ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

DATA LOSS—AUSTRALIA & NEW ZEALAND

Sony PlayStation Breach May Affect Millions (April 29, 2011)

Nearly one million Australian members of Sony's PlayStation Network may have had personal information compromised--including credit and debit card numbers--in what might be one of the world's largest privacy breaches, reports The Age. Between 17 and 19 April, an "illegal and unauthorised person" accessed information belonging to 77 million users worldwide. "While there is no evidence...that credit card data was taken, we cannot rule it out at this time," said a Sony representative. Sony's notice comes days after the network suspended services. Former Privacy Commissioner Malcolm Crompton, CIPP, called for mandatory breach notification laws, adding, "Anybody who has given their details to PlayStation should be in touch with their bank." Australia's privacy commissioner will begin a formal investigation, while New Zealand's privacy commissioner urges PlayStation users to be vigilant.
Full Story 

 

PRIVACY LAW—NEW ZEALAND

Opinion: Adequacy Status An Accomplishment, Room for Improvements (April 29, 2011)

The European Commission's Article 29 Working Party's endorsement of New Zealand's privacy laws this month gives the country a marketing advantage that businesses can capitalise on, opines Gehan Gunasekara in The New Zealand Herald. Electronic commerce is "largely dependent on consumer confidence that firms will maintain the privacy of client information and protect it against identity thieves and the like," Gunasekara says. He adds, however, that the Working Party did note areas where regulations may still be lacking, indicating that New Zealand may have achieved the party's endorsement with "merit but certainly not with excellence."
Full Story

ONLINE PRIVACY

Web Standards Group Discusses Do Not Track (April 29, 2011)

The Web standards organization, World Wide Web Consortium (W3C), met this week to examine online privacy and the main issues surrounding a universal do-not-track mechanism, reports MediaPost. Discussion topics included definitions for do not track and the mechanism's operational feasibility. Nearly 60 position papers were submitted by Web companies, academics and others prior to the conference. W3C Co-Chair Lorrie Cranor said the group "has not yet formally taken on the task of formalising do not track or any of the other consumer protection technologies in the tracking space but are looking at it and trying to determine if there's a role for them and, if so, what direction to go in."
Full Story

GEO PRIVACY

Jobs: Mistakes Were Made, But Users Not Tracked (April 28, 2011)

Apple CEO Steve Jobs has responded to recent reports that iPhone and iPad devices were tracking users' locations, The New York Times reports. Mistakes were made in how location data was handled, Jobs said, but stressed, "We haven't been tracking anybody. Never have. Never will." Apple has stated that the anonymous data was used to help the phone find its location in regions with weak GPS, and a software update will released to encrypt such data and limit its storage to seven days. Meanwhile, experts are calling for more transparency in how smartphones handle location information; data protection authorities across the globe have opened investigations, and a hearing before a U.S. Senate subcommittee has been scheduled for May 10. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Social Network Plans Internet Erasure (April 28, 2011)

In the midst of ongoing calls for a "right to be forgotten" on the Internet, an early social network has announced it will erase old posts and photos from its site. In a column for technology review, David Zax explores the push for an Internet "written in pencil," where users may remove information. The owners of Friendster, which predated such social networks as MySpace and Facebook, appear to be doing just that, having notified users that they plan to "wipe out the site's trove of digital memories, including ancient dorm-room photos, late-night blog entries and heartfelt friend endorsements," The New York Times reports. (Registration may be required to access this story.)
Full Story

DATA PROTECTION

Opinion: PR Damage Not Enough to Incite Action? (April 28, 2011)

There seem to be few repercussions for companies that lose customers' sensitive data, opines Nick Bilton in The New York Times. Breach reports are on the rise, and customers continue to hand over their information for access to online services. And yet, "the only real hit a company takes when these data breaches happen is to the company's image," Bilton writes. "It seems that with the frequency these events happen, a simple PR hit is not working to force these companies to protect people's privacy." Bilton says the problem will only get worse with the advent of the cloud. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—JAPAN

Employees May Become Liable Under Law (April 27, 2011)

