Professional Documents
Culture Documents
ODMOB Newsletter No 3 Part 1
ODMOB Newsletter No 3 Part 1
ODMOB Newsletter No 3 Part 1
9/30/2015
NEXT ISSUE
Introduction
the
Chief
Security
representatives stated1:
is formulated as follows:
S t > Dt + Rt
successfully attacked.
2012.
be released.
attack.
attack
countermeasures to such
attack.
pilfer
and
cause
http://energycommerce.house.gov/
hearing/understanding-cyberthreat-and-implications-21st-
and
provide
been
implemented
organisation.
by
the
Obviously, the
Consequently,
Detection
technologies)
century-economy <accessed 18
September 2015>
2 Schwartau, W., Time Based
Security: Practical and Provable
Intrusion
Systems
in
are
an
order
to
bodies.
let
Instantaneous
(Non-Government
of
this
note
to
Organisations)
that
operate
within Australia.
alone
[citation
domestic
life;
omitted]
photographs
and
and
numerous
APP Entities
reasonable
commenced as follows:
steps
in
the
learned
Harvard
Professors
The
The
rapid
of
new
advancement
technologies
legislative
is,
from
position,
http://firstmonday.org/ojs/index.ph
p/fm/article/view/973/894
<accessed 23 Sept 2015>
4 4 Harvard L.R. 193 (Dec. 15, 1890)
market.
no lag time.
Peer to Peer
technologies
communications
Page | 3
multitude
of
data
these
to
to
undertake
organisations
increase
their
economic
identity
theft
Organisations
technological advancement is
Double-Click
Personal
The
dark
side
to
this
Identifiable
Information (PII).
This was
Office
Personnel
Management
employee
data
base
of
which
designed
now
to
gain
this
Amazon
customer
returns
Amazon
will
also
the
advancement
of
various
legislative
In
it is similar to you.
In other
1989
the
then
Federal
Page | 4
manner.
Australia
all
Entities
appropriately
the
as
it
private
reporting
covers
sector
agencies
corporations
that
credit
must
out
have
an
drafted
and
all
set
in
have
an
Consequently,
the
APPs.
all
privacy
public
policies
$3,000,000.
The
Privacy
substantially
Act
amended
was
with
are
and
the
associations
privacy
Office
the
Information
small
businesses whose
Privacy
Act,
industry
may
develop
or
practices,
codes
of
the
Australian
Commissioner
bind
all
organisations
who
is
the
Commissioner
compliance.
This
is
able
to
The Commissioner is
monetary
amount
of
is
$360,000 for
Page | 5
market/consumer
data
disclosure
breaches in Australia .
that
comment.
of
that
it
unauthorised
holds
access,
from
misuse,
Further
destroy
or
de-identify
destroy
has
been
10
Hence, the
must
implement
breach
it
will
introduce
In
making
announcement
Attorney
the
General
indicate
Federal
did
whether
this
breach
$2,029.
has
This
been
amount
not
such
personal
expended
the victim11.
lobby
the
Federal
have
devastating
data
confidence.
http://www.computerworld.com.a
u/article/576266/oaic-seeks-detailswoolworths-privacy-snafu/
<accessed 23 Sept 2015>
10 Jei Jing et all v. CCom et all
[1992] FCA 325
11 Javlin Strategy and Research
2015 Identity Fraud Study
cost
to
of
20
correct
hours
any
has
been
https://www.javelinstrategy.com/n
ews/1556/92/16-Billion-Stolenfrom-12-7-Million-Identity-FraudVictims-in-2014-According-toJavelin-StrategyResearch/d,pressRoomDetail
<accessed 23 Sept 2015>
there
is
The
above
noted,
the
circumstances are not an
exhaustive list and as such the
AOIC is able to take into
consideration other factors in
determining
whether
the
organisation under investigation
has taken such steps as are
IBM Ponemon Institute
Research 2015 Cost of Data Breach
Study Global Analysis.
http://www03.ibm.com/security/databreach/?&S_PKG=&ct=&jm=&S_TACT=&iio=BSEC&cmp=&cr=g
oogle&cm=k&csr=Unbranded|Sear
ch|Security+Services+Research+12
it
is
necessary
to
+Awareness|ROW|3571&ccy=us&
ck=cost%20of%20data%20breach&c
s=b&cn=Data_breach&mkwid=s13i
iHLhidc_50705364711_43246d30503_
<accessed 23 Sept 2015>
13 Office of the Australian
Information Commission, Guide
to Information Security,
implemented
in
the
protection of PII.
Conclusion
Privacy and security in the
commercial sector now go hand
in hand. Any organisation that
is an APP Entity and which the
collects, stores or processes any
personal information must have
a carefully drafted privacy
policy that corresponds to the
security
framework
implemented.
If there is a contravention of
either APP then it is possible that
the regulator (OAIC) could
commence an investigation and
Next Issue
The next release will extend the
issues
Commission
will
Ajmccullagh57@gmail.com
Ajmccullagh57@gmail.com
PLEASE NOTE this paper is NOT the provision of legal advice. If a reader has an issue
then they should seek appropriate legal advice. The author makes no warranty as
to correctness of anything contained in this paper. This paper is the sole opinion of
the author and must not be relied upon as legal advice. Every situation is different
and as such proper analysis must be undertaken when seeking a legal opinion.
Consequently, the author takes no responsibility for any errors that may exist in this
paper and certainly takes no responsibility if any reader takes any actions based on
what is (expressly or by implication) contained in this paper. All readers take full
responsibility for anything they may do in reliance of anything contained in this
paper.