Notes from the iappANZ, March 11, 2016

This edition of the digest contains some really interesting items, ranging from a $55 million U.S. civil judgement for an invasion of privacy suit, through to privacy breaches now being played out on the Dark Web — as if the other Web wasn’t already creating enough challenges.

We also have an article about a patient who had explicit photos taken by a nurse while undergoing surgery. The patient encountered such institutional and legal barriers to pursuing her claims of privacy invasion that changes to legislation in the Australian state of New South Wales are being recommended to allow victims to take legal action if an individual has recklessly or intentionally breached their privacy.

Still in Australia, the federal government has re-vamped its ‘personally controlled eHealth record’ program, badging it ‘My Health Record’; but sceptics are still advising  that “[t]here are many people who should be very careful about letting the government put lots of identifying information into a central database …"

This edition’s article about an AXELOS' survey which found that employees' privacy ineptitude is to blame for an increasing number of breaches is highly relevant and identifies a common theme. AXELOS advises that companies are doing little to educate workers about privacy best practices. AXELOS' Nick Wilding advises: "staff should be [businesses'] most effective security control but are typically one of their greatest vulnerabilities."

And finally, the article about Verizon’s Data Loss Casebook and accompanying annual Date Breach Investigations Report, which contains anonymised details of customer investigations should make interesting reading for all of us.

Members of the board of the IAPP Australia-New Zealand will shortly be travelling to the IAPP Summit in Washington and we look forward to meeting and engaging with all of our fellow colleagues and other attendees, please keep an eye out for us — we definitely don’t plan to be anonymous!