Japanese officials plan to extend liability to individual employees under the Personal Information Protection Act, reports Hunton & Williams' Privacy and Information Security Law Blog. The move is part of an effort to increase penalties for violations under Japan's privacy law framework. Under current law, companies that violate the act can be fined, ordered to take remedial steps and a company head can face imprisonment, according to the report. The legal changes are part of the Japanese government's planned introduction of a national identification system to help survivors of last month's earthquake and tsunami.
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Health Service To Pay $40,000 for Breach (April 25, 2011)

A health service has been ordered to pay $40,000 after a staffer breached a man's privacy, The Sydney Morning Herald reports. An Administrative Decisions Tribunal said the former Northern Sydney Central Coast Area (NSCCA), now split into two health services, must pay a man the maximum penalty allowed for the damage he suffered as a result of the breach. The man was suspended from the NSCCA hospital where he worked after he was admitted as a patient there, disclosing to an admissions nurse he had thoughts of harming himself. The nurse reported the disclosure to human resources, claiming his threats overrode privacy concerns.
Full Story

DATA LOSS—AUSTRALIA

Number of Data Breaches Doubled So Far (April 22, 2011)

The number of data breaches reported in 2011 thus far is double the number of those reported in 2010, ZDNet reports. However, the breaches have not been reported by the media. "This year we've handled between 10 to 15 (credit card) breaches," said Nick Klein of forensic investigators Klein & Co. Major banks and credit card issuers have seen similar increases, Klein said. An investigative response director for Verizon said that in many instances, hackers have "maintained access to a victim's infrastructure for months" and have stolen data slowly. Hacks are often the result of poor security such as "weak passwords and default user access rights," the report states.
Full Story

PRIVACY LAW—AUSTRALIA

Opinion: A Privacy Law Has Never Been Needed More (April 22, 2011)

"The widespread use (and sometimes misuse) by the general public of social media and technology necessitate the existence of a privacy law," opines attorney Norman Lucas in The Australian. Though some say a legal right to privacy would interfere with the public's right to know, he writes, "the potential for invasions of privacy is greater than ever. The need for a privacy law gets more pressing every day." The increasing ability for individuals to publish information in a very public way demonstrates this need, Lucas says.
Full Story

DATA PROTECTION—AUSTRALIA

University Hacked, Private Data Looks Safe (April 22, 2011)

Melbourne's Monash University has confirmed its Web site was hacked last weekend. ZDNet reports that the hack did not compromise "any private university data." The Monash Web site was hacked in 35 domains, but the university's chief information officer said the hack's "effects were limited to the publishing of non-Monash material on the externally-facing Web site," and that it appears "that neither Monash nor the wider Australian Higher Education Community were a specific target." The university has launched its own investigation and reported the breach to authorities including the Australian Computer Emergency Response Team.
Full Story

DATA LOSS—SOUTH KOREA

Hospital: Flash Drive Goes Missing (April 22, 2011)

Queen Mary Hospital has announced that a staff member lost a USB flash drive containing the names and identity card numbers of 19 paediatric patients. An employee noticed the unencrypted memory stick was missing on 18 April. The compromised data was originally stored on a desktop computer and placed on the flash drive before the computer's system was updated. In addition to reporting the incident to the affected patients and the Office of the Privacy Commissioner for Personal Data, the hospital has conducted "an in-depth investigation" and has taken "appropriate disciplinary action" against the staff member, according to a Hospital Authority press release.
Full Story

 

DATA LOSS—SOUTH KOREA

Cybersecurity Plagues Nation (April 22, 2011)

The Korea Times reports on a survey that suggests more than 50 percent of Korean computer users have had personal information leaked online, "as if the country needed further evidence that it does have a cybersecurity defense problem." According to CIO, South Korean authorities are also investigating a "large system failure" at the National Agricultural Cooperative Federation, a popular bank, where "customers were blocked from online and automated teller transactions." South Korea has a recent history of damaging privacy breaches, including a "massive security breach at Hyundai Capital," the online services of Shinsegae Department Store and Auction, South Korea's largest online retailer.
Full Story

SURVEILLANCE—HONG KONG

Legco Cameras Will Not Be Investigated (April 22, 2011)

