Tag: Privacy Act

1
OAIC’s controversial decision broadens scope for the disclosure of personal information
2
Another Facebook app leaves anonymised data of 3 million users potentially exposed
3
Family Planning NSW the latest victim of cyber attacks
4
Over half of notifiable data breaches caused by human error
5
Mark Zuckerberg to testify to US Congress as Facebook indicates Cambridge Analytica accessed data from up to 87 million accounts
6
De-identification of Data and Privacy
7
Privacy risks in collecting donations
8
Australia’s new data breach notification laws: what they mean for you
9
Privacy Commissioner releases a Guide to deal with data breaches
10
Hold the phone…is “metadata” personal information? Who knows?

OAIC’s controversial decision broadens scope for the disclosure of personal information

By Warwick Andersen, Rob Pulham and Georgia Mills

In 2017 Andie Fox, a recipient of Centrelink benefits, wrote a highly critical opinion piece on Centrelink’s debt recovery system, alleging that she was being pursued for a non-existent debt.  In response Centrelink provided Ms Fox’s personal information, previous communications and claims history to a journalist who published an article claiming that Centrelink had been ‘unfairly castigated’ by Fox.  The OAIC commenced an investigation into the release and has controversially confirmed Centrelink’s disclosure as permitted under the Privacy Act.

Read More

Another Facebook app leaves anonymised data of 3 million users potentially exposed

By Cameron Abbott and Keely O’Dowd

Recent news reports have revealed that Facebook has been hit with another data scandal.

The anonymised data of approximately 3 million Facebook users has reportedly been published on a poorly protected website. This data was originally collected via a Facebook quiz app called “myPersonality”. The myPersonality app was developed as part of the “myPersonality project” run by academics at the University of Cambridge’s The Psychometrics Centre.

Read More

Family Planning NSW the latest victim of cyber attacks

By Cameron Abbott and Allison Wallace

Up to 8000 clients of Family Planning New South Wales have been affected by a ransomware attack on the NGO’s website. No the sort of records people every want to see disclosed.

The website was hacked on ANZAC Day, with the personal information of clients who had contacted FPNSW  in the past 2 and a half years compromised – including details such as names, contact details and reasons for enquiries.

 

Read More

Over half of notifiable data breaches caused by human error

By Warwick Andersen, Rob Pulham and Keely O’Dowd

Following on from Friday’s blog, we have looked at a particular aspect of the Office of the Australian Information Commissioner’s Notifiable Data Breaches Scheme quarterly report in more detail.

Read More

Mark Zuckerberg to testify to US Congress as Facebook indicates Cambridge Analytica accessed data from up to 87 million accounts

By Warwick Andersen, Rob Pulham, Allison Wallace and Sarah Goegan

Facebook indicated in a blog post yesterday that information of up to 87 million people – 37 million more than originally revealed – may have been improperly shared with Cambridge Analytica.

Facebook also reported that this may have included data of more than 300,000 Australians. The company’s chief technology officer, Mike Schroepfer, said the company would make major changes to the way third-parties can access data on the platform. He also said users would be informed if their information could have been improperly shared with Cambridge Analytica.

Read More

De-identification of Data and Privacy

By Cameron Abbott, Keely O’Dowd, Giles Whittaker and Harry Crawford

As promised in a previous blog post, K&L Gates have performed an in-depth analysis of the risks of relying on de-identification of data to protect privacy, in the wake of researchers successfully re-identifying de-identified medical data that was released by the Australian Department of Health in 2016.

Read the article on the K&L Gates HUB here.

Privacy risks in collecting donations

By Cameron Abbott and Olivia Coburn

Charities are increasingly employing commercial approaches to funding, lobbying and fundraising to fuel their invaluable work. In doing so, charities need to be cautious of mishandling the donor’s personal information that they collect together with the donation.

Donors are frequently being asked to provide information such as home address, email address and their mobile phone number. In some instances charities will not accept money unless this personal information is also provided.

Read More

Australia’s new data breach notification laws: what they mean for you

By Cameron Abbott, Rob Pulham and Allison Wallace

Further to our blog post yesterday, we’ve prepared a summary into the implications of the Privacy Amendment (Notifiable Data Breaches) Bill 2017 that has now been passed by both houses of Parliament. Read our article here.

Privacy Commissioner releases a Guide to deal with data breaches

By Cameron Abbott, Rob Pulham and Simon Ly

On 11 April 2016, the Privacy Commissioner released a guide to deal with issues associated with data breaches. This is aimed at entities regulated by the Privacy Act 1988 (Cth) in order to assist them with complying with the Australian Privacy Principles.

When (and it is likely to be a matter of when and not if) your entity is subject to a data breach, whether it be through your system being hacked or if devices are lost or stolen, it is important that you are equipped to deal with it. It is important to get in front of such problems and have pre-prepared action plans given that it is likely that the first 24 hours will be the most crucial in determining your level of success in dealing with a data breach. Data breaches can be expensive, both in a monetary and reputational sense.

In the guide, the Privacy Commissioner highlighted that a written data breach response plan is an important tool to help deal with such issues. Such a plan should include:

  • actions to be taken if a breach is suspected, discovered or reported by a staff member, including escalation measures;
  • the members of the data breach response team; and
  • the actions the team are expected to take.

Such a plan needs to be regularly reviewed and updated, with all relevant staff kept up to date so that they know what actions they are expected to take.

The Privacy Commissioner suggests the following four steps to be taken when a data breach is discovered:

  1. contain the breach and do a preliminary assessment;
  2. evaluate the risks associated with the breach;
  3. develop a plan for notifying affected individuals and consider what information should be in any notification; and
  4. determine steps to be taken to prevent future breaches.

For more information, please feel free to contact us. You can find out more information on practical steps you can take here.

Copyright © 2018, K&L Gates LLP. All Rights Reserved.