A number of legal professionals, with significant experience in the field of privacy law, have signed an open letter to encourage individuals to download the Commonwealth Government’s COVIDSafe App.
Among the privacy lawyers are members of K&L Gates own Australian privacy team (and the authors of this blog post) Cameron Abbott, Rob Pulham, Warwick Andersen, Michelle Aggromito and Allison Wallace.
The open letter is signed by members in their personal capacity, and signals that people who care about privacy a lot can still think that supporting the health and economic objectives of the App is more important at this time.
As at the date of this post, more than 5 million people have downloaded the App, with more needed to reach the Commonwealth Government’s target of 40% of the Australian population.
In Part I of this blog, we briefly touched on some of the safeguards that the Commonwealth Government has indicated that they will implement to address privacy concerns. Those proposed new safeguards are intended to satisfy many of the privacy concerns. However, there are additional safeguards that have been implemented in connection with the functionality of the App, which we focus on in Part II here.Read More
The Federal Government’s coronavirus tracing app has raised some privacy concerns amongst the Australian public. Even some of our government Ministers have ruled out downloading the app due to such concerns! However, the independent cyber security body tasked with reviewing the app has said that it has found no major concerns with it.Read More
With email being one of the most common forms of communication, it’s not surprising that inboxes these days accumulate thousands of emails that, perhaps, aren’t always electronically filed or deleted (not ours of course).
As the Office of the Australian Information Commissioner (OAIC) has indicated in its most recent report on notifications received under the Notifiable Data Breach (NBD) scheme, email accounts are frequently being used for storage, and this raises inherent risk. Yes it’s convenient, but using email to send personal information, such as copies of passports, bank account details and credit card information, can very quickly lose its appeal. If the email account is accessed by a malicious actor through a phishing attack or a rogue employee, the end result can be exploitation of that information for criminal gain.Read More
We all know by now that technology, and the data obtained and analysed through it, has changed the way the world works and in particular, the way we do business. However, at the first American Chamber of Commerce in Australia (AmCham) Tech Talk Breakfast for 2020, hosted at K&L Gates by our very own Cameron Abbott, it appears that a large portion of the business world is still lagging in terms of utilising its own data resources, understanding the power of data generally and the need to establish and implement appropriate and comprehensive security protections and processes.
The four industry leading speakers, Martin Creighan of AT&T, Robert Le Busque of Verizon Enterprise Solutions, Melissa Osborne of Dell Technologies and Matthew Payton of Datacom explored the immense volume of data businesses collect, and the gap in many businesses between their current utilisation and the maximum value held by such data. The speakers noted the importance of having a robust data analysis resource pool with which to effectively analyse the vast amounts of data a business carries in order to maximise the utility of such data in informing ongoing business decisions.Read More
Dating apps, for many young people, are a fact of life. Meeting someone these days in real-life rather than through a simple swipe right appears to have become the exception, belonging more to any number of 90s teen “romcoms” than it does to real life.
According to an article by Reuters however, in recent times dating app Grindr has been the subject of a complaint by the Norwegian Consumer Council (NCC) in relation to a breach of privacy rules as set out in the European Union’s General Data Protection Regulation, implemented in 2018.Read More
In October, the US Department of Defence (DoD) awarded the Joint Enterprise Defence Infrastructure (JEDI) contract to Microsoft to overhaul its IT infrastructure – a huge show of confidence in infrastructure as a service (IaaS).
The DoD’s award of the 10-year, $10 billion JEDI contract to Microsoft is an endorsement of the secure nature of Azure, Microsoft’s cloud computing service. Under this deal, Microsoft’s task is to create a globally responsive network and monitor ongoing issues such as bugs and breaches. Part of the deal involves moving sensitive data, including classified mission operations, to Microsoft Azure. The system must be fortified with robust cyber security and encryption as Microsoft bears the important responsibility for the defence of the US.
The DoD’s decision to move to the cloud is a clear signal that IaaS has come of age, considering when such a security sensitive operation is able to use the service.
In just a short few weeks, a monumental change of privacy regulations will kick in for US businesses. On 1 January 2020, the California Consumer Privacy Act (CCPA) will come into effect, with a compliance deadline at the end of January 2020, and signifies a shift in tone in the privacy sphere for the US – with a move closer to global privacy norms, and away from the perspective that personal data is a company asset.
A series of data disasters such as Facebook’s Cambridge Analytica scandal and the massive Equifax breach left many Americans feeling powerless. Regulators stepped in after the fact to punish the companies, but at the time, there was little that U.S. consumers could do to prevent data breaches. Under the CCPA, Americans (well, Californians, mostly) move a step closer to general privacy protection. However, the Act only targets larger companies or those with prolific data use so there is still a long way to go to being general protection.
In October, the California Governor signed five bills to amend CCPA to provide some regulatory relief for businesses when the CCPA comes into effect. For a detailed analysis on the amendments, we refer you to Volume 2 of our colleagues’ Volume 2 of The Privacists available at the K&L Gates Hub.
We have blogged numerous times on the notifiable data breach scheme provided for in Part IIIC of Privacy Act 1988 (Cth) including more recently in relation to its success in assisting the preparedness of the health sector to report and respond to data breaches.
Whilst the NSW Information Privacy Commissioner recommends that public sector agencies notify it and affected individuals where a data breach creates a risk of serious harm, neither NSW privacy laws nor the notifiable data breach scheme require public sector agencies in NSW to provide such notification. There are many reasons for state government agencies to mandatorily report data breaches. Informing citizens when privacy breaches occur provides an opportunity for individual protection against potentially adverse consequences, whilst mandatory data breach reporting would address the current under-reporting of data breaches in NSW, which according to the consultation may be the norm.Read More