The brave new world of data security
It is prudent to be scared rather than brave in the modern world of data breaches and cyber attacks, where criminal enterprise endeavours to breach effective security systems and keep ahead of effective regulation, write Robert Ishak and Ian Wylie.
Legally, there are significant obligations on governmental and other organisations to secure personal information under Commonwealth and State privacy legislation, and significant new data breach notification requirements have been in place in Australia since 22 February 2018. Unfortunately, in practice, data breaches are occurring with increasing frequency and seriousness.
Most recently, Ticketmaster UK identified malicious software on a customer support product hosted by Inbenta Technologies. It could access UK Ticketmaster customers’ personal or payment information, where they purchased or attempted to purchase tickets in the UK between February and 23 June 2018, as well as the information of international customers who purchased or attempted to purchase tickets between September 2017 and 23 June 2018.
More generally in the online world of apparent ease of transaction and asserted utility of Big Data, be alert if not alarmed. Helpful guidance on protecting against identity fraud, otherwise minimising harm after you become aware of a data breach, and how to make a privacy complaint are available from the office of the Australian Information Commissioner.
Other helpful resources include:
- Australia and New Zealand’s national identity and cyber support service IDCARE
- The Australian cybercrime online reporting network ACORN.
In practice, quick action is critical but even then, that may not result in effective remedy. Individual caution is recommended before embracing too wholeheartedly the promises of digital security, ease and convenience of transaction and related requirements for personal information.
Robert Ishak is principal and chairman at William Roberts Lawyers and Ian Wylie is special counsel at William Roberts Lawyers.