June 5, 2017 3:35 PM | Posted by Helen Lauder, Veronica Scott | Permalink
The Office of the Australian Information Commissioner (OAIC) last week released four resources on the mandatory data breach notification scheme (DBN scheme)  for consultation. read more
October 21, 2016 8:48 AM | Posted by Veronica Scott, Susan Walsh, Nicole Franklin | Permalink
Australia finally looks set to have a new national mandatory notification laws for data breaches. read more
May 19, 2016 5:17 PM | Posted by Julia Marchesi and Paul Kallenbach | Permalink
On 19 June 2016, the Google subsidiary Nest will permanently shut down the Revolv smart home hub, following its acquisition of the device's maker in 2014. From that date, the Revolv app will not open, the hub will not work, and the service will cease functioning altogether. read more
April 21, 2016 9:06 AM | Posted by James Patto | Permalink
The hack of toy manufacturer VTech's computer systems, which was disclosed by the company late last year, has highlighted various privacy concerns with, and vulnerabilities of, the Internet of Things (IoT) phenomenon. read more
March 8, 2016 10:26 AM | Posted by James Patto, Paul Kallenbach, Veronica Scott | Permalink
Welcome to the second instalment of the 'When IT hurts, it hurts' series on cyber attack loss. Coinciding with the release of MinterEllison's cyber survey report, Perspectives on Cyber Risk (the Report), this series focuses on key areas of loss that an organisation may suffer as a result of a cyber attack, and key strategies to mitigate that loss. read more
February 23, 2016 3:36 PM | Posted by James Patto & Paul Kallenbach | Permalink
As a chief information officer or chief security officer, it's probably not going to be good news when your phone lights up at 2am on a cool winter's night. read more
February 3, 2016 7:01 PM | Posted by Paul Kallenbach | Permalink

We are pleased to announce the publication of our inaugural cyber security survey report - Perspectives on Cyber Risk.

Our survey results reflect that cyber attacks are occurring on a regular basis, across all organisations types, and in almost every industry; that cyber security is front of mind for many Australian organisations; and that for many (though not all) organisations, cyber resilience is considered a whole-of-enterprise challenge.

Our survey also found that many organisations perceive they have a satisfactory understanding of, and a satisfactory capability to prevent and deal with, cyber attacks. Unfortunately, this perception is not always reflected in the practical measures that organisations are adopting to mitigate cyber risk and increase their cyber resilience. 

You can download the report here.

read more
December 15, 2015 12:44 PM | Posted by James Patto & Paul Kallenbach | Permalink
August 11, 2015 9:00 AM | Posted by James Patto & Paul Kallenbach | Permalink
Following a Federal Circuit Court decision in 2014, the United States Supreme Court has refused to hear Google's appeal against Oracle regarding whether application programming interfaces (APIs) for the computer language Java are capable of attracting copyright protection. By refusing to hear this appeal, the highest court in the US has effectively declared that copyright may subsist in APIs, overruling Judge William Alsup's first instance decision. read more
April 2, 2015 10:46 AM | Posted by Lucy McGovern & Paul Kallenbach | Permalink
Data retention laws have passed through the Senate and House of Representatives with bi-partisan support. In essence, the laws require Australian telcos and ISPs to retain metadata for 2 years, unless they obtain an exemption. This article considers the reforms and their implications. read more
October 17, 2014 2:41 PM | Posted by Geraldine Johns-Putra | Permalink
It has not been a widely publicised event, but as of earlier this year, cloud service providers have had their own global industry standard for data security.  In July 2014, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) formally adopted ISO/IEC 27018, the first international standard governing the processing of personal data by cloud service providers. read more
August 15, 2014 3:27 PM | Posted by Loren Blumgart & Anthony Borgese | Permalink
The Office of the Australian Information Commissioner has released a revised version of its "Guide to Information Security: 'Reasonable steps' to protect personal information" (the Revised Guide).  The Revised Guide aims to provide more clarity in assisting organisations and government agencies in meeting their information security obligations under the Privacy Act 1988 (Cth).  In this article we look at the key elements of the Revised Guide. read more
August 12, 2014 9:38 AM | Posted by Harry Aitken & Paul Kallenbach | Permalink
The Commonwealth Department of Finance (Finance) has released a Discussion Paper on Cloud Procurement (Paper) which proposes the introduction of a whole-of-government procurement panel (Panel).  Finance's aim is to provide 'simple access to cloud procurement' and to 'support a flexible, agile and competitive marketplace for cloud services'. read more
August 7, 2014 2:32 PM | Posted by Loren Blumgart | Permalink
On 26 June 2014, the European Commission (EC) released the 'Cloud Service Level Agreement Standardisation Guidelines' (the Guidelines) to assist EU businesses in using cloud services. The Guidelines were developed as part of the EC's Cloud Strategy, which aims to increase trust in cloud services, by improving the clarity in understanding the technical and legal aspects of services described in cloud service contracts (known as service level agreements (SLAs)). Contributors to the development of the Guidelines include Google, IBM, Microsoft and SAP, which marks the first time that large cloud service providers have agreed on common guidelines for SLAs. read more
July 15, 2014 5:32 PM | Posted by Joseph Cram | Permalink
Today the Australian Privacy Commissioner released another own-motion investigation report, this time in relation to the storage of medical records by Pound Road Medical Centre (PRMC).

This is the fourth own-motion investigation published this year, and is in addition to the Commissioner's determination in the case of ‘BO’ and AeroCare Pty Ltd [2014] AICmr 32. This represents a marked increase from the Commissioner's enforcement activity last year, in which the Commissioner only published one own-motion investigation report and made no privacy determinations.

In this post, we look at how the Commissioner has dealt with non-compliance in each of these four cases, and the sorts of cases it seems the Commissioner is more likely to investigate. read more
May 13, 2014 4:57 PM | Posted by Margaret Gigliotti and Paul Kallenbach | Permalink
Following an own motion investigation into a data breach suffered by Multicard Pty Ltd (Multicard), the Privacy Commissioner found that Multicard failed to take reasonable steps to ensure the security of personal information, and requested that Multicard commission an external privacy and security auditor to certify Multicard's implementation of agreed improvements to its privacy practices and information security systems. read more
May 2, 2014 10:41 AM | Posted by Tarryn Ryan and Paul Kallenbach | Permalink

New email app, Acompli, launched recently with much hype around its functionality for those who want to do more with their emails on their mobile device than simply checking new messages and quickly firing off the occasional reply.

Significantly, however, Acompli's servers are located in the US. By allowing Acompli to access your work email and replicate your email and attachments on its servers, you may be 'disclosing' personal information to an overseas recipient and putting your employer at risk of breaching the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth).

read more
August 21, 2012 5:46 PM | Posted by Lucy McGovern and John Fairbairn | Permalink
On 20 August 2012, the Australian Law Reform Commission (ALRC) released its IssuesPaper for the inquiry into Copyright and the Digital Economy. The Paper sets out 55 questions reflecting the issues that will be the focus of the Inquiry as well as proposed guiding principles for reform. read more
February 2, 2011 4:00 PM | Posted by Tim Hewitt | Permalink
The Department of Defence has announced that it is preparing proposals to amend Australia's export control laws to require licensing for intangible transfers of controlled technology. While these amendments are in recognition of a gap in Australia's export control regime caused by sophisticated transfers of controlled technology via intangible means, they may cause compliance woes for many organisations, particularly cloud computing service providers. read more