[Editor: It has been a busy week for all Cyberwatchers, and our blog has been running hot. This however is our favourite.]
For at least the last three years the Australian Federal Police and the United Stated Federal Bureau of Investigation have been working together to run ‘Operation Ironside’ using an app called ANoM. The app has allowed law enforcement to easily monitor criminal communications and to make over 800 criminal arrests so far.Read More
In a bid to maintain stability in the Indo-Pacific region, Australia has pledged $37.5 million to bolster the security and development of critical technology in neighboring countries as part of its updated International Cyber Engagement Strategy. The funding aims to promote the resilience of critical technologies in Southeast Asia and to support Australia’s Pacific neighbours by improving online safety, counter misinformation and to fight cybercrime.Read More
After severe criticism from the Australian government and others, Facebook has reversed its initial response to the controversial news media code of banning all Australian news on its platform, now stating that news and key pages concerning public health and government will be restored (although it has not provided a deadline for when this will occur).Read More
On 1 December 2020, the New Zealand Privacy Act 2020 will come into operation and repeal and replace the Privacy Act 1993.
The Privacy Act 2020 modernises New Zealand’s privacy laws and seeks to keep pace with international standards and technology. While New Zealand’s new privacy legislation is not as onerous as other international privacy laws, such as the GDPR, it still introduces significant changes including:
- mandatory data breach notification;
- new investigative and regulatory powers for the New Zealand Privacy Commissioner; and
- new criminal offences and penalties, including fines of up to $10,000.
In December 2019, the Australian Government announced it would conduct a review of the Privacy Act 1988 (Cth).
A year has almost passed and finally the Australian Government has publicly released details about the review. On 30 October 2020, the Australian Government released the Terms of Reference of the review. In particular, the review will cover:
- The scope and application of the Privacy Act
- Whether the Privacy Act effectively protects personal information and provides a practical and proportionate framework for promoting good privacy practices
- Whether individuals should have direct rights of action to enforce privacy obligations under the Privacy Act
- Whether a statutory tort for serious invasions of privacy should be introduced into Australian law
- The impact of the notifiable data breach scheme and its effectiveness in meeting its objectives
- The effectiveness of enforcement powers and mechanisms under the Privacy Act and how they interact with other Commonwealth regulatory frameworks
- The desirability and feasibility of an independent certification scheme to monitor and demonstrate compliance with Australian privacy laws.
The UK Information Commissioner’s Office (ICO) has fined British Airways £20 million, the ICO’s largest fine to date, for failing to protect the personal and financial details of more than 400,000 of its customers.
In a statement published online on 16 October 2020, the ICO stated that its investigation had found that British Airways was “processing a significant amount of personal data without adequate security measures in place”. This failure is said to have breached data protection laws and, subsequently, the airline was the subject of a cyberattack in 2018, which was not detected for more than two months.Read More
The Office of the Australian Information Commissioner (OAIC) has released its report on notifications received under the Notifiable Data Breaches scheme for period January to June 2020.
The OAIC reported 518 breaches were notified to it in the relevant period. The OAIC noted a 3% decrease from the 532 breaches notified in the period July 2019 to December 2019. However, there was a 16% increase on the 447 notifications received during January to June 2019.Read More
The ability of a government to force a technology provider to create a “back door” into their technology to allow security agencies to “listen in” to communications is a very controversial step, but it has not been the subject of much discussion as any recipient of such intervention is gagged.
It was interesting to see that the Independent National Security Legislation Monitor has released a report on its review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) (TOLA Act). The review considered, and provided recommendations on, the operation, effectiveness and implications of the TOLA Act and whether it is necessary, is proportionate to the threats it seeks to meet and treats human rights properly.Read More