Some lawmakers are voicing opposition to the recent installation of cameras outside the Legislative Council (Legco) building, but while the cameras did not come with the legally required notification signs, the privacy commissioner's office will not investigate, reports The Standard. Privacy Commissioner Allan Chiang Yam-wang said "the secretariat has told me that the signs will be put up soon. We'll only investigate the matter if they continually breach privacy guidelines..." According to the Legco secretariat, the cameras were installed to monitor protests and protect people in the building, but others say they "impair freedom of expression" and are unnecessary because police bring a video team to protests, the report states.
Full Story

GEO PRIVACY

Mobile Phone Tracking Raises Concerns (April 21, 2011)
Researchers have found that Apple's iPhone and iPad record their locations in hidden files, The New York Times reports. At a technology conference on Wednesday, two computer programmers presented their findings that iPhones and 3G-enabled iPads "began logging users' locations a year ago, when Apple updated its mobile operating system," the report states, and the data is usually unencrypted and can be copied to computers. A privacy advocate says such collection of location information "crosses the privacy line;" EU authorities are assessing the potential impact, and two U.S. legislators have written to Apple seeking answers; however, one technologist suggests, "This is the future. We have to figure out how to deal with it." (Registration may be required to access this story.)

DATA PROTECTION

IT Study Reveals Same Challenges, Accelerated Pace (April 21, 2011)

A survey of 2,400 IT security specialists from around the world shows compliance, governance and information security management at the top of their priorities for the remainder of 2011, reports InfoSecurity. The study, conducted by not-for-profit IT security association ISACA, found that the complexities of the IT landscape are accelerating due to new technologies and regulations as well as an increase in data breaches. Tony Noble, a member of ISACA's guidance and practice committee, notes that this year's survey shows a need to better align "business with IT to unlock greater value," adding that there's a perception on the business side of organizations that "IT is managed in a silo."
Full Story

PRIVACY LAW—NEW ZEALAND

Policeman’s Data Leak Breached Privacy Act (April 19, 2011)

The Office of the Privacy Commissioner has ruled the police department breached two principles of the Privacy Act when it "failed to take reasonable steps to ensure the security of...personal information," reports The New Zealand Herald. An internal police investigation found that a senior police officer used the National Intelligence Application (NIA) to open the file of his wife's ex-husband in an attempt to win a custody battle. Assistant Privacy Commissioner Mike Flahive said the victim "suffered harm" because the officer "used his privileged position within the police to access" the NIA records.
Full Story

HEALTHCARE PRIVACY

Drug Manufacturer Alerts Consumers of Breaches (April 19, 2011)

The Wall Street Journal reports that, as a result of the recent Epsilon data breach, GlaxoSmithKlein has warned consumers in a letter that their e-mail addresses and names "were accessed by an unauthorized third party." The company makes drugs for asthma, HIV, depression and smoking cessation, among others. The breach may have exposed which product sites consumers are registered for, according to the company, which could help fraudsters discern what prescription drugs they take, warns CAUCE, a spam coalition. (Registration may be required to access this story.)
Full Story

DATA RETENTION

Company Extends Retention Term (April 19, 2011)

Yahoo disclosed on Friday that it will extend the length of the term it retains user data to 18 months, The New York Times reports. In a company blog post, Yahoo Chief Trust Officer Anne Toth said, "we will keep our log file data longer than we have been--offering consumers a more robust individualized experience--while we continue our innovation in the areas of transparency and choice to protect privacy." The company's current retention term is 90 days. Privacy advocates expressed disappointment about the change, and, the report states, "Yahoo's new policy may be in conflict with European Union data protection rules." (Registration may be required to access this story.)
Full Story

PRIVACY—AUSTRALIA

Commissioner Pilgrim Discusses Privacy Landscape (April 15, 2011)

Australia's privacy landscape is undergoing a transformation, including a rewrite of the Privacy Act, a transition to e-health records and a strengthening of the privacy office's powers. Timothy Pilgrim was appointed last year to Australia's privacy commissioner post, a five-year term that began last fall. In this Privacy Advisor Q&A, Pilgrim describes his proactive approach to enforcement, the way he views his office's role in Australian society and his predictions for changes to the Privacy Act--expected later this year. "The first step toward an Australian culture that values and respects privacy is to educate individuals about their privacy rights, and organisations and agencies about their privacy responsibilities," Pilgrim said.
Full Story 

DATA PROTECTION—AUSTRALIA

Government Unveils Vision for Data Sharing (April 15, 2011)

