Tag: OAIC

1
Privacy Pandemic: Australians Losing Trust in Institutions’ Use of Their Data
2
A Home Affair: Department of Home Affairs ordered to compensate Asylum Seekers following inadvertent disclosure
3
Cyber Criminals “King of the (Data Breach) Jungle”: 61% of all Data Breaches caused by Malicious or Criminal Attacks, according to OAIC Report
4
OAIC and UK ICO announce joint investigation into Clearview AI
5
Privacy in the time of COVID-19
6
This is your digital life (of no consent or control): The Australian Information Commissioner takes Facebook to Court
7
You’ve got mail…and lots of it according to the latest OAIC report!
8
Human error accounts for 34% of Notifiable Data Breaches – 3 key take outs from the latest OAIC report
9
The OAIC engages in more in-depth investigations and stronger exercise of its power
10
Privacy Awareness Week (Health Information): Health sector and the notifiable data breach scheme – 12 months on

Privacy Pandemic: Australians Losing Trust in Institutions’ Use of Their Data

By Cameron Abbott, Rob Pulham, Max Evans and James Gray

In the age of QR code check-ins and vaccination certificates, as Australia edges towards a post-pandemic (or mid-pandemic, it increasingly seems) “normal”, new research from the Australian National University (ANU) has revealed that Australians have become less trusting of institutions with regards to data privacy.

The ANU researchers said that the decrease in public trust between May 2020 and August 2021 was small but “statistically significant”. A key reason for this decrease, according to the researchers, was concern around “how their private data from check-in apps might be used by major institutions” as lockdowns and the use of apps for contact tracing intensified.

The institutions which experienced the greatest loss of trust were social media companies (10.1% decline), telecommunications companies, and federal, state and territory governments. This echoes sentiment from the OAIC following its recent ‘community attitudes to privacy’ survey that Australians trust social media companies the least when it comes to handling personal information, followed by the government.

While it remains to be seen whether this loss of trust becomes a permanent trend, one way to make Australians more comfortable with an organisation’s data practices – as reinforced by the OAIC – is to ensure the purpose of the collection and use of personal information is clearly understood. The OAIC has found that Australians are increasingly questioning data practices where the purpose for collecting personal information is unclear.

With increased penalties for privacy non-compliance looming, there’s never been a better time to revisit your privacy policies and collection statements to make sure that these are clear, so your organisation can stand out against this trend and build consumer trust.

A Home Affair: Department of Home Affairs ordered to compensate Asylum Seekers following inadvertent disclosure

By Cameron Abbott, Warwick Andersen, Michelle Aggromito and Max Evans

As a result of a recent class action, the Department of Home Affairs has been ordered by the Australian Information Commissioner, Angelene Falk, to pay compensation to asylum seekers after the Department was found to have interfered with the privacy of 9,251 detainees.

According to a media release from the Office of the Australian Information Commissioner (OAIC) , the relevant breach stemmed from February 2014, where the Department published on its website a “Detention Report”, which had embedded within it a Microsoft Excel spreadsheet containing the personal information (including full names, date of birth and period of immigration detention) of 9,258 individuals who were in immigration detention at that time.

Read More

Cyber Criminals “King of the (Data Breach) Jungle”: 61% of all Data Breaches caused by Malicious or Criminal Attacks, according to OAIC Report

By Cameron Abbott, Keely O’Dowd and Max Evans

The Office of the Australian Information Commissioner (OAIC) has released its report on notifications received under the Notifiable Data Breaches scheme for period January to June 2020.

The OAIC reported 518 breaches were notified to it in the relevant period. The OAIC noted a 3% decrease from the 532 breaches notified in the period July 2019 to December 2019. However, there was a 16% increase on the 447 notifications received during January to June 2019.

Read More

OAIC and UK ICO announce joint investigation into Clearview AI

By Cameron Abbott, Warwick Andersen, Rob Pulham and Keely O’Dowd

On 9 July 2020, the Office of the Australian Information Commissioner (OAIC) and the UK Information Commissioner’s Office (ICO) announced they have opened a joint investigation into the personal information handling practices of Clearview AI Inc.

