Notes from the iappANZ, 15 Feb. 2019

(Feb 14, 2019) Dear privacy professionals, Gong Xi Fa Cai to those of you who celebrate the Lunar New Year! According to most fortune tellers, the Year of the Pig promises to be a challenging one for individuals with my Chinese zodiac sign (which I won’t disclose here as that would give you a good indication of my age). I hope that the rest of you and the companies you work for have better luck in store. One company whose privacy fortunes could use a turnaround this year is Facebook. The tech giant’s privac... Read More

NZ privacy commissioner calls for greater oversight

(Feb 14, 2019) As Facebook celebrates its 15th anniversary, New Zealand Privacy Commissioner John Edwards called for greater regulatory oversight of the company and how it manages customer data, NZ Herald reports. "I hope soon to see New Zealand and US lawmakers take up the challenge presented by this organisation which is unprecedented internationally in its range, scope, membership and influence," Edwards said. An update to the country’s Privacy Act, which is currently before the Justice Select Committee, in... Read More

Report sheds light on the risk posed by China's Cybersecurity Law

(Feb 14, 2019) ZDNet reports on how China’s Cybersecurity Law, which was passed last November, allows the government to conduct remote penetration testing on any internet-related business operating within the country. The law grants the Ministry of Public Security the authority to conduct such testing on any company that has more than five internet-connected computers. Citing a report from threat intel firm Recorded Future, it details how the remote penetration tests expose companies and their data to addition... Read More

Optus customers complain of data breach

(Feb 14, 2019) Customers of Australian telecom company Optus have turned to social media to complain about suspicious account activity and “major privacy” breaches, ABC News reports. Users are stating that when they log in to their accounts, they receive someone else's data. The response follows reports of phishing emails targeting Optus customers, where users were requested to click on a link that included malware. Optus stated it is aware of the problem and that the phishing attack had been circulating since... Read More

Contractor pleads guilty to data breach

(Feb 14, 2019) Yi Zheng, a Chinese contractor for finance firm AMP, pled guilty to a data breach involving customers’ personal information, Channel News reports. Zheng downloaded documents, including passports and drivers licenses, for 20 different customers and forwarded the information to his personal email account. He was discovered after attempting to install a dark-web internet browser on his company computer in December and was arrested the following month while trying to board a flight to China with his... Read More

Singapore government denies breach coverup

(Feb 14, 2019) An article for the South China Morning Post reports on the personal fallout from a data breach involving sensitive health information for more than 14,000 individuals with HIV. Meanwhile, ZDNet reports the Singapore government is denying any efforts to cover up a security incident that led to the breach. In explaining the time gap between the discovery of the breach and its announcement, the country’s health minister said it had a “responsibility to balance” the interests of those impacted and t... Read More

Cyber breach hits Australia's Federal Parliament computer network

(Feb 14, 2019) ABC reports that Australia’s security agencies are investigating a cyber breach of the Federal Parliament’s computer network. In a statement, Parliament’s presiding officers said no evidence has been uncovered that shows data had been stolen. So far, it seems likely that the breach was the result of a state-sponsored event, and investigations are looking into whether China was involved. A source described the attack as “sophisticated.” In a statement, the Australian Signals Directorate said, “Th... Read More

UIDAI tells high court data breach reports are incorrect

(Feb 14, 2019) Addressing a bench of Justice S. Ravindra Bhat and Justice Prateek Jalan, the Unique Identification Authority of India denied reports regarding a security breach of Aadhaar data, The New Indian Express reports. The bench was hearing a plea seeking damages following an alleged Aadhaar data leak. The UIDAI said it has taken “all necessary safeguards” to protect the data and stated, “In the entire petition, there is not even a mention as to how the petitioner is aggrieved by the actions of the UIDA... Read More

Notes from the iappANZ, 8 Feb. 2019

(Feb 7, 2019) Hello Friends, See-Khiang Koh, my counterpart in Singapore, ended his note last week with an intriguing thought: Would humans soon live off their data? Could commercial utilization of data for a “legitimate and authorized purpose” be a source of income that can move developing nations towards poverty alleviation? Or will our strong emphasis on “privacy is not a tradeable right” dominate the rules of the data economy? The next few years will be very crucial for establishing those rules to govern... Read More

Australia sees increase in reported data breaches

(Feb 7, 2019) In a recent report, the Office of the Australian Information Commissioner stated the number of Australian organizations reporting data breaches hit a new high with 262 notifications received in the third full quarter the Notifiable Data Breaches scheme, iTnews reports. The majority of breaches stem from malicious attacks. The report noted that data breaches from human error fell from 37 to 33 percent. “Preventing data breaches and improving cyber security must be a primary concern for any organi... Read More