Tag: Australian privacy laws

1
Human error accounts for 34% of Notifiable Data Breaches – 3 key take outs from the latest OAIC report
2
Government committed to introducing Mandatory Data Breach Notification laws
3
Privacy concerns over Westfield’s ticketless parking system

Human error accounts for 34% of Notifiable Data Breaches – 3 key take outs from the latest OAIC report

By Cameron Abbott and Karla Hodgson

The Office of the Australian Information Commissioner has released its Q2 statistics on notifications received under the Notifiable Data Breach (NDB) scheme. The 245 breach notifications in Q2 are on par with each other quarter since the scheme was introduced in July 2018 and while the majority of NDBs (62%) are attributed to malicious or criminal attacks, we noted with interest that a staggering 34% are due to human error – that is, mostly avoidable errors made by staff. A consistent theme of our blogs is reinforcing the message that employees are the front line of defence for organisations.

There are 3 key statistics we took away from these human error NDBs.

Read More

Government committed to introducing Mandatory Data Breach Notification laws

By Cameron Abbott and Rebecca Murray

After much delay, a spokesperson for Attorney-General, George Brandis has said the government is committed to introducing the Mandatory Data Breach Notification laws this year. We will be sure to look out for it during the next term of Parliament. You can find more information on the proposed scheme and its regulatory impact on the Attorney General’s Department consultation for Serious Data Breach Notification webpage.

 

Privacy concerns over Westfield’s ticketless parking system

By Cameron Abbott, Meg Aitken and Shirley Chen

Westfield has sidelined the SMS feature of its ticketless parking system this week due to concerns it breached Australian privacy laws.

Westfield’s newfangled ticketless parking system attempted to make parking quicker and easier for shoppers by scanning car number plates on entry and exit of their carparks, and sending an SMS notification to registered parkers recording their entry time and an alert message when their free parking time was nearly up. To register for the service, users were merely required to provide a name, license plate number and phone number (with no verification).

Privacy experts raised the alarm that any person could register false details and track another person’s physical location via the SMS notifications. This was a particular worry for those in domestic violence situations and could also potentially enable stalking or thieves to determine when homeowners had left their houses. The feature’s Terms and Conditions failed to address any of these issues.

The SMS service is currently suspended as internal investigations are conducted, though the rest of the ticketless parking system and app continue to operate.

Learn more about the ticketless parking system here.

Read the ITNews report on the issue here.

 

Copyright © 2019, K&L Gates LLP. All Rights Reserved.