Privacy, Data Protection & Information Management – Page 28

McDonald’s India (inadvertently) delivering more than just burgers in India

Mar 28 2017

McDonald’s has fallen foul of customer expectations after its McDelivery app leaked the personal information of about 2.2 million users.

Access to the names, emails, home addresses and phone numbers of users was made readily available due to a poorly configured server, according to security firm Fallible.

The fast food giant told the Times of India that the app is safe to use – but Fallible tested the app again after McDonald’s said it had updated it to fix the issue, and found that it was still leaking data.

Old-school data breach sees hospital investigated

Mar 28 2017

By Cameron Abbott and Allison Wallace

While health institutions around the world work to secure patients’ personal information and prevent the hacking or leaking of data from their systems, one Melbourne hospital is being investigated after medical records were found lying in a gutter in a nearby street.

Fairfax Media reports Australia’s Privacy Commissioner Timothy Pilgrim is investigating how the paper records of 31 patients of the John Fawkner Private Hospital were removed from the premises last month.

The documents, which were found by a local resident, were sent to both the Privacy Commissioner, and Victoria’s Health Complaints Commissioner.

Under current legislation, there is no obligation for the hospital to notify the affected patients that their privacy has been breached. All this will change under the new data breach notification laws, which were passed by the Australian government last month, and are expected to come into force within the next 12 months.

This breach is a timely reminder for all businesses, government agencies and other organisations covered by Australia’s privacy laws to take stock of how they store personal information – whether it be in a filing cabinet, on a hard-drive, or in a cloud – and ensure it is secure.

Is your IoT device putting you at risk?

Mar 21 2017

By Cameron Abbott and Giles Whittaker

As the uptake of IoT (Internet of Things) devices increases, industry experts question whether adequate cybersecurity measures are in place. While we are not surprised with the results of a recent survey, it has been confirmed that IoT devices represent the next big cybersecurity threat.

A Tripwire study found 96% of surveyed IT pros expect to see an increase in security attacks on IoT. The study acknowledges the promise of these devices in facilitating tasks and bringing convenience, but also notes the risk they pose as they’re not always built with security in mind. The study found the industries facing the biggest threat include energy, utilities, government, healthcare and finance with devices connecting the Industrial Internet of Things viewed as susceptible to serious consequences. David Meltzer, COO at Tripwire, says there must be a change in the level of preparation for such attacks or the realization of these risks will be experienced.

You are not alone! Rasomware attacks increase

Mar 21 2017

By Cameron Abbott and Giles Whittaker

While no one likes to admit that they have been caught out or victimised by cyber-attacks such as ransomware, what appears to be true is that a lot of organisations are. The lesson is that it is quite likely to happen so design your IT systems to give you a recovery option. No good having your back up encrypted as well!

A survey (reg. req.) of IT security decision makers by CyberEdge found that a whopping 61% of respondents’ organizations were victimized by ransomware in 2016. Among those hit by ransomware, 33% paid the ransom to recover their data, 54% refused to pay but recovered their data anyway, and 13% refused to pay and lost their data. In general, the report found the percentage of organizations being hit by successful cyber-attacks continues to rise, from 62% in 2014 to 70% in 2015, 76% in 2016, and 79% in 2017. Three in five respondents believe a successful cyber-attack is likely in the coming year.

Is Uber’s Greyball pushing the boundaries of what is legally and ethically OK?

Mar 13 2017

By Cameron Abbott and Allison Wallace

Ridesharing service Uber has been using a self-developed program called Greyball in a bid to avoid regulatory scrutiny and other law enforcement activity.

As reported in The New York Times, the program uses various techniques to survey government officials when rolling out the service in new cities. This came after Uber’s services encountered legal issues (including cars being impounded and drivers fined) as it tried to operate in new locations, including in Melbourne, Australia. Read More

Australia’s new data breach notification laws: what they mean for you

Feb 15 2017

By Cameron Abbott, Rob Pulham and Allison Wallace

Further to our blog post yesterday, we’ve prepared a summary into the implications of the Privacy Amendment (Notifiable Data Breaches) Bill 2017 that has now been passed by both houses of Parliament. Read our article here.

Australian data breach notification law passes both houses of Parliament

Feb 14 2017

By Cameron Abbott and Rob Pulham

For those who have been following the progress of the Australian data breach notification laws, as of yesterday (13 February 2017) the bill has been passed by both houses of Parliament and now awaits royal assent.

Update: Mandatory Data Breach Notification Laws closer to being introduced

Feb 07 2017

By Cameron Abbott and Allison Wallace

As foreshadowed by the Attorney General’s Department last year, the Australian government is pushing ahead with its plan to introduce mandatory data breach notification laws, with Parliament today agreeing to a third reading of the Privacy Amendment (Notifiable Data Breaches) Bill 2016. You can find more about the proposed legislation here. We’ll keep you updated as the bill makes its way through parliament.

India’s top court asks WhatsApp, Facebook to please explain over privacy policy

Jan 23 2017

By Cameron Abbott and Allison Wallace

A petition to challenge messenger service WhatsApp’s privacy policy in India is gaining momentum, with the Supreme Court this week issuing notices to WhatsApp, its owner Facebook, and the telecom regulator TRAI to respond to the court within two weeks.

The petitioners are incensed over WhatsApp’s changes to its privacy policy in September last year, which saw it begin sharing users information with Facebook, including their phone numbers. Those who didn’t agree with the new policy were given the option to “opt out” by deleting the app. This announcement came two years after WhatsApp was acquired by Facebook. Read More

SAP criticises impending EU data protection laws

Jan 18 2017

By Cameron Abbott and Allison Wallace

SAP has expressed concerns over the implications of the landmark EU data privacy regulations, saying the penalties that will be imposed are too high, and could impede the development of Europe’s start-up culture.

The data privacy regulation will be implemented in May 2018, and includes fines for EU companies up to 4 per cent of their global revenues if they commit a significant breach of data privacy.

In an interview with the Financial Times, SAP’s head of products and innovation, Bernd Leukert said he believes the penalties are too high, and put companies at risk of losing their entire revenue if they commit multiple breaches.

Mr Leukert said he also fears that the EU regulations were not properly aligned with laws in other jurisdictions, such as the US.

Catagory:Privacy, Data Protection & Information Management