Cyber Law Watch

Doctor, how are we tracking? China, South Korea, Singapore and Thailand Using Smart Phone Applications to Halt the Spread of Corona Virus

Mar 25 2020

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

A slew of Asian countries have begun to use telecommunications networks, Smart Phone Applications and messaging services to assign, inform, track and/or monitor individuals which may have contracted COVID-19, including those which are required to undertake a process of self-isolation, according to articles from Wired, Channel News Asia and Bangkok Post.

In China, apps such as WeChat and AliPay have been utilised to assign individuals health codes, referred to as colour codes, to determine whether they should undertake a process of self-isolation. According to the NY Times a green code enables its holder to move about unrestricted, a yellow code asks the individual to stay home for seven days whilst a red code requires a two-week quarantine. In South Korea, government authorities have sent out texts detailing the movements of specific people infected with COVID in addition to using a smartphone app to ensure people who are required to self-isolate are staying home.

Mar 19 2020

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

Nothing can stop us from talking about privacy, including a pandemic! Yesterday, the Office of the Australian Information Commissioner (OAIC) issued guidance on the collection, use and disclosure of personal information during the COVID-19 pandemic (Guidance).

It mainly serves as a reminder to organisations that even in these pressing times, they must comply with the Australian privacy regime. However, it also highlights what organisations can collect and do with personal information for the purposes of preventing and managing the spread of COVID-19.

Mar 16 2020

Cameron Abbott, Warwick Andersen and Max Evans

Following on from the consultation opened by the NSW Government in July 2019 (the subject of a previous blog), NSW Attorney-General Mark Speakman has committed to introducing a mandatory data breach scheme, according to an article by ITNews.

At present, neither NSW privacy laws nor the notifiable data breach scheme under Part IIIC of the Privacy Act 1988 (Cth) require public sector agencies in NSW to notify the NSW Privacy Commissioner and affected individuals where a data breach creates a risk of serious harm. This led to a consultation conducted by the Department of Communities and Justice in late 2019, which revealed “overwhelming public support” for the introduction of a mandatory data breach scheme in NSW, with the NSW Government “sharing a view” that the relevant scheme should be introduced.

Mar 11 2020

By Cameron Abbott, Rob Pulham and Rebecca Gill

In a first for Australia, the Australian Information Commissioner (Commissioner) has launched proceedings in the Federal Court of Australia, seeking penalties against Facebook for serious and/or repeated interferences with privacy. The contraventions relate to the conduct disclosed by the Cambridge Analytica scandal, which involved the This is Your Digital Life app (App). We’ve previously blogged about the App here.

It is unclear how the penalties will be calculated in this proceeding. The penalty rate applicable to the relevant period (being from March 2014 to May 2015) is a maximum of $1.7 million. Some have suggested that fines may be in the billions if the maximum rate is applied to each individual affected as a single “contravention” (with possibly over 300,000 contraventions in total!). This may be fun to calculate, but highly unlikely to be applied in reality.

Mar 06 2020

By Cameron Abbott and Max Evans

Following Australia’s latest round of expanded 5G restrictions, the South Australian Government has made a decision to remove all close circuit surveillance cameras made by a Chinese surveillance giant from health department buildings, according to an article by the Sydney Morning Herald.

The article notes that the relevant cameras are made by the partially state-owned Chinese surveillance technology company Hikvision, which was blacklisted in October 2019 by the United States for their alleged role in human rights violations and in purporting to create a surveillance network amongst federal agencies. Issues with Hikvision in South Australia were first identified in the course of a Commonwealth-funded trial in which Hikvision cameras were to be used in the rooms of aged care residents as a means to improve overall safety.

Mar 05 2020

By Cameron Abbott, Warwick Andersen, Rob Pulham and Max Evans

Privacy lawyers have been waiting for this day for years (some of us decades). Privacy is on the front page of the Sydney Morning Herald and the Age, despite there being no actual data breach. According to the article, Alinta Energy, one of the Australia’s biggest energy companies, is putting the privacy of its over 1.1 million retail gas and electricity customers at risk through poor privacy protections and a lack of proper oversight.

