Data – Page 3 – Cyber Law Watch

Ratings agency starting to factor in Cyber risk profile

Mar 08 2019

By Cameron Abbott and Wendy Mansell

A recent report released by Moody’s Investors Services has shed some light on which business sectors are most at risk for cyberattacks.

After assessing 35 broad sectors it was concluded that banks, hospitals, security firms and market infrastructure providers face the highest risk. This was based on levels of vulnerability and the potential impact an attack would have.

The key determinative factor for these sectors is that they all rely strongly on technology and the vital role of confidential information in their operations.

The financial repercussions following a cyberattack in each of these sectors is extremely significant when considering the costs of insurance, penalties, consumer impact, potential litigation costs, R&D and technological impact to name a few.

The financial market is so high risk because of the financial and commercial data it holds and ever increasing fact that its services are being offered digitally, across multiple platforms i.e banking mobile/smart watch apps.

On a similar note because medical records are primarily collected and held in electronic form hospitals are very attractive to hackers given the sensitive nature of the data.

While the industries should not be a shock to the reader, it is important for participants in those industries and for suppliers to those participants to realise the risk profile that attaches to them and have procedures in place reflective of those risk levels. How one manages these risks in now likely to have indirect cost implications when you see ratings agencies like Moody’s assessing these sorts of areas.

Biggest data leak in German history

Jan 10 2019

By Rob Pulham, Warwick Anderson and Wendy Mansell

A 20 year old German man orchestrated a serious and sophisticated data breach which affected more than 1000 people.

The attack was focused on German and European politicians at all levels including German Chancellor Angela Merkel, President Frank Walter Steinmeier and hundreds of public figures and celebrities.

The 20 year old hacker took to Twitter to drip feed the information depicted as an advent calendar by releasing new data each day in December. Information exposed included contact details, credit card and financial information, chat records, photographs and other personal information.

Reuters’ reported that the hacker is a student who lives at home with his parents, has no formal computer education and was motivated by irritation over statements made by politicians and public figures.

The widespread nature of this attack has resulted in a number of government officials calling for tighter laws.

It is clear that no-one is safe from a data breach – even those elected representatives who enact the laws designed to protect against them.

I Spy With My Little Phone – New Laws giving access to your phone data

Aug 15 2018

By Cameron Abbott and Colette Légeret

Yesterday, the Australian Government unveiled the draft Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 which aims to compel telecommunication and multi-national tech companies (Providers) to give law enforcement and security agencies (Agencies) access to personal encrypted data of suspected criminals, including terrorists, child sex offenders and criminal organisations.

My Health Records – To opt-in, or to opt-out? That is the question

Jul 27 2018

By Cameron Abbott and Keely O’Dowd

This year all Australians will have a My Health Record created. A My Health Record will operate as a digital medical file that allows healthcare providers to upload health information about a patient. This information may include prescriptions, medical conditions and test results. A patient’s digital medical file will be stored in a national electronic database operated by Australian Digital Health Agency (ADHA).

Facebook fined £500,000 over Cambridge Analytica scandal

Jul 13 2018

By Cameron Abbott and Sarah Goegan

The UK Information Commissioner’s Office (ICO) has issued a notice of intent to levy a £500,000 fine against Facebook for breaches of the UK’s Data Protection Act 1998. The ICO found that Facebook failed to protect its users’ data and be transparent about how that data was being harvested. This failure, ICO said, did not enable users to understand how and why they may be targeted by a political party or campaign.

The fine comes as part of a larger investigation by ICO into misuse of data in political campaigns, and responds to the highly publicised allegations that Cambridge Analytica used data obtained from Facebook to target voters in the 2016 US presidential election.

Ambulance chasing through data sharing? Health app accused of sharing personal health information with law firm

Jun 25 2018

By Cameron Abbott and Sarah Goegan

The idea of lawyers “ambulance chasing” seems to have taken on a new form. An investigation by the ABC has revealed how technology is being used to share health information with lawyers to generate work.

The ABC has revealed that HealthEngine, Australia’s largest online doctor’s appointment booking service, shared daily lists of prospective clients with law firm Slater and Gordon, based on personal medical information shared by users with the app.

Research reports say risks to smartphone security aren’t phoney

Jun 19 2018

By Rob Pulham, Warwick Andersen and Sarah Goegan

Beware! Your favourite apps may be putting your phone and data at risk. Reports from Allot and BitSight have examined rising threats to the security of our mobile devices.

Report savages US Government agencies’ cybersecurity efforts

Jun 15 2018

By Cameron Abbott and Sarah Goegan

You would think government agencies would have a keen focus on cybersecurity risks, but apparently not! A report by the United States Office of Management and Budget (OMB) has found that nearly three-quarters of Federal agencies reviewed have either “at risk” or “high risk” cybersecurity arrangements. 71 of 96 agencies assessed were either missing, had insufficiently deployed or had significant gaps in their fundamental cybersecurity policies, processes or tools.

Proposed anti-terror laws to give law enforcement access to personal data

Jun 12 2018

By Warwick Andersen, Rob Pulham and Sarah Goegan

Last week, the Australian Government announced that it would propose new anti-terror laws that force telecommunications and multinational tech companies to give law enforcement agencies access to encrypted data of suspected criminals and terrorists.

Cyber Security Minister Angus Taylor said the laws would give police, intelligence and security agencies the ability to bypass encryption on messaging (such as private messages sent on Whatsapp and Facebook), phone calls, photos, location and apps.

Australian Government legislates to protect critical national infrastructure

May 28 2018

By Cameron Abbott, Keely O’Dowd and Sarah Goegan

Protecting Australia’s critical infrastructure from threats is essential to Australia’s national security interests, community safety and the overall quality of life for Australians.

In March 2018, the Australian Parliament passed the Security of Critical Infrastructure Act 2018, which is due to commence on 11 July 2018. The Act imposes new obligations on operators and owners of “critical infrastructure assets” – Australia’s high risk major ports and electricity, water and gas utilities.

Tag:Data