The Secretary of the Department of Finance and Deregulation issued a draft "vision" document for the Australian government's use of information and communication technology, iTnews reports. The 32-page document includes a plan for the sharing of citizens' data among government agencies. The plan proposes that citizens consent to the government's sharing of such data "within undefined security and privacy constraints to enable a 'tell-us-once' approach," the report states. The government aims to see citizens using one online entry point with a single logon for access to services from a range of agencies and link their information from one agency to another.
Full Story

 

PRIVACY LAW—AUSTRALIA

Senators Call for Right to Privacy, Civil Actions and “Do Not Track” (April 15, 2011)

A parliamentary report released last week recommends giving Australians a legal right to online privacy, iTWire reports. Senate committee members who collaborated on the report also recommend giving Australians a civil right of action for serious privacy violations and "increasing the scope" of the Office of the Privacy Commissioner. Senator Mary Jo Fisher said, "The report also recommends allowing an individual online user to dictate the amount of personal data that a Web service provider can collect and use to target them with advertisements through a 'Do-Not-Track' model." She added, "Whilst the committee's 'asks' aren't small, they should be considered by a country which embraces technology in leaps and bounds."
Full Story

DATA PROTECTION—AUSTRALIA

Lewis: PCI DSS Compliance Lagging (April 15, 2011)

The director of a payment solutions company says that Australian organisations are struggling to become compliant with Payment Card Industry Data Security Standards (PCI DSS), CIO reports. IP Payments Director Mark Lewis says that CIOs and CFOs are not up to speed. "It's a big challenge because some CIOs need to become familiar with the meaning of PCI, the ongoing costs and the ramifications of acquiring those skills in-house versus bringing in an external provider to run compliance as a managed service," Lewis said. Nonetheless, the banks "are becoming much more diligent in enforcing the standards...therefore, any fines that are the result of a breach will be handed down to these organisations."
Full Story

 

DATA PROTECTION—HONG KONG

Credit Agency Passes Inspection, Needs Improvements (April 15, 2011)

Hong Kong's privacy commissioner of personal data recently conducted an inspection of TransUnion Limited, holder of nearly 4.3 million of Hong Kong's consumer credit records. According to the Hogan Lovells Chronicle of Data Protection, the inspection focused on TransUnion's data processing cycle, and though there were "comprehensive and detailed policies in place," there was "more room for improvement." With more than 20 recommendations, the inspection revealed a number of areas where the credit agency could improve its operations. The Chronicle also noted the report and its recommendations "provide useful guidance for businesses as regards compliance with the data protection requirements" under Section 36 of the Personal Data (Privacy) Ordinance.
Full Story

DATA LOSS—SOUTH KOREA

Hackers Access Data on 420,000, President Reacts (April 15, 2011)

On the heels of the announcement that a breach at car manufacturer Hyundai's consumer finance unit exposed customer data, South Korean President Lee Myung-Bak met with senior aides to stress the importance of strict protection of personal information. "As society becomes more information-oriented, protection of personal information is ever more important," the president said. Hyundai Capital reported the personal information of about 420,000 of its 1.8 million customers was leaked when a hacker accessed its database, Reuters reports. South Korea's Financial Supervisory Service has launched an investigation into the breach, and Hyundai has launched its own investigation. The company says that some customer passwords may have been accessed.
Full Story

PRIVACY

Is Self-Regulation Realistic? (April 13, 2011)

The Wall Street Journal uses the example of catalog mailers to examine whether companies should self-regulate on privacy. Catalog Choice, a Web site that aims to give users choice over the sharing of their personal information, allows users to choose which mailing lists they'd like to opt out of and reports that 95 percent of catalog companies honor users' requests. But some catalog companies say they don't work with any third parties and aren't required to belong to such organizations, the report states. Chris Hoofnagle of the University of California Berkeley, who advises the company on legal matters, explains "the organization is legally an 'agent' for people requesting opt-outs." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—NEW ZEALAND & EU

Working Party Recommends “Adequacy” for NZ (April 12, 2011)

