Hello, privacy pros.
I have a number of updates across the region and beyond to share with you in this update.
The Office of the Australian Information Commissioner’s quarterly report on the Notifiable Data Breaches scheme, covering the period between 1 April and 30 June 2019, reveals the health and finance sectors were responsible for 36% of data breaches. Malicious or criminal attacks accounted for more than half of all notified data breaches — the majority of which were linked to compromised credentials. A ZDNet article covering the OAIC’s report noted Microsoft’s view that enabling multifactor authentication makes an account 99.9% less likely to be compromised. MFA isn’t a silver bullet, but it certainly reduces the risk of compromised credentials.
Australian eSafety Commissioner Julie Inman Grant and Jonathan Rouse of the Queensland Police Service wrote an opinion piece in The Australian about the dangers lurking on the flipside of the tech industry’s rush to embrace end-to-end encryption. Although encryption bolsters privacy protections, it is also often used to shield the activities of child predators engaged in child sexual exploitation. The authors call on the tech industry to incorporate a “safety by design” approach into the development of encrypted services to ensure that child sexual abuse can be detected.
New Zealand’s Ministry for Culture and Heritage suffered a breach resulting from a “coding error” on a website developed by a third party on behalf of the ministry. The breach compromised the personal information of more than 300 people and included data from passports, driver licenses, birth certificates and visas.
In Bangkok, at the first Association of Southeast Asian Nations Data Protection and Privacy Forum, Philippines Privacy Commissioner Raymund Liboro called on neighboring Southeast Asian countries to enhance data security and privacy. He noted the varying maturity of privacy laws across the region, with established regimes in the Philippines, Singapore and Malaysia, a new regime in Thailand and developing data protection laws elsewhere, such as Indonesia.
A smart cities initiative has been the target of ongoing Hong Kong demonstrations. Protesters tore down approximately 20 smart lampposts over concerns the cameras and Bluetooth beacons with the posts could be used for surveillance by mainland China. Hong Kong Secretary for Innovation and Technology Nicholas Yang Wei-hsiung expressed his disappointment over the damage and characterized the protesters’ concerns as conspiracy theories. He insisted the project was transparent from the start and posed no risk to privacy.
In "Privacy Fundamentalism," Technology and Media Analyst Ben Thompson provides a fresh perspective on privacy and tracking technologies. The article takes aim at part of The New York Times’ Privacy Project by showing how some third-party “tracking tools” are specifically useful, if not essential, to the operation of his website, Stratechery, and perhaps not quite as scary as they are alleged to be. Some privacy pros may disagree with Thompson’s view that privacy online necessarily entails trade-offs. But we benefit from continually challenging our own views and engaging in discussions that include thoughtful criticism of privacy absolutism.
Registrations for the IAPP ANZ Summit are flowing in fast, and we are set to have a full house at this regional event in Sydney 29-30 Oct. If you haven’t registered already, be sure to save your spot soon.
Best regards,
Stephen Bolinger
IAPP Country Leader, Australia
Comments
If you want to comment on this post, you need to login.