Privacy, Data Protection & Information Management – Page 12

A phishing pandemic – Part II

Apr 08 2020

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

In part 1 of this blog, we highlighted the increase in phishing scams in light of the global COVID-19 pandemic. In this part 2, we discuss some practical tips that organisations can implement to mitigate the heightened risks of falling prey to such scams.

So, where to begin? You may have seen a recently published alert on the K&L Gates Hub: Responding to COVID-19 series, which provides high level ideas and tips for organisations when implementing remote working procedures for their employees. In particular, organisations should consider implementing:

Apr 06 2020

By Cameron Abbott, Warwick Andersen, Rob Pulham, Allison Wallace and Max Evans

It hasn’t even been 10 days since our previous Blog on Zoom, which highlighted a number of privacy and data security issues prevalent in the use of the popular telecommunications software, and already further privacy issues have been alleged. Let’s put these allegations under the magnifying glass:

Disclosure to Facebook: Even If You don’t have an Account

Firstly, Vice reports that the iOS version of the Zoom app transfers analytics data to Facebook, even if Zoom users don’t have a Facebook account, without disclosing as such in its Privacy Policy.

Mar 30 2020

By Cameron Abbott, Warwick Andersen, and Max Evans

As the world grinds to a halt following the dispersion of COVID-19 and businesses around the globe experience a significant downturn, more and more businesses are turning towards their Business Continuity Plan (BCP) in order to mitigate the potential impacts of this worldwide emergency on business sustainability. However, a key aspect of BCP’s is that they encapsulate the full scale of collateral issues that may arise from such an emergency.

From a technology perspective, BCP’s need to consider access. This issue is twofold: being access to premises in which businesses operate in order to correct system defects and system outages, as well as access to external premises that provide technology services such as data storage or data security services.

Mar 26 2020

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

As the world grinds to a halt following the perpetuation of COVID-19, more and more businesses have turned to remote work arrangements. This has led to a sharp rise in the use of videoconferencing technology Zoom. However, as the Australian Financial Review notes, flawed data security and privacy practices mean that the use of Zoom could be disastrous for corporate and personal privacy.

Concerns surrounding the use of Zoom arose earlier this year, with critical security vulnerabilities enabling hackers to predict Meeting ID’s and therefore join active meetings, and also allowing any website to forcibly join a user to a Zoom call with their video camera activated and without the user’s permission. Whilst a number of these errors were patched up, as the article notes, Zoom refused to disable the ability for hackers to forcibly join to a call anyone visiting a malicious site, raising security red flags and undermining public confidence in Zoom’s attitude towards data security. A strange response given that part of its attraction had been a perceived stronger approach to security.

Mar 25 2020

By Cameron Abbott, Michelle Aggromito and Rebecca Gill

It’s upsetting to report, but should come as no surprise, that scammers are seeking to take advantage of organisations during the COVID-19 pandemic.

The Australian Competition and Consumer Commission’s Scamwatch website reports that phishing attacks are on the rise, with scammers impersonating the World Health Organisation and other agencies. Scams include anything from offering victims a vaccine for COVID-19 to investment opportunities created by the pandemic.

Mar 25 2020

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

A slew of Asian countries have begun to use telecommunications networks, Smart Phone Applications and messaging services to assign, inform, track and/or monitor individuals which may have contracted COVID-19, including those which are required to undertake a process of self-isolation, according to articles from Wired, Channel News Asia and Bangkok Post.

In China, apps such as WeChat and AliPay have been utilised to assign individuals health codes, referred to as colour codes, to determine whether they should undertake a process of self-isolation. According to the NY Times a green code enables its holder to move about unrestricted, a yellow code asks the individual to stay home for seven days whilst a red code requires a two-week quarantine. In South Korea, government authorities have sent out texts detailing the movements of specific people infected with COVID in addition to using a smartphone app to ensure people who are required to self-isolate are staying home.

Mar 19 2020

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

Nothing can stop us from talking about privacy, including a pandemic! Yesterday, the Office of the Australian Information Commissioner (OAIC) issued guidance on the collection, use and disclosure of personal information during the COVID-19 pandemic (Guidance).

It mainly serves as a reminder to organisations that even in these pressing times, they must comply with the Australian privacy regime. However, it also highlights what organisations can collect and do with personal information for the purposes of preventing and managing the spread of COVID-19.

Mar 11 2020

By Cameron Abbott, Rob Pulham and Rebecca Gill

In a first for Australia, the Australian Information Commissioner (Commissioner) has launched proceedings in the Federal Court of Australia, seeking penalties against Facebook for serious and/or repeated interferences with privacy. The contraventions relate to the conduct disclosed by the Cambridge Analytica scandal, which involved the This is Your Digital Life app (App). We’ve previously blogged about the App here.

It is unclear how the penalties will be calculated in this proceeding. The penalty rate applicable to the relevant period (being from March 2014 to May 2015) is a maximum of $1.7 million. Some have suggested that fines may be in the billions if the maximum rate is applied to each individual affected as a single “contravention” (with possibly over 300,000 contraventions in total!). This may be fun to calculate, but highly unlikely to be applied in reality.

Mar 05 2020

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

Privacy lawyers have been waiting for this day for years (some of us decades). Privacy is on the front page of the Sydney Morning Herald and the Age, despite there being no actual data breach. According to the article, Alinta Energy, one of the Australia’s biggest energy companies, is putting the privacy of its over 1.1 million retail gas and electricity customers at risk through poor privacy protections and a lack of proper oversight.

While this is an interesting piece of investigative journalism, what is really interesting is that privacy is now newsworthy even in the absence of a data breach. It has been a long time coming but it seems society now rates privacy as front page news. As our lawyers have already been pointing out in giving presentations this year – privacy has finally hit the big time!

You’ve got mail…and lots of it according to the latest OAIC report!

By Cameron Abbott and Michelle Aggromito

With email being one of the most common forms of communication, it’s not surprising that inboxes these days accumulate thousands of emails that, perhaps, aren’t always electronically filed or deleted (not ours of course).

As the Office of the Australian Information Commissioner (OAIC) has indicated in its most recent report on notifications received under the Notifiable Data Breach (NBD) scheme, email accounts are frequently being used for storage, and this raises inherent risk. Yes it’s convenient, but using email to send personal information, such as copies of passports, bank account details and credit card information, can very quickly lose its appeal. If the email account is accessed by a malicious actor through a phishing attack or a rogue employee, the end result can be exploitation of that information for criminal gain.

Catagory:Privacy, Data Protection & Information Management

A phishing pandemic – Part II

Zooming In: “Zoom’s” Significant Privacy and Data Security Risks brought to Light Again (and Again)

Forgotten Issues: What Business Continuity Planning in the COVID-19 Era Isn’t Contemplating

Not So Zoomy: Use of Videoconferencing Technology “Zoom” on the Rise, but Privacy and Data Security Inadequacies suggest Users should Tread Carefully

A phishing pandemic – Part I

Doctor, how are we tracking? China, South Korea, Singapore and Thailand Using Smart Phone Applications to Halt the Spread of Corona Virus

Privacy in the time of COVID-19

This is your digital life (of no consent or control): The Australian Information Commissioner takes Facebook to Court

Front and Centre: Privacy makes Front-Page, without a breach!

You’ve got mail…and lots of it according to the latest OAIC report!