Malcolm Burrows from Dundas Lawyers gave this presentation at the Web Strategy Summit in Brisbane on Wed 21st Nov 2012, held at the Australian Institute of Management.
The presentation included the topic of tackling the risks & combatting the underbelly of the web. It was held along side Tim Underhill of the Australian Federal Police.
Malcolm Burrows - Web Strategy Summit 2012 Presentation Slides
1. Tackling the Risks & Combatting the
Underbelly of the Web
Malcolm Burrows B.Bus.,MBA.,LL.B.,GDLP.,MQLS
Legal Practice Director
Disclaimer
The materials and presentation itself are general commentary on the law only. It is not legal
advice. Do not rely on the information in the materials without first confirming with Dundas
Lawyers that it applies to your exact circumstances. 1
3. Underbelly of the web
Data security
Privacy Act amendments
Risks from employees and contractors
3
4. Underbelly of the web
Data security
Cloud storage of personal and sensitive information;
Confidential information;
Privacy Act 1988 (Cth); breaches:
Guide for dealing with data breaches (not mandatory)
Data breaches occur when personal information is lost or subjected to
unauthorised access, use, modification or disclosure - eg
lost or stolen laptops, removable storage devices or paper recordings;
hard drives and digital storage media being disposed without contents being
erased first;
Databases being hacked into or otherwise being illegally accessed; or
paper records being taken from insecure recycling or garbage bins.
Presently a Bill before Parliament to introduce changes….
4
5. Privacy Act 1988 (Cth) (Privacy Act)
Proposed changes
Privacy Amendment (Enhancing Privacy Protection) Bill 2012 (Cth):
new amendments may create obligations to comply with mandatory breach
notifications;
possible introduction of statutory cause of action for breach of privacy;
introduction of civil penalties for privacy breaches;
ALRC recommended removing the small business exemption.
5
6. Privacy Act 1988 (Cth) (Privacy Act)
Data breaches – is there an obligation to comply?
Law enforcement
Only if there is a real risk of harm to an individual (identity crime, physical
harm);
Recommended steps if information is requested by Law-enforcement
Police obtain a search warrant.
6
8. Underbelly of the web… continued
Office of Australian Information Commissioner (OAIC)
- notification is not currently mandatory but recommended
when a serious data breach warrants disclosure.
Guide for dealing with data breaches.
8
10. Underbelly of the web… continued
Engage best practice technological measures to protect
against viral and malware threats;
Employee and contractor background checks if dealing with
sensitive information;
Engage a social media monitoring service;
Develop and implement a Crisis Management Plan;
Appoint a Privacy Officer and conduct a privacy audit;
Cyber risk insurance.
10