Legal & Regulatory Risk – Page 7

Facebook’s privacy breach puts spotlight on Australian election campaigns

Mar 28 2018

By Cameron Abbott and Georgia Mills

News of Facebook’s involvement in the United States’ elections is nothing new, especially with the ongoing Cambridge Analytica scandal, so it should come as little surprise that the social media giant has extended its reach into the Australian electoral sphere.

Facebook approached Australia’s major political parties during the 2016 Federal election offering a powerful data matching tool. This “advanced matching” tool would allow parties to match data they had collected about voters- including names, dates of birth, contact details, and postcodes- against similar information provided by users on their Facebook profiles. The combined data would allow parties to identify swinging voters and target them with tailored ads when they use Facebook.

Bug Bounty Programs – your company’s friend or foe?

Mar 20 2018

By Cameron Abbott, Keely O’Dowd and Samantha Tyrrell

Bug Bounty Programs (BBPs) actively encourage hackers to explore a company’s systems and report back on any vulnerability they discover. Often, pre-determined financial incentives are offered to the “security researcher” in return for their findings. The attraction of this process is obvious; rather than suffering a cyber incident that could – and for many organisations has – cost millions of dollars and resulted in reputational damage, companies can instead make a comparatively small payment to ethical “white hat” hackers with the intention of pre-empting an incident.

The Sydney Declaration: ASEAN and Australia commit to cooperate on cybersecurity and digital trade issues

Mar 19 2018

By Cameron Abbott and Keely O’Dowd

Over the weekend our closest neighbours agreed to greater cooperation on cyber security. The Member States of the Association of Southeast Asian Nations (ASEAN), the Secretary-General of ASEAN and Australian leaders met in Sydney to strengthen the ASEAN-Australia relationship. The leaders discussed issues of regional importance.

Weather Bureau IT mining cryptocurrencies?

Mar 13 2018

By Cameron Abbott and Allison Wallace

The Australian Federal Police are investigating two members of the Bureau of Meteorology’s IT team for allegedly running an operation in which they made use of the Bureau’s powerful computers to “mine” cryptocurrencies.

It was revealed late last week that the AFP raided the Bureau’s Melbourne CBD offices on February 28, and questioned the two employees. No charges have been laid, or arrests made.

“Hey Google, could you be used against me in court?”

Mar 13 2018

By Cameron Abbott and Allison Wallace

Smart home devices like the Google Home and Amazon Echo were popular gifts this past Christmas – just like Fitbits have been the Christmases past.

But could these smart devices that we rely on to seek out and relay information to us, turn on our favourite music, or count our calories and steps, be used to produce evidence against us, if we were to commit a crime? Read More

Cybercrime most costly to financial services

Feb 27 2018

By Cameron Abbott and Keely O’Dowd

A study by Accenture and Ponemon Institute – Cost of Cyber Crime Study: Insights on the security investments that make a difference – found cyberattacks cost financial service firms more to address and contain than in any other industry. The rate of breaches in the industry has tripled in the past five years. On average, the cost of cybercrime for financial services companies globally has increased by more than 40% over the past three years, from $12.97 million per firm in 2014 to $18.28 million in 2017.

Mandatory Data Breach Reporting in 60 seconds

Feb 23 2018

By Cameron Abbott

The notifiable data breach scheme, as outlined in the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), commenced yesterday, 22 February. Under this new scheme, in the event an organisation experiences a data breach that is likely to result in serious harm to any individual, that organisation will be required to notify the Australian Information Commissioner and any affected individual(s) of the breach. This 60 second video will help you prepare your organisation for these changes.

The co-existence of open data and privacy in a digital world

Dec 22 2017

By Cameron Abbott, Keely O’Dowd and Giles Whittaker

Earlier this week researchers from the University of Melbourne released a report on the successful re-identification of Australian patient medical data that formed part of a de-identified open dataset.

In September 2016, the researchers were able to re-identify the longitudinal medical billing records of 10% of Australians, which equates to about 2.9 million people. The report outlines the techniques the researches used to re-identify the data and the ease at which this can be done with the right know-how and skill set (ie someone with an undergraduate computing degree could re-identify the data).

At first glance, the report exposes the poor handling of the dataset by the Department of Health. Which brings into focus the need for adequate contractual obligations regarding use and handling of personal information, and the need to ensure adequate liability protections are addressed even where the party’s intentions are for all personal information to be de-identified. The commercial risk with de-identified data has shown to be the equivalent of a dormant volcano.

Cybersecurity in the age of the Internet of Things

Dec 06 2017

By Cameron Abbott, Keely O’Dowd and Harry Crawford

The Internet of Things (IoT) allows unprecedented interconnectivity for consumers, and unfortunately for those consumers, hackers as well.

The European Union Agency for Network and Information Security (ENISA) recently released a report to provide insight into the security requirements of IoT and good practices recommendations on preventing and mitigating cyber-attacks against IoT systems. The report even includes examples of IoT cyber security attack scenarios.

Amazon Web Services announces Internet of Things (IoT) security service

Dec 04 2017

By Cameron Abbott and Giles Whittaker

Amazon Web Services rolled out an IoT service called IoT Device Defender to limit risks from unsecured IoT devices. The service will monitor an entire fleet of devices for compliance policies and best practices. As such, an organization can set the normal operational parameters and policies for a given fleet of devices and then Device Defender will make sure those policies are enforced.

Catagory:Legal & Regulatory Risk