The Article 29 Working Party has issued its opinion on New Zealand's data protection and privacy law, writing that "although some concerns still exist," New Zealand ensures "an adequate level of protection within the meaning of Article 25(6) of Directive 95/46/E...with regard to the processing of personal data and the free movement of such data." In the opinion, the Working Party notes that it is also encouraging authorities there "to take the necessary steps to address weaknesses in the current legal framework," including strengthening the law governing direct marketing. The opinion also calls for maintaining oversight of data transfers to countries that "are not themselves subject to an adequacy finding."
Full Story

DATA PROTECTION—TAIWAN

Gov’t Establishes Consumer Protection Differentiators (April 11, 2011)
Taiwan's government has established a system to protect online consumers, Focus Taiwan News reports. The Ministry of Economic Affairs will issue data privacy protection marks to companies in an effort to ensure consumer trust in online commerce amongst increasing risk of scams such as phishing, in which hackers attempt to gain users' personal information by pretending to be legitimate Web site operators. The government will fund the system's implementation during its trial period, and the Department of Commerce (DOC) will hold information sessions in cities around Taiwan. The new system is part of the DOC's ongoing attempt to ensure online safety; it recently issued identification marks to guard against scams.

ONLINE PRIVACY

What Happens to Your Digital Life After Death? (April 11, 2011)

All Things Digital explores the question "Who will be reading your e-mail after you die?" in a feature on a new startup aimed at letting users decide. Michael Aiello, founder of LifeEnsured, explains, "We want people to think about what their virtual life is and what it means to them and their families and how they want to be perceived after they pass away." Besides deleting social network accounts or entries on online dating sites, options include moving photos stored in online servers into the public domain and sending final e-mails. And whatever end-of-life options LifeEnsured users may choose, Aiello says, "We put all the requests for our paying members in irrevocable trust."
Full Story

PRIVACY LAW—AUSTRALIA

Senate: Analysis Needed Before Data Retention Plan (April 7, 2011)

An Australian Senate committee has completed its investigation into the adequacy of online privacy protections and is recommending that before adopting any plan to require ISPs to retain data on users, a cost-benefit analysis showing why law enforcement needs such information be completed. The committee is also calling for expanded powers for the Office of the Privacy Commissioner, ZDNet reports. The committee's findings include that the data retention proposal "has very serious privacy implications" and that it is likely that "it is unnecessary, will not provide sufficient benefit to law enforcement agencies and is disproportionate to the end sought to be achieved."
Full Story

ONLINE PRIVACY—AUSTRALIA

Privacy Minister: New Regime for Cloud Computing (April 7, 2011)

A government minister has indicated that new principles will be put in place to better protect citizens' data in the cloud computing environment, News.com.au reports. Privacy Minister Brendan O'Connor said the jurisdiction issues that come with cloud computing are troublesome and that "businesses need to think carefully about who and where they are sending personal information and about what privacy protections, if any, the recipients of the information have." He added that, "Under the new regime, before an entity can disclose personal information outside Australia, it will be required to take such steps...to ensure that the overseas recipient does not breach the Australian Privacy Principles."
Full Story

PRIVACY LAW—NEW ZEALAND

Legislation Would Protect Juror Privacy (April 7, 2011)

New legislation aimed at helping to protect jurors' privacy has been introduced in the New Zealand Parliament. The National Business Review reports on the Juries Amendment Bill, which includes a provision to remove potential jurors' addresses from jury panel lists in the wake of an incident where a convicted murderer wrote to one of the jurors whose names he saw on such a list. Justice Minister Simon Power said changes have been made to protect juror privacy, but the incident highlights the need for further restrictions, including prohibiting defense counsel from showing juror addresses to defendants.
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Opinion: Patient Information Sharing “Orwellian” (April 7, 2011)

In a feature for The Medical Journal of Australia, authors David Handelsman, Leo Turner and Ann Conway discuss recent decisions that impact patient privacy. "In one, a state government directs that private medical records be lodged in an Orwellian sounding 'Central Register' without regard for the individual's knowledge and risking privacy breaches by seeking consent for disclosure to third parties," they write. The second allows patients' healthcare data disclosure "against their wishes" even without an urgent need to protect patient health. "Both these legislative assaults on privacy reflect the fashionable belief in genetic determinism prevailing over any ethical, moral and legal constraints of everyday life," they write.
Full Story

 

