Malcolm Burrows from Dundas Lawyers gave this presentation at the Web Strategy Summit in Brisbane on Wed 21st Nov 2012, held at the Australian Institute of Management. The presentation included the topic of tackling the risks & combatting the underbelly of the web. It was held along side Tim Underhill of the Australian Federal Police.

1. Tackling the Risks & Combatting the
Underbelly of the Web
Malcolm Burrows B.Bus.,MBA.,LL.B.,GDLP.,MQLS
Legal Practice Director
Disclaimer
The materials and presentation itself are general commentary on the law only. It is not legal
advice. Do not rely on the information in the materials without first confirming with Dundas
Lawyers that it applies to your exact circumstances. 1

2. Cyber risk tag cloud
2

3. Underbelly of the web
Data security
Privacy Act amendments
Risks from employees and contractors
3

4. Underbelly of the web
Data security
Cloud storage of personal and sensitive information;
Confidential information;
Privacy Act 1988 (Cth); breaches:
Guide for dealing with data breaches (not mandatory)
Data breaches occur when personal information is lost or subjected to
unauthorised access, use, modification or disclosure - eg
lost or stolen laptops, removable storage devices or paper recordings;
hard drives and digital storage media being disposed without contents being
erased first;
Databases being hacked into or otherwise being illegally accessed; or
paper records being taken from insecure recycling or garbage bins.
Presently a Bill before Parliament to introduce changes….
4

5. Privacy Act 1988 (Cth) (Privacy Act)
Proposed changes
Privacy Amendment (Enhancing Privacy Protection) Bill 2012 (Cth):
new amendments may create obligations to comply with mandatory breach
notifications;
possible introduction of statutory cause of action for breach of privacy;
introduction of civil penalties for privacy breaches;
ALRC recommended removing the small business exemption.
5

6. Privacy Act 1988 (Cth) (Privacy Act)
Data breaches – is there an obligation to comply?
Law enforcement
Only if there is a real risk of harm to an individual (identity crime, physical
harm);
Recommended steps if information is requested by Law-enforcement
Police obtain a search warrant.
6

7. Underbelly of the web
Obligation to comply with law enforcement (continued)…
Apply to the court for an order that the information be sealed (s55 & 56
of Criminal Rules); or
refuse to provide the information and force law enforcement to obtain a
subpoena provided that in essence the employee is committed or an
indictment has been presented against the employee – see s29 of the
Supreme Court of Queensland Act 1991 - Criminal Practice Rules 1999 (Qld)
(Criminal Rules)
If the List is produced subject to a Subpoena, then section 29(6) of the
Criminal Rules provides that:
“The proper officer must hold the document or thing subject to the court’s direction and must not
allow anyone to inspect the document or thing other than as directed by the court”:
If provide Customer List, you should mark it “Confidential” and write Copyright using the ©,
(regardless of whether copyright actually subsists in a computer generated list) - s56A of the
Criminal Rules provides that the Court, in responding to an application to copy an exhibit will
take into account:
“the content of the exhibit and whether the exhibit contains information that is private,
confidential or personally or commercially sensitive”.
7

8. Underbelly of the web… continued
Office of Australian Information Commissioner (OAIC)
- notification is not currently mandatory but recommended
when a serious data breach warrants disclosure.
Guide for dealing with data breaches.
8

9. Underbelly of the web… continued
9

10. Underbelly of the web… continued
Engage best practice technological measures to protect
against viral and malware threats;
Employee and contractor background checks if dealing with
sensitive information;
Engage a social media monitoring service;
Develop and implement a Crisis Management Plan;
Appoint a Privacy Officer and conduct a privacy audit;
Cyber risk insurance.
10