The Australian Privacy Commissioner, Timothy Pilgrim, has urged all organisations, both public and private, to review the new principles and warned that his office will have substantially boosted powers to enforce the laws and exact penalties for any breaches.
“From the commencement of the new laws, I will be able to accept enforceable undertakings, seek civil penalties in the case of serious breaches of privacy, and conduct assessments of privacy performance for both Australian government agencies and private sector organisations,” Mr Pilgrim said.
“While I will continue to work with agencies and businesses to help them comply with privacy laws, I will not shy away from using these powers in appropriate cases.”
What this means for healthcare providers is that all organisations should review their privacy policies now, as they will be required to have a written statement, according to a briefing note by Corrs Chambers Westgarth partner, David Smith, and senior associate, Matthew Craven.
It also means they should look at boosting their IT security arrangements to ensure a breach does not occur, security experts say.
Read More of this story by Kate McDonald at Pulse+IT
Data Theft Australia's Response
The overt blustering by The Australian Privacy Commissioner, Timothy Pilgrim, that his office will have substantially boosted powers to enforce the laws and exact penalties for any breaches is a typical knee jerk response to a critical problem facing all consumers.
Characteristically the introduction and passing of the Privacy Amendment (Enhancing Privacy Protection) Bill 2012 falls well short of the mark primarily due to the ignorance of its supporters on both sides of the parliament and particularly The Attorney General, Nicola Roxon and The Health Minister Tanya Plibersek.
Health Minister, Ms Tanya Plibersek, Ms Roxon as former Health Minister and again as the Attorney General have been made aware, on numerous occasions, of the lack of legislative powers for Police to charge employees who compromise data and more particularly healthcare providers and medical centre patient data.
Ms Roxon has even admitted, at a Canberra Press Conference, that the greatest threat to data security within Government is corrupted public servants. Recent surveys have also indicated that over 70% of data thefts within private sector organisations are committed by insiders.
Another meeting with senior Fraud Squad Detectives in Sydney, on Wednesday December 19, 2012 confirmed Police are powerless to charge employees who steal personally identifying data from health care providers.
With so many people effected by such an insidious act of theft including patients, business owners, employees, their families and suppliers governments have to take a much more serious look at passing legislation that will allow Police to charge employees responsible for data theft.
Mr Pilgrim should spend more time actually uncovering what the real issues are rather than postulate how much power he now has.
Monday 31 December 2012
Thursday 20 December 2012
Senior Fraud Squad Police confirm there is no way to charge data thieves
A meeting with senior Fraud Squad Detectives in Sydney yesterday has confirmed Police are powerless to charge employees who steal data from their employers.
Whilst state and federal ministers and bureaucrats, on both sides of parliament, have written to us or responded to correspondence from us promoting existing legislation under the Crimes Act, the Privacy Act and Copyright Acts there remains absolutely no legislation in any state or federally that will allow Police to charge for theft of data by an employee or for that matter any person who has authorised access to a business.
The meeting confirmed that regardless of the level of security over a database and extensive agreements between employees and employers any theft of data can only be handled in the civil courts.
The costs associated with any civil court action disqualifies most small businesses from seeking the loss and damages caused by this type of fraud providing total immunity for the thieves. Even for those businesses willing to pursue a civil court action the end result could be substantial costs and no compensation due to the thief having no tangible assets or funds to pay awarded loss and damages.
With so many people effected by such an insidious act of theft including business owners, employees, their families, suppliers and customers governments have to take a much more serious look at passing legislation that will allow Police to charge persons responsible for data theft.
One recent case of data theft by employees breached the privacy of thousands of patients and shut down one of Sydney's leading sports injury centres causing staff to be laid off and loss and damages in the millions of dollars.
Police, Security and legal experts, as well as those companies affected, say the end result leaves employees feeling invincible to legal threat or recourse.
Whilst state and federal ministers and bureaucrats, on both sides of parliament, have written to us or responded to correspondence from us promoting existing legislation under the Crimes Act, the Privacy Act and Copyright Acts there remains absolutely no legislation in any state or federally that will allow Police to charge for theft of data by an employee or for that matter any person who has authorised access to a business.
The meeting confirmed that regardless of the level of security over a database and extensive agreements between employees and employers any theft of data can only be handled in the civil courts.
The costs associated with any civil court action disqualifies most small businesses from seeking the loss and damages caused by this type of fraud providing total immunity for the thieves. Even for those businesses willing to pursue a civil court action the end result could be substantial costs and no compensation due to the thief having no tangible assets or funds to pay awarded loss and damages.
With so many people effected by such an insidious act of theft including business owners, employees, their families, suppliers and customers governments have to take a much more serious look at passing legislation that will allow Police to charge persons responsible for data theft.
One recent case of data theft by employees breached the privacy of thousands of patients and shut down one of Sydney's leading sports injury centres causing staff to be laid off and loss and damages in the millions of dollars.
Police, Security and legal experts, as well as those companies affected, say the end result leaves employees feeling invincible to legal threat or recourse.
Wednesday 12 December 2012
Open Letter to Politicians - Data Theft by Employees
Good morning all Politicians,
If an employee has access to confidential information that can be used for identity theft they may decide to use this information themselves to make purchases, pass it to a competitor, set up a competitive business or pass it to an identity thief.
Recent changes to the Privacy Act (Privacy Amendment - Enhancing Privacy Protection Bill 2012) could see the employer heavily fined for breaches of privacy yet the employee remains totally immune from prosecution.
