The cyber attack, reported by Channel Nine as a variation of a ransomware attack, struck early Sunday morning, resulting in television and digital production systems being offline for more than 24 hours. The attack impaired Channel Nine’s ability to broadcast from its Sydney studios, forcing the media outlet to shift operations to its Melbourne studios.Read More
Following on from the consultation opened by the NSW Government in July 2019 (the subject of a previous blog), NSW Attorney-General Mark Speakman has committed to introducing a mandatory data breach scheme, according to an article by ITNews.
At present, neither NSW privacy laws nor the notifiable data breach scheme under Part IIIC of the Privacy Act 1988 (Cth) require public sector agencies in NSW to notify the NSW Privacy Commissioner and affected individuals where a data breach creates a risk of serious harm. This led to a consultation conducted by the Department of Communities and Justice in late 2019, which revealed “overwhelming public support” for the introduction of a mandatory data breach scheme in NSW, with the NSW Government “sharing a view” that the relevant scheme should be introduced.Read More
Privacy lawyers have been waiting for this day for years (some of us decades). Privacy is on the front page of the Sydney Morning Herald and the Age, despite there being no actual data breach. According to the article, Alinta Energy, one of the Australia’s biggest energy companies, is putting the privacy of its over 1.1 million retail gas and electricity customers at risk through poor privacy protections and a lack of proper oversight.
While this is an interesting piece of investigative journalism, what is really interesting is that privacy is now newsworthy even in the absence of a data breach. It has been a long time coming but it seems society now rates privacy as front page news. As our lawyers have already been pointing out in giving presentations this year – privacy has finally hit the big time!
By Cameron Abbott and Karla Hodgson
The Office of the Australian Information Commissioner has released its Q2 statistics on notifications received under the Notifiable Data Breach (NDB) scheme. The 245 breach notifications in Q2 are on par with each other quarter since the scheme was introduced in July 2018 and while the majority of NDBs (62%) are attributed to malicious or criminal attacks, we noted with interest that a staggering 34% are due to human error – that is, mostly avoidable errors made by staff. A consistent theme of our blogs is reinforcing the message that employees are the front line of defence for organisations.
There are 3 key statistics we took away from these human error NDBs.Read More
By Cameron Abbott and Rebecca Murray
After much delay, a spokesperson for Attorney-General, George Brandis has said the government is committed to introducing the Mandatory Data Breach Notification laws this year. We will be sure to look out for it during the next term of Parliament. You can find more information on the proposed scheme and its regulatory impact on the Attorney General’s Department consultation for Serious Data Breach Notification webpage.
Westfield has sidelined the SMS feature of its ticketless parking system this week due to concerns it breached Australian privacy laws.
Westfield’s newfangled ticketless parking system attempted to make parking quicker and easier for shoppers by scanning car number plates on entry and exit of their carparks, and sending an SMS notification to registered parkers recording their entry time and an alert message when their free parking time was nearly up. To register for the service, users were merely required to provide a name, license plate number and phone number (with no verification).
Privacy experts raised the alarm that any person could register false details and track another person’s physical location via the SMS notifications. This was a particular worry for those in domestic violence situations and could also potentially enable stalking or thieves to determine when homeowners had left their houses. The feature’s Terms and Conditions failed to address any of these issues.
The SMS service is currently suspended as internal investigations are conducted, though the rest of the ticketless parking system and app continue to operate.
Learn more about the ticketless parking system here.
Read the ITNews report on the issue here.