Tag: personal information

1
Get with the program – China’s new privacy laws are coming
2
Leaky Port: City of Port Phillip Inadvertently Discloses Personal Information on Federal Government Website
3
“This is a public health app, it’s not a surveillance app”: Review finds “nothing particularly disturbing” about the Federal Government’s coronavirus tracing app
4
Privacy in the time of COVID-19
5
You’ve got mail…and lots of it according to the latest OAIC report!
6
Taking its Toll: Toll Shuts Down IT Systems Citing Cyber-Security Incident
7
“Totally Clueless”: Dating app Grindr reported for breach of privacy rules
8
You Can’t Throw the (Face)Book at Them: Affected Users Unable to Pursue Damages Claim against Facebook
9
Hand Out of the Cookie Jar: CJEU Issues Long-Awaited Decision on Cookies
10
Hospital systems in quarantine after ransomware attack in Victoria

Get with the program – China’s new privacy laws are coming

By Cameron Abbott and Ella Richards

The People’s Republic of China (PRC) passed the Personal Information Protection Law (PIPL) on Friday the 20th of August 2021. The new privacy regime strengthens the protection around the use and collection of personal data and introduces a new requirement for user consent.

The PIPL, closely resembling the European Union’s General Data Protection Regulation, prevents the personal data of PRC nationals from being transferred to countries with lower standards of data security; a rule that may pose inherent problems for foreign businesses. The PIPL was introduced following an increase in online scamming and individual service price discrimination – where the same service is offered at different prices based on a user’s shopping profile. However, while businesses and some state entities face stronger collection obligations, the PRC state security department will maintain full access to personal data.

Although the final draft of the PIPL is yet to be released, the new law is set to commence on the 1st of November 2021. Companies will face fines of up to 50 million yuan ($7.6 million USD), or 5% percent of their annual turnover if they fail to comply. For an in-depth discussion of the Draft PIPL released in August 2020, see our K&L Gates publication here.

Leaky Port: City of Port Phillip Inadvertently Discloses Personal Information on Federal Government Website

By Cameron Abbott, Warwick Andersen and Max Evans

The City of Port Phillip Council has accidentally published to data.gov.au personal information of an unknown number of residents who had reported graffiti, according to an article from ITNews supported by a statement released by the council.

According to the statement, during work to automate the generation of a graffiti dataset, an incorrect version was selected which led to the unapproved publication of personal information such as names, phone numbers and/or email addresses of the persons who reported graffiti to the council. As the article notes, of the approximately 764 email addresses and 859 phone numbers that were published, 53% of the email addresses belonged to businesses and 28% of the phone numbers were for landlines and 1300 numbers.

Read More

“This is a public health app, it’s not a surveillance app”: Review finds “nothing particularly disturbing” about the Federal Government’s coronavirus tracing app

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

The Federal Government’s coronavirus tracing app has raised some privacy concerns amongst the Australian public. Even some of our government Ministers have ruled out downloading the app due to such concerns! However, the independent cyber security body tasked with reviewing the app has said that it has found no major concerns with it.

Read More

Privacy in the time of COVID-19

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

Nothing can stop us from talking about privacy, including a pandemic! Yesterday, the Office of the Australian Information Commissioner (OAIC) issued guidance on the collection, use and disclosure of personal information during the COVID-19 pandemic (Guidance). 

It mainly serves as a reminder to organisations that even in these pressing times, they must comply with the Australian privacy regime. However, it also highlights what organisations can collect and do with personal information for the purposes of preventing and managing the spread of COVID-19.

Read More

You’ve got mail…and lots of it according to the latest OAIC report!

By Cameron Abbott and Michelle Aggromito

With email being one of the most common forms of communication, it’s not surprising that inboxes these days accumulate thousands of emails that, perhaps, aren’t always electronically filed or deleted (not ours of course).

As the Office of the Australian Information Commissioner (OAIC) has indicated in its most recent report on notifications received under the Notifiable Data Breach (NBD) scheme, email accounts are frequently being used for storage, and this raises inherent risk. Yes it’s convenient, but using email to send personal information, such as copies of passports, bank account details and credit card information, can very quickly lose its appeal. If the email account is accessed by a malicious actor through a phishing attack or a rogue employee, the end result can be exploitation of that information for criminal gain.

Read More

Taking its Toll: Toll Shuts Down IT Systems Citing Cyber-Security Incident

By Cameron Abbott, Max Evans and Florence Fermanis

We have our first large scale data breach of the decade. Toll, a transport and logistics network which delivers up to 95 million items globally every year, has temporarily shut down a number of its IT systems as a precautionary measure after suffering a cyber-security breach on Friday, according to an article by the SMH.

A spokesperson has indicated that Toll has cybersecurity experts working closely with their IT team on the breach, and is taking careful internal measures so that systems can be brought back up online in a “controlled and secured manner”. Additionally, Toll has initiated business continuity plans to minimise the disturbance brought on by the breach. While any official numbers of affected customers and the exact nature and extent of the breach have not yet been released by Toll, The Register has reported that the breach has reportedly affected customers in Australia, India and the Philippines.

Read More

“Totally Clueless”: Dating app Grindr reported for breach of privacy rules

By Cameron Abbott, Max Evans and Florence Fermanis

Dating apps, for many young people, are a fact of life. Meeting someone these days in real-life rather than through a simple swipe right appears to have become the exception, belonging more to any number of 90s teen “romcoms” than it does to real life.

According to an article by Reuters however, in recent times dating app Grindr has been the subject of a complaint by the Norwegian Consumer Council (NCC) in relation to a breach of privacy rules as set out in the European Union’s General Data Protection Regulation, implemented in 2018.

Read More

You Can’t Throw the (Face)Book at Them: Affected Users Unable to Pursue Damages Claim against Facebook

By Cameron Abbott, Max Evans and James Gray

A US federal judge has ruled that the 29 million Facebook users affected by the September 2018 data breach may not seek damages as a remedy, but can only pursue the enforcement of better security practices at Facebook, according to a report by Reuters. Judge Alsup of the US District Court stated that Facebook’s repetitive losses of users’ privacy indicated a long-term need for supervision, which comes in addition to prior judgment which indicated that Facebook’s views about user’s privacy expectations were “so wrong”.

Read More

Hand Out of the Cookie Jar: CJEU Issues Long-Awaited Decision on Cookies

By Cameron Abbott and Max Evans

Earlier this month, the Court of Justice of the European Union (CJEU) issued a long-awaited decision with respect to the requirements necessary for entities to satisfy in order to attain the valid consent of a user to the use of cookies to track and analyse his or her personal information.

Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.