A recent multimillion dollar data theft from a Sydney based sports injury facility cannot be investigated by Police as there is no legislation that will allow them to charge the persons involved despite the weight of evidence available to them.
Thousands of patients were compromised and under the guidelines of OAIC were notified of the breach. Under the recently enacted 'Enhancing Privacy Protection Bill 2012' the centre could be liable for heavy fines (as of march 2014) yet the data thieves continue to remain immune from prosecution.
The Attorney General Nicola Roxon, the Minister For Health Tanya Plibersek and much of the business community are completely naive to the fact there are absolutely no laws which will allow Police to charge employees who steal critical data assets.
Both Ms Nicola Roxon and Ms Tanya Plibersek continue to insist employees can be charged under the Crimes Act 1900 section 308H and have replied to our correspondence accordingly.
We have been writing to both these ministers for over two years including providing correspondence from NSW Police which confirms that 'employees cannot be charged' under the Crimes Act or any other current legislation if they steal data from their employer.
Recently Ms Roxon admitted, at a Canberra Press Conference, that the greatest threat to data security within Government is corrupted public servants. Recent surveys have indicated that over 70% of data thefts are committed by insiders.
We hope that you may be able to help champion a lobby to correct this huge gap in legislation which is costing business billions of dollars and breaching the privacy of literally millions of Australians.
We look forward to your support for the introduction of legislation that will allow Police to charge employees who steal critical data assets from their employer.
Kind regards
Brad Robinson
Data Theft Australia
datatheft.au@gmail.com
Data Theft on Google +
twitter.com/datatheft_au
facebook.com/datatheft.au
Data Theft by Employees Community
If an employee has access to confidential information that can be used for identity theft they may decide to use this information themselves to make purchases, pass it to a competitor, set up a competitive business or pass it to an identity thief.
Recent changes to the Privacy Act (Privacy Amendment - Enhancing Privacy Protection Bill 2012) could see the employer heavily fined for breaches of privacy yet the employee remains totally immune from prosecution.
A recent multimillion dollar data theft from a Sydney based sports injury facility cannot be investigated by Police as there is no legislation that will allow them to charge the persons involved despite the weight of evidence available to them.
Thousands of patients were compromised and under the guidelines of OAIC were notified of the breach. Under the recently enacted 'Enhancing Privacy Protection Bill 2012' the centre could be liable for heavy fines (as of march 2014) yet the data thieves continue to remain immune from prosecution.
The Attorney General Nicola Roxon, the Minister For Health Tanya Plibersek and much of the business community are completely naive to the fact there are absolutely no laws which will allow Police to charge employees who steal critical data assets.
Both Ms Nicola Roxon and Ms Tanya Plibersek continue to insist employees can be charged under the Crimes Act 1900 section 308H and have replied to our correspondence accordingly.
We have been writing to both these ministers for over two years including providing correspondence from NSW Police which confirms that 'employees cannot be charged' under the Crimes Act or any other current legislation if they steal data from their employer.
Recently Ms Roxon admitted, at a Canberra Press Conference, that the greatest threat to data security within Government is corrupted public servants. Recent surveys have indicated that over 70% of data thefts are committed by insiders.
We hope that you may be able to help champion a lobby to correct this huge gap in legislation which is costing business billions of dollars and breaching the privacy of literally millions of Australians.
We look forward to your support for the introduction of legislation that will allow Police to charge employees who steal critical data assets from their employer.
Kind regards
Brad Robinson
Data Theft Australia
datatheft.au@gmail.com
Data Theft on Google +
twitter.com/datatheft_au
facebook.com/datatheft.au
Data Theft by Employees Community
Tuesday 11 December 2012
Small businesses suffer from theft of data
By Australian Financial Review's James Hutchison
Small businesses have called for tougher criminal penalties for former employees who steal or leak sensitive company information, as experts warned that millions in losses had arisen from increased data theft since the global financial crisis.
Figures from research firm Ponemon showed data theft has continued to be a major pain point for all businesses, with insiders – former employees or contractors – responsible for a third of all information breaches last year. These breaches were the result of either an employee’s negligence, or malicious attempts to siphon data from the business for personal gain.
The Australian businesses surveyed by Ponemon spent an average of $US2.27 million last year dealing with these breaches. Data theft investigators and security consultants said incidents had increased since the global economic downturn, particularly in the construction sector, as employees became desperate to win contracts or personally benefit from the business.
One consultant said the “law is silent” on corruption and data leakage in the private sector.
Continue here to read the rest of the article . . . .
Small businesses have called for tougher criminal penalties for former employees who steal or leak sensitive company information, as experts warned that millions in losses had arisen from increased data theft since the global financial crisis.
Figures from research firm Ponemon showed data theft has continued to be a major pain point for all businesses, with insiders – former employees or contractors – responsible for a third of all information breaches last year. These breaches were the result of either an employee’s negligence, or malicious attempts to siphon data from the business for personal gain.
The Australian businesses surveyed by Ponemon spent an average of $US2.27 million last year dealing with these breaches. Data theft investigators and security consultants said incidents had increased since the global economic downturn, particularly in the construction sector, as employees became desperate to win contracts or personally benefit from the business.
One consultant said the “law is silent” on corruption and data leakage in the private sector.
Continue here to read the rest of the article . . . .
Subscribe to:
Posts (Atom)