and Protect: 2020 AmCham Tech Panel explores complexities of the Data World

By Cameron Abbott and Max Evans

We all know by now that technology, and the data obtained and analysed through it, has changed the way the world works and in particular, the way we do business. However, at the first American Chamber of Commerce in Australia (AmCham) Tech Talk Breakfast for 2020, hosted at K&L Gates by our very own Cameron Abbott, it appears that a large portion of the business world is still lagging in terms of utilising its own data resources, understanding the power of data generally and the need to establish and implement appropriate and comprehensive security protections and processes. 

The four industry leading speakers, Martin Creighan of AT&T, Robert Le Busque of Verizon Enterprise Solutions, Melissa Osborne of Dell Technologies and Matthew Payton of Datacom explored the immense volume of data businesses collect, and the gap in many businesses between their current utilisation and the maximum value held by such data. The speakers noted the importance of having a robust data analysis resource pool with which to effectively analyse the vast amounts of data a business carries in order to maximise the utility of such data in informing ongoing business decisions.

Read More

No cyber insurance? Check your policy – you may be covered for more than you think

By Cameron Abbott, Rob Pulham and Max Evans

Over the past 2 years we’ve seen a steady rise in interest in cyber insurance policies to cover key online risks.

However, as the terms and coverage for cyber insurance offerings steadily standardise, it may not be worth throwing out your old policies just yet.

In his recent article available here our colleague Gregory Wright discusses several recent US cases where insurance holders were found to be covered under more general policies of insurance – even if they weren’t specifically directed towards cyber risks.

A New Low: Red Cross subject to Fraudulent Claims for Bushfire Grants by Cyber Thieves

By Cameron Abbott and Max Evans

If you thought cyber attackers couldn’t go any lower, think again. Cyber thieves are tying up valuable resources at the Australian Red Cross through computer generated applications for bushfire relief assistance, according to an article from the AAP.

According to the article, cyber thieves are using applications to automate hundreds of fraudulent attempts to access financial assistance from the Red Cross, which is distributing grants of up to $20,000 per application with a total grant of around $1,000,000 per day. In one community, there were applications made in respect of 15 homes that purportedly had been destroyed by bushfires, but when physically checked remained unaffected. Go figure!

Read More

Hand Out of a Different Cookie Jar: Google to Eliminate all Third Party Cookies

By Cameron Abbott, Max Evans and Florence Fermanis

Google is aiming to eliminate all third party cookies by 2020, according to a recent article by ABC Science.

‘Cookies’ have gained a somewhat infamous reputation beyond their sweet moniker. Third party cookies particularly are created by a party that is different to the website you are using, and are designed to help market a certain good to you as you surf across the web. Think of a pair of trousers you viewed once that now pop up in different advertisements across different websites. These are the sort of cookies Google wants to ban.

This comes amidst increasing demand by consumers for better privacy protection, according to Justin Schuh, Google’s director of Chrome Engineering.

Read More

Toll’d You So: Cyber Security Incident Cripples Toll’s Supply Lines, Causes Customer Backlash

By Cameron Abbott, Warwick Andersen and Max Evans

Further information surrounding the specific details and extent of the security breach suffered by transport and logistics network Toll, which we previously blogged in respect of, have been revealed by the Australian Financial Review.

The crippling ransomware attack, known now as “Mailto” or “Kazakavkovkiz” caused Toll to suspend many of its delivery and tracking systems with a Toll spokesperson indicating that the company needed to suspend up to 500 applications that supported its operations across 25 countries worldwide. In Australia, entities such as Nike, Optus, and Telstra were forced to address a multitude of customer complaints arising out of packages affected by the relevant cyber attack.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.