November 2020 – Cyber Law Watch

Less than two weeks to go: New Zealand Privacy Act commences 1 December 2020

Nov 19 2020

On 1 December 2020, the New Zealand Privacy Act 2020 will come into operation and repeal and replace the Privacy Act 1993.

The Privacy Act 2020 modernises New Zealand’s privacy laws and seeks to keep pace with international standards and technology. While New Zealand’s new privacy legislation is not as onerous as other international privacy laws, such as the GDPR, it still introduces significant changes including:

mandatory data breach notification;
new investigative and regulatory powers for the New Zealand Privacy Commissioner; and
new criminal offences and penalties, including fines of up to $10,000.

Nov 11 2020

By Cameron Abbott, Warwick Andersen and Max Evans

The City of Port Phillip Council has accidentally published to data.gov.au personal information of an unknown number of residents who had reported graffiti, according to an article from ITNews supported by a statement released by the council.

According to the statement, during work to automate the generation of a graffiti dataset, an incorrect version was selected which led to the unapproved publication of personal information such as names, phone numbers and/or email addresses of the persons who reported graffiti to the council. As the article notes, of the approximately 764 email addresses and 859 phone numbers that were published, 53% of the email addresses belonged to businesses and 28% of the phone numbers were for landlines and 1300 numbers.

Nov 06 2020

By Cameron Abbott, Rob Pulham and Keely O’Dowd

In December 2019, the Australian Government announced it would conduct a review of the Privacy Act 1988 (Cth).

A year has almost passed and finally the Australian Government has publicly released details about the review. On 30 October 2020, the Australian Government released the Terms of Reference of the review. In particular, the review will cover:

The scope and application of the Privacy Act
Whether the Privacy Act effectively protects personal information and provides a practical and proportionate framework for promoting good privacy practices
Whether individuals should have direct rights of action to enforce privacy obligations under the Privacy Act
Whether a statutory tort for serious invasions of privacy should be introduced into Australian law
The impact of the notifiable data breach scheme and its effectiveness in meeting its objectives
The effectiveness of enforcement powers and mechanisms under the Privacy Act and how they interact with other Commonwealth regulatory frameworks
The desirability and feasibility of an independent certification scheme to monitor and demonstrate compliance with Australian privacy laws.

Nov 02 2020

By Cameron Abbott, Keely O’Dowd and Max Evans

Back in February, we blogged about the large scale ransomware attack experienced by Toll Group.

IT News reports Toll is still “mopping up” the damage caused by these attacks. Since July, Toll has embarked on a year-long accelerated cyber resilience program incorporating teams in India and Australia which led to the appointment of former Telstra Asia Pacific CISO Berin Lautenbach as Toll’s global head of information security in August.

Archive:November 2020

Less than two weeks to go: New Zealand Privacy Act commences 1 December 2020

Leaky Port: City of Port Phillip Inadvertently Discloses Personal Information on Federal Government Website

Continuing to take its Toll: Toll Group still feeling impacts nine months after experiencing Ransomware Attack