While this is an interesting piece of investigative journalism, what is really interesting is that privacy is now newsworthy even in the absence of a data breach. It has been a long time coming but it seems society now rates privacy as front page news. As our lawyers have already been pointing out in giving presentations this year – privacy has finally hit the big time!

You’ve got mail…and lots of it according to the latest OAIC report!

By Cameron Abbott and Michelle Aggromito

With email being one of the most common forms of communication, it’s not surprising that inboxes these days accumulate thousands of emails that, perhaps, aren’t always electronically filed or deleted (not ours of course).

As the Office of the Australian Information Commissioner (OAIC) has indicated in its most recent report on notifications received under the Notifiable Data Breach (NBD) scheme, email accounts are frequently being used for storage, and this raises inherent risk. Yes it’s convenient, but using email to send personal information, such as copies of passports, bank account details and credit card information, can very quickly lose its appeal. If the email account is accessed by a malicious actor through a phishing attack or a rogue employee, the end result can be exploitation of that information for criminal gain.

Mar 03 2020

By Cameron Abbott and Max Evans

We all know by now that technology, and the data obtained and analysed through it, has changed the way the world works and in particular, the way we do business. However, at the first American Chamber of Commerce in Australia (AmCham) Tech Talk Breakfast for 2020, hosted at K&L Gates by our very own Cameron Abbott, it appears that a large portion of the business world is still lagging in terms of utilising its own data resources, understanding the power of data generally and the need to establish and implement appropriate and comprehensive security protections and processes.

The four industry leading speakers, Martin Creighan of AT&T, Robert Le Busque of Verizon Enterprise Solutions, Melissa Osborne of Dell Technologies and Matthew Payton of Datacom explored the immense volume of data businesses collect, and the gap in many businesses between their current utilisation and the maximum value held by such data. The speakers noted the importance of having a robust data analysis resource pool with which to effectively analyse the vast amounts of data a business carries in order to maximise the utility of such data in informing ongoing business decisions.

No cyber insurance? Check your policy – you may be covered for more than you think

Mar 02 2020

By Cameron Abbott, Rob Pulham and Max Evans

Over the past 2 years we’ve seen a steady rise in interest in cyber insurance policies to cover key online risks.

However, as the terms and coverage for cyber insurance offerings steadily standardise, it may not be worth throwing out your old policies just yet.

In his recent article available here our colleague Gregory Wright discusses several recent US cases where insurance holders were found to be covered under more general policies of insurance – even if they weren’t specifically directed towards cyber risks.

A New Low: Red Cross subject to Fraudulent Claims for Bushfire Grants by Cyber Thieves

Mar 02 2020

By Cameron Abbott and Max Evans

If you thought cyber attackers couldn’t go any lower, think again. Cyber thieves are tying up valuable resources at the Australian Red Cross through computer generated applications for bushfire relief assistance, according to an article from the AAP.

According to the article, cyber thieves are using applications to automate hundreds of fraudulent attempts to access financial assistance from the Red Cross, which is distributing grants of up to $20,000 per application with a total grant of around $1,000,000 per day. In one community, there were applications made in respect of 15 homes that purportedly had been destroyed by bushfires, but when physically checked remained unaffected. Go figure!

Doctor, how are we tracking? China, South Korea, Singapore and Thailand Using Smart Phone Applications to Halt the Spread of Corona Virus

Privacy in the time of COVID-19

Uniformity of Law II: NSW Government pledges to introduce Mandatory Data Breach Reporting in respect to State Government Agencies

This is your digital life (of no consent or control): The Australian Information Commissioner takes Facebook to Court

Watching Me, Watching You: Chinese Surveillance Cameras Banned in South Australia amidst Security Concerns

Front and Centre: Privacy makes Front-Page, without a breach!

You’ve got mail…and lots of it according to the latest OAIC report!

Utilize and Protect: 2020 AmCham Tech Panel explores complexities of the Data World

No cyber insurance? Check your policy – you may be covered for more than you think

A New Low: Red Cross subject to Fraudulent Claims for Bushfire Grants by Cyber Thieves