Tag: Privacy Act

1
Uniformity of Law II: NSW Government pledges to introduce Mandatory Data Breach Reporting in respect to State Government Agencies
2
Uniformity of Law: NSW Government opens consultation to consider making Data Breach Reporting mandatory in respect of State Government Agencies
3
OAIC’s controversial decision broadens scope for the disclosure of personal information
4
Another Facebook app leaves anonymised data of 3 million users potentially exposed
5
Family Planning NSW the latest victim of cyber attacks
6
Over half of notifiable data breaches caused by human error
7
Mark Zuckerberg to testify to US Congress as Facebook indicates Cambridge Analytica accessed data from up to 87 million accounts
8
De-identification of Data and Privacy
9
Privacy risks in collecting donations
10
Australia’s new data breach notification laws: what they mean for you

Uniformity of Law II: NSW Government pledges to introduce Mandatory Data Breach Reporting in respect to State Government Agencies

Cameron Abbott, Warwick Andersen and Max Evans

Following on from the consultation opened by the NSW Government in July 2019 (the subject of a previous blog), NSW Attorney-General Mark Speakman has committed to introducing a mandatory data breach scheme, according to an article by ITNews.

At present, neither NSW privacy laws nor the notifiable data breach scheme under Part IIIC of the Privacy Act 1988 (Cth) require public sector agencies in NSW to notify the NSW Privacy Commissioner and affected individuals where a data breach creates a risk of serious harm. This led to a consultation conducted by the Department of Communities and Justice in late 2019, which revealed “overwhelming public support” for the introduction of a mandatory data breach scheme in NSW, with the NSW Government “sharing a view” that the relevant scheme should be introduced.

Read More

Uniformity of Law: NSW Government opens consultation to consider making Data Breach Reporting mandatory in respect of State Government Agencies

By Cameron Abbott, Warwick Anderson and Max Evans

We have blogged numerous times on the notifiable data breach scheme provided for in Part IIIC of Privacy Act 1988 (Cth) including more recently in relation to its success in assisting the preparedness of the health sector to report and respond to data breaches.

Whilst the NSW Information Privacy Commissioner recommends that public sector agencies notify it and affected individuals where a data breach creates a risk of serious harm, neither NSW privacy laws nor the notifiable data breach scheme require public sector agencies in NSW to provide such notification. There are many reasons for state government agencies to mandatorily report data breaches. Informing citizens when privacy breaches occur provides an opportunity for individual protection against potentially adverse consequences, whilst mandatory data breach reporting would address the current under-reporting of data breaches in NSW, which according to the consultation may be the norm.

Read More

OAIC’s controversial decision broadens scope for the disclosure of personal information

By Warwick Andersen, Rob Pulham and Georgia Mills

In 2017 Andie Fox, a recipient of Centrelink benefits, wrote a highly critical opinion piece on Centrelink’s debt recovery system, alleging that she was being pursued for a non-existent debt.  In response Centrelink provided Ms Fox’s personal information, previous communications and claims history to a journalist who published an article claiming that Centrelink had been ‘unfairly castigated’ by Fox.  The OAIC commenced an investigation into the release and has controversially confirmed Centrelink’s disclosure as permitted under the Privacy Act.

Read More

Another Facebook app leaves anonymised data of 3 million users potentially exposed

By Cameron Abbott and Keely O’Dowd

Recent news reports have revealed that Facebook has been hit with another data scandal.

The anonymised data of approximately 3 million Facebook users has reportedly been published on a poorly protected website. This data was originally collected via a Facebook quiz app called “myPersonality”. The myPersonality app was developed as part of the “myPersonality project” run by academics at the University of Cambridge’s The Psychometrics Centre.

Read More

Family Planning NSW the latest victim of cyber attacks

By Cameron Abbott and Allison Wallace

Up to 8000 clients of Family Planning New South Wales have been affected by a ransomware attack on the NGO’s website. No the sort of records people every want to see disclosed.

The website was hacked on ANZAC Day, with the personal information of clients who had contacted FPNSW  in the past 2 and a half years compromised – including details such as names, contact details and reasons for enquiries.

 

Read More

Over half of notifiable data breaches caused by human error

By Warwick Andersen, Rob Pulham and Keely O’Dowd

Following on from Friday’s blog, we have looked at a particular aspect of the Office of the Australian Information Commissioner’s Notifiable Data Breaches Scheme quarterly report in more detail.

Read More

Mark Zuckerberg to testify to US Congress as Facebook indicates Cambridge Analytica accessed data from up to 87 million accounts

By Warwick Andersen, Rob Pulham, Allison Wallace and Sarah Goegan

Facebook indicated in a blog post yesterday that information of up to 87 million people – 37 million more than originally revealed – may have been improperly shared with Cambridge Analytica.

Facebook also reported that this may have included data of more than 300,000 Australians. The company’s chief technology officer, Mike Schroepfer, said the company would make major changes to the way third-parties can access data on the platform. He also said users would be informed if their information could have been improperly shared with Cambridge Analytica.

Read More

De-identification of Data and Privacy

By Cameron Abbott, Keely O’Dowd, Giles Whittaker and Harry Crawford

As promised in a previous blog post, K&L Gates have performed an in-depth analysis of the risks of relying on de-identification of data to protect privacy, in the wake of researchers successfully re-identifying de-identified medical data that was released by the Australian Department of Health in 2016.

Read the article on the K&L Gates HUB here.

Privacy risks in collecting donations

By Cameron Abbott and Olivia Coburn

Charities are increasingly employing commercial approaches to funding, lobbying and fundraising to fuel their invaluable work. In doing so, charities need to be cautious of mishandling the donor’s personal information that they collect together with the donation.

Donors are frequently being asked to provide information such as home address, email address and their mobile phone number. In some instances charities will not accept money unless this personal information is also provided.

Read More

Australia’s new data breach notification laws: what they mean for you

By Cameron Abbott, Rob Pulham and Allison Wallace

Further to our blog post yesterday, we’ve prepared a summary into the implications of the Privacy Amendment (Notifiable Data Breaches) Bill 2017 that has now been passed by both houses of Parliament. Read our article here.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.