The OAIC has stated the investigation will focus on ClearView AI’s use of “scraped” data and biometrics of individuals.

Read More

Privacy in the time of COVID-19

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

Nothing can stop us from talking about privacy, including a pandemic! Yesterday, the Office of the Australian Information Commissioner (OAIC) issued guidance on the collection, use and disclosure of personal information during the COVID-19 pandemic (Guidance). 

It mainly serves as a reminder to organisations that even in these pressing times, they must comply with the Australian privacy regime. However, it also highlights what organisations can collect and do with personal information for the purposes of preventing and managing the spread of COVID-19.

Read More

This is your digital life (of no consent or control): The Australian Information Commissioner takes Facebook to Court

By Cameron Abbott, Rob Pulham and Rebecca Gill

In a first for Australia, the Australian Information Commissioner (Commissioner) has launched proceedings in the Federal Court of Australia, seeking penalties against Facebook for serious and/or repeated interferences with privacy. The contraventions relate to the conduct disclosed by the Cambridge Analytica scandal, which involved the This is Your Digital Life app (App). We’ve previously blogged about the App here.

It is unclear how the penalties will be calculated in this proceeding. The penalty rate applicable to the relevant period (being from March 2014 to May 2015) is a maximum of $1.7 million. Some have suggested that fines may be in the billions if the maximum rate is applied to each individual affected as a single “contravention” (with possibly over 300,000 contraventions in total!). This may be fun to calculate, but highly unlikely to be applied in reality.

Read More

You’ve got mail…and lots of it according to the latest OAIC report!

By Cameron Abbott and Michelle Aggromito

With email being one of the most common forms of communication, it’s not surprising that inboxes these days accumulate thousands of emails that, perhaps, aren’t always electronically filed or deleted (not ours of course).

As the Office of the Australian Information Commissioner (OAIC) has indicated in its most recent report on notifications received under the Notifiable Data Breach (NBD) scheme, email accounts are frequently being used for storage, and this raises inherent risk. Yes it’s convenient, but using email to send personal information, such as copies of passports, bank account details and credit card information, can very quickly lose its appeal. If the email account is accessed by a malicious actor through a phishing attack or a rogue employee, the end result can be exploitation of that information for criminal gain.

Read More

Human error accounts for 34% of Notifiable Data Breaches – 3 key take outs from the latest OAIC report

By Cameron Abbott and Karla Hodgson

The Office of the Australian Information Commissioner has released its Q2 statistics on notifications received under the Notifiable Data Breach (NDB) scheme. The 245 breach notifications in Q2 are on par with each other quarter since the scheme was introduced in July 2018 and while the majority of NDBs (62%) are attributed to malicious or criminal attacks, we noted with interest that a staggering 34% are due to human error – that is, mostly avoidable errors made by staff. A consistent theme of our blogs is reinforcing the message that employees are the front line of defence for organisations.

There are 3 key statistics we took away from these human error NDBs.

Read More

The OAIC engages in more in-depth investigations and stronger exercise of its power

By Cameron Abbott, Rob Pulham and Jacqueline Patishman

Following two key data incidents concerning how the Commonwealth Bank of Australia (CBA) handled data, the OAIC has successfully taken court action binding the banking heavyweight to “substantially improve its privacy practices”.

As a quick summary of the incidents, the first incident involved the loss of magnetic storage tapes (which are used to print account statements). These contained historical customer data including customer statements of up to 20 million bank customers. In 2016, the CBA was unable to confirm that the two magnetic tapes were securely disposed of after the scheduled destruction by a supplier.

Read More

Privacy Awareness Week (Health Information): Health sector and the notifiable data breach scheme – 12 months on

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

It’s been a little over a year since the notifiable data breach scheme was introduced in Australia. The Office of the Australian Information Commissioner (OAIC) issued its Notifiable Data Breaches Scheme 12-month Insights Report on 13 May 2019, detailing its insights to come out of the scheme’s operation over the past 12 months. As regular readers would no doubt be aware, the health sector was one of the top industry sectors to report breaches in the first 12 months of the scheme’s operation.

Read More

Copyright © 2022, K&L Gates LLP. All Rights Reserved.