APPs – Cyber Law Watch

Australian Privacy Act Under Review

Nov 06 2020

By Cameron Abbott, Rob Pulham and Keely O’Dowd

In December 2019, the Australian Government announced it would conduct a review of the Privacy Act 1988 (Cth).

A year has almost passed and finally the Australian Government has publicly released details about the review. On 30 October 2020, the Australian Government released the Terms of Reference of the review. In particular, the review will cover:

The scope and application of the Privacy Act
Whether the Privacy Act effectively protects personal information and provides a practical and proportionate framework for promoting good privacy practices
Whether individuals should have direct rights of action to enforce privacy obligations under the Privacy Act
Whether a statutory tort for serious invasions of privacy should be introduced into Australian law
The impact of the notifiable data breach scheme and its effectiveness in meeting its objectives
The effectiveness of enforcement powers and mechanisms under the Privacy Act and how they interact with other Commonwealth regulatory frameworks
The desirability and feasibility of an independent certification scheme to monitor and demonstrate compliance with Australian privacy laws.

FAKE APPS FIND A WAY TO GOOGLE PLAY!

Aug 05 2018

By Cameron Abbott and Jessica McIntosh

Over the last two months a string of fake banking apps have hit the Google Play store, leaving many customers wondering whether they have been affected by the scam. A report by security firm ESET found users of three Indian banks were targeted by the apps which all claimed to increase credit card limits, only to convince customers to divulge their personal data, including credit card and internet banking details. The impact of this scam was heightened as the data stolen from unsuspecting customers was then leaked online by way of an exposed server.

Privacy Commissioner releases a Guide to deal with data breaches

Apr 19 2016

By Cameron Abbott, Rob Pulham and Simon Ly

On 11 April 2016, the Privacy Commissioner released a guide to deal with issues associated with data breaches. This is aimed at entities regulated by the Privacy Act 1988 (Cth) in order to assist them with complying with the Australian Privacy Principles.

When (and it is likely to be a matter of when and not if) your entity is subject to a data breach, whether it be through your system being hacked or if devices are lost or stolen, it is important that you are equipped to deal with it. It is important to get in front of such problems and have pre-prepared action plans given that it is likely that the first 24 hours will be the most crucial in determining your level of success in dealing with a data breach. Data breaches can be expensive, both in a monetary and reputational sense.

In the guide, the Privacy Commissioner highlighted that a written data breach response plan is an important tool to help deal with such issues. Such a plan should include:

actions to be taken if a breach is suspected, discovered or reported by a staff member, including escalation measures;
the members of the data breach response team; and
the actions the team are expected to take.

Such a plan needs to be regularly reviewed and updated, with all relevant staff kept up to date so that they know what actions they are expected to take.

The Privacy Commissioner suggests the following four steps to be taken when a data breach is discovered:

contain the breach and do a preliminary assessment;
evaluate the risks associated with the breach;
develop a plan for notifying affected individuals and consider what information should be in any notification; and
determine steps to be taken to prevent future breaches.

For more information, please feel free to contact us. You can find out more information on practical steps you can take here.

Tag:APPs