Tag: Australian privacy laws

1
Uniformity of Law II: NSW Government pledges to introduce Mandatory Data Breach Reporting in respect to State Government Agencies
2
Front and Centre: Privacy makes Front-Page, without a breach!
3
Human error accounts for 34% of Notifiable Data Breaches – 3 key take outs from the latest OAIC report
4
Government committed to introducing Mandatory Data Breach Notification laws
5
Privacy concerns over Westfield’s ticketless parking system

Uniformity of Law II: NSW Government pledges to introduce Mandatory Data Breach Reporting in respect to State Government Agencies

Cameron Abbott, Warwick Andersen and Max Evans

Following on from the consultation opened by the NSW Government in July 2019 (the subject of a previous blog), NSW Attorney-General Mark Speakman has committed to introducing a mandatory data breach scheme, according to an article by ITNews.

At present, neither NSW privacy laws nor the notifiable data breach scheme under Part IIIC of the Privacy Act 1988 (Cth) require public sector agencies in NSW to notify the NSW Privacy Commissioner and affected individuals where a data breach creates a risk of serious harm. This led to a consultation conducted by the Department of Communities and Justice in late 2019, which revealed “overwhelming public support” for the introduction of a mandatory data breach scheme in NSW, with the NSW Government “sharing a view” that the relevant scheme should be introduced.

Read More

Front and Centre: Privacy makes Front-Page, without a breach!

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

Privacy lawyers have been waiting for this day for years (some of us decades). Privacy is on the front page of the Sydney Morning Herald and the Age, despite there being no actual data breach. According to the article, Alinta Energy, one of the Australia’s biggest energy companies, is putting the privacy of its over 1.1 million retail gas and electricity customers at risk through poor privacy protections and a lack of proper oversight.

While this is an interesting piece of investigative journalism, what is really interesting is that privacy is now newsworthy even in the absence of a data breach.  It has been a long time coming but it seems society now rates privacy as front page news.  As our lawyers have already been pointing out in giving presentations this year – privacy has finally hit the big time!

Human error accounts for 34% of Notifiable Data Breaches – 3 key take outs from the latest OAIC report

By Cameron Abbott and Karla Hodgson

The Office of the Australian Information Commissioner has released its Q2 statistics on notifications received under the Notifiable Data Breach (NDB) scheme. The 245 breach notifications in Q2 are on par with each other quarter since the scheme was introduced in July 2018 and while the majority of NDBs (62%) are attributed to malicious or criminal attacks, we noted with interest that a staggering 34% are due to human error – that is, mostly avoidable errors made by staff. A consistent theme of our blogs is reinforcing the message that employees are the front line of defence for organisations.

There are 3 key statistics we took away from these human error NDBs.

Read More

Government committed to introducing Mandatory Data Breach Notification laws

By Cameron Abbott and Rebecca Murray

After much delay, a spokesperson for Attorney-General, George Brandis has said the government is committed to introducing the Mandatory Data Breach Notification laws this year. We will be sure to look out for it during the next term of Parliament. You can find more information on the proposed scheme and its regulatory impact on the Attorney General’s Department consultation for Serious Data Breach Notification webpage.

 

Privacy concerns over Westfield’s ticketless parking system

By Cameron Abbott, Meg Aitken and Shirley Chen

Westfield has sidelined the SMS feature of its ticketless parking system this week due to concerns it breached Australian privacy laws.

Westfield’s newfangled ticketless parking system attempted to make parking quicker and easier for shoppers by scanning car number plates on entry and exit of their carparks, and sending an SMS notification to registered parkers recording their entry time and an alert message when their free parking time was nearly up. To register for the service, users were merely required to provide a name, license plate number and phone number (with no verification).

Privacy experts raised the alarm that any person could register false details and track another person’s physical location via the SMS notifications. This was a particular worry for those in domestic violence situations and could also potentially enable stalking or thieves to determine when homeowners had left their houses. The feature’s Terms and Conditions failed to address any of these issues.

The SMS service is currently suspended as internal investigations are conducted, though the rest of the ticketless parking system and app continue to operate.

Learn more about the ticketless parking system here.

Read the ITNews report on the issue here.

 

Copyright © 2019, K&L Gates LLP. All Rights Reserved.