PERSONAL PRIVACY—NEW ZEALAND

Charity Mailing Goes Awry (April 7, 2011)

A Heart Foundation marketing flyer, sent to two young girls, has prompted Privacy Commissioner Marie Shroff to tell organisations to be upfront when donating could mean that collected information will be used to send marketing materials, reports Stuff.co.nz. The organisation sent a flyer stating, "heart disease is the single biggest killer of Dads in their 40s" to its previous donors, upsetting the two- and six-year-old girls. The girls' father said, "if an organisation is going to switch from its normal approach to a more aggressive style of marketing, it needs to think about who is on its database." A Heart Foundation spokesman has encouraged parents to think about the names they want on charities' marketing lists when donating.
Full Story

ONLINE PRIVACY—AUSTRALIA

Survey Highlights Mobile Phone Concerns (April 7, 2011)

While a recent study by antivirus company Norton found that most Australians fear losing their mobile phones, "only 41 percent have passwords protecting sensitive information on their mobiles," the Herald Sun reports. The survey found that of those who have been victims of the loss or theft of their phones, nearly half listed privacy implications among their primary concerns. The survey also indicated that many Australians are cautious about making purchases or conducting online banking through their phones or allowing their mobile devices' applications to connect with wireless networks and identify their locations.
Full Story 

DATA LOSS—AUSTRALIA & U.S.

Dell Australia Customers Affected by Epsilon Breach (April 7, 2011)

Dell Australia is warning its customers that customer data was exposed in what is being called one of "the biggest breaches in U.S. history." Epsilon, the world's largest provider of permission-based e-mail marketing was hacked, and Dell Australia customers' names and e-mail addresses were exposed, ABC News reports. Credit card, banking and other personal information are not at risk, however, Dell Australia said. The company has informed Privacy Commissioner Timothy Pilgrim of the breach, who has launched an investigation. "I have also been advised that Epsilon has commenced an investigation into this matter and is keeping Dell Australia informed," Pilgrim said.
Full Story

ONLINE PRIVACY

Smartphone Apps Raise Concerns (April 7, 2011)

Following up on a report of a U.S. investigation into potential privacy violations by makers of mobile phone applications, ZDNet Australia asks the questions, "How many app makers share user data without the user's knowledge? Does this make smartphones useless for privacy-conscious users?" The report suggests that all app makers could be vulnerable to such charges. The U.S. investigation could result in criminal charges and is significant to note, according to legal experts, because "federal criminal probes of companies for online privacy violations are rare."
Full Story

 

ONLINE PRIVACY

Reputation Managers Striving for Internet Amnesia (April 6, 2011)

A report in The New York Times on efforts to make the Internet forget likens the proliferation of personal information online to "a metastasized cancer" that has "embedded itself into the nether reaches of cyberspace, etched into archives, algorithms and a web of hyperlinks." More often, people from all walks of life are turning to online reputation managers that focus on improving their clients' Internet images through such techniques as removing negative posts and burying unfavorable search results. "The Internet has become the go-to resource to destroy someone's life online," the head of one reputation management company put it, adding the result is that life offline is turned upside-down as well. (Registration may be required to access this story.)
Full Story

PRIVACY LAW

Condé Nast Targeted in Phishing Scam (April 5, 2011)

The ABA Journal reports that magazine publisher Condé Nast was recently duped in a spear-phishing scheme and is suing to recover the funds that the scammers attempted to steal. The publisher received a fraudulent e-mail that appeared to come from its regular printing house asking for payment to be sent to a new address. Relying on this e-mail, the company sent its $8 million payment to the new address. The publisher was alerted to the scam by its printing house and froze the funds, which were still in the recipients' account. This news comes amid high-level concerns that customers affected by the recent data breach at e-mail marketer Epsilon will fall victim to similar spear-phishing campaigns.
Full Story

ONLINE PRIVACY

“G-8 du Web” Planned (April 1, 2011)

Data privacy concerns continue to demand the attention of world leaders. More details have emerged about plans to include Internet privacy on the agenda of the Group of 8 summit in France this year. The New York Times reports that French President Nicolas Sarkozy has enlisted a longtime advertising industry executive to help "organize a gathering of policy makers and Internet company executives" for a "first-of-its-kind meeting, dubbed 'G-8 du Web,'" to coincide with the G-8 summit, which takes place in Deauville, France, in May. (Registration may be required to access this story.)
Full Story

PERSONAL PRIVACY

Samsung: Keylogging Accusations False (April 1, 2011)

Samsung has refuted claims that some of its laptops came loaded with a keylogger. The statement follows an internal investigation launched by Samsung after a report claiming that the spyware was installed on two of its models. The report was based on a security consultant's findings after he had performed a series of virus scans, Digital Trends reports. The keylogging software is publicly available. It records computer users' keystrokes and can send information to a third party without the users' knowledge, the report states. An additional, independent investigation confirmed that the keylogging finding was false.
Full Story

PRIVACY—AUSTRALIA

Crompton Calls for Privacy Industry (April 1, 2011)

The online environment needs to become "safe to play" from citizens' perspective, says former Privacy Commissioner Malcom Crompton. Addressing a conference in Sydney this week, Crompton called for the establishment of a formal privacy industry to respond to identity theft risks online, IT News reports. Organisations' emphasis on identity information has created an unsafe environment for citizens and a treasure trove for criminals. "We are in an identity management arms race that we are going to lose," Crompton said. "Why don't we take out the value proposition for crooks by relying on identity less?" He also encouraged companies to conduct privacy impact assessments and incorporate proactive, embedded approaches to privacy.
Full Story

TRAVELLERS’ PRIVACY—AUSTRALIA

Body Scanners To Be Deployed (April 1, 2011)

Full-body scanners will be introduced at Australian airports this year but are said to be less privacy-invasive than the scanners deployed at U.S. airports with increasing frequency last year, The Sydney Morning Herald reports. These scanners will not reveal detailed body images but instead will use a generic figure and indicators to point to explosives or weapons if they are detected. If no threat is detected, the word "OK" will appear on the screen and an image will not be displayed. A spokesman for the transport minister said the office is "working through a variety of technologies" and "trying to address concerns about privacy and health."
Full Story

DATA LOSS—AUSTRALIA

Prime Minister Hacked, Among Others (April 1, 2011)

Wired reports that computers belonging to the Australian prime minister and at least nine other federal ministers were recently hacked. The hackers were able to access several thousand e-mails before Australian authorities received tips about the hacking from U.S. intelligence officials, the report states. Though the information was nonsensitive, Information Technology Dean of Research Jill Slay said the nation must prepare for a greater battle with cybercriminals. "Think of what they have done to Google, the White House and governments in Southeast Asia. A determined hacker, if they are determined to get in, they will get in there," she said. Another expert said cybercrime against Australian companies and government is "no longer a matter of if but of when."
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

E-Health Pilot Sites Announced (April 1, 2011)

Health Minister Nicola Roxon announced Wednesday nine new sites where the government will ask patients to sign up for its e-health records program. Of 90 applicants for the second wave of sites--which includes grant funding of $55 million--Brisbane has been pinpointed as the premier testing site, reports Courier Mail. The goal for the first 12 sites is to have 500,000 patients signed up for the personally controlled electronic health record system prior to its launch next year, when more initiatives will be rolled out. Meanwhile, privacy concerns remain, as a draft concept of the program and its governance has not been released and no privacy experts were consulted. The government has stressed that the "proposed measures are safeguarded."
Full Story

PRIVACY LAW—AUSTRALIA

Data Retention Plan Will Be Targeted (April 1, 2011)

In the wake of privacy concerns being raised about plans to accede to the European Convention on Cybercrime, the attorney-general has announced that ISPs would only be required to retain data for targeted individuals being investigated for serious crimes. ZDNet reports on a statement by Catherine Smith of the Attorney-General's Department to a joint standing committee on treaties that contradicts concerns raised last year that the convention would require ISPs to store details on all users. "It is a targeted preservation of a person's data," Smith said, noting the retention of all communications on ISP networks "is a very different issue...And we're not talking about that at this stage."
Full Story

BEHAVIOURAL TARGETING—AUSTRALIA

Trend Towards Do-Not-Track is Afoot (April 1, 2011)

An article in The Australian outlines the methods of online behavioural advertising, acknowledging that many find the more relevant advertising appealing. Others, however, believe Internet users should have the right to opt out of targeted ads resulting in calls for the creation of do-not-track mechanisms across the globe and the development of Web browsers that allow users to opt out of the practice. Last week in Australia, 10 major Web sites--including Google, News Limited, Fairfax, Yahoo!, Sensis, Realestate.com.au, Ninemsn, Ten, Microsoft Australia and Adconion--signed a code of conduct that they will offer users a way to opt out of targeted ads. Opinons vary on whether an industry-wide do-not-track mechanism is likely in the near future.
Full Story

PRIVACY—QUEENSLAND

iPhone App Broadcasts Police Radio (April 1, 2011)

Queensland Police are concerned about a new iPhone application that allows users to tap into police radio frequencies, the Courier Mail reports. The TuneIn Radio app is capable of tapping into frequencies on which police name victims of domestic violence, sexual assaults and other crimes, in several large regional centres, the report states. The new technology makes it easier for people to use the information transmitted over the frequencies for the wrong purposes, said Queensland Privacy Commissioner Linda Matthews, adding that she cannot order Apple to remove the application because privacy laws do not apply to the private sector.
Full Story

PRIVACY—NEW ZEALAND

Opinion: Are We Clicking Away Our Privacy? (April 1, 2011)

In an opinion piece for Computerworld, Stephen Bell examines whether privacy is being eroded each time a user allows his or her personal information to be accessed in exchange for a free online service and whether laws are needed to discourage that. Though the phrase "privacy is dead" is often heard, "the loudest voices in support are the very marketers and pollsters who stand to gain from that attitude," Bell opines. Privacy Commissioner Marie Shroff has suggested privacy champions are "becoming a majority" after recent highly publicised data breaches, Bell says, but "what if she is wrong?"
Full Story

PRIVACY LAW—HONG KONG

Commissioner Announces Credit Code Changes (April 1, 2011)

Hong Kong's privacy commissioner has announced three amendments to the code protecting consumer credit data. The first set of amendments will take effect 1 April and relate to expanded mortgage data sharing among credit providers to facilitate comprehensive credit assessments. Privacy Commissioner for Personal Data Allan Chiang will release a fact sheet on the amendments to help the general public understand the changes. The second set of amendments require credit providers to update credit reference agency databases no later than 14 days after a request for a change is made and prevent data on gender from being collected, effective 1 July. The third set of amendments apply to bankruptcy-related data retention.
Full Story

PRIVACY LAW—SINGAPORE

DMA Optimistic About Impending Regulations (April 1, 2011)

Any data protection regulations should be a combination of government legislation and industry self-regulation, says the chairman of the Direct Marketing Association of Singapore (DMAS). Last month, Singapore's minister for information, communication and the arts announced that the government will provide a "baseline standard for data protection in 2012" and propose new data protection laws, ZDNet reports. DMAS Chairman Lisa Watson said, "Most companies do care about data protection and want to do 'honest business,' but it never occurred to them that how they do it may not be right or that they should question where the data came from, how it was collected or whether there was consent."
Full Story

 

PRIVACY LAW

Settlement Proposed Over Buzz Concerns (April 1, 2011)

The Sydney Morning Herald reports on a proposed settlement between the U.S. Federal Trade Commission (FTC) and Internet company Google over concerns raised by last year's debut of Google's Buzz social network. The FTC's announcement has come on the heels of last week's decision by France's data protection authority, the CNIL, to impose a $142,000 fine on the company for the gathering of data over unencrypted wireless networks by its Street View vehicles, the report states. Privacy experts, industry advocates and Federal Trade Commission (FTC) officials are offering different insights on the potential implications of Wednesday's settlement announcement in the U.S.
Full Story 

DATA PROTECTION—AUSTRALIA

CLA Says Gov’t Merger Threatens Privacy (April 1, 2011)

Civil Liberties Australia (CLA) is criticizing the merger of two government agencies, saying it is going forward “without proper examination of the privacy ramifications.” The merging of Centrelink and Medicare into one entity--the Department of Human Services--“is highly threatening to both the quality of the services provided to citizens and their privacy,” CLA states, adding that the move has been planned absent public consultation and that the required Privacy Impact Assessment “appears to have been conducted in secret” and “no report was published,” among other criticisms.
Full Story