malcolm burrows - web strategy summit 2012 presentation slides
DESCRIPTION
Malcolm Burrows from Dundas Lawyers gave this presentation at the Web Strategy Summit in Brisbane on Wed 21st Nov 2012, held at the Australian Institute of Management. The presentation included the topic of tackling the risks & combatting the underbelly of the web. It was held along side Tim Underhill of the Australian Federal Police.TRANSCRIPT
Ó Dundas Lawyers Pty Ltd (07) 3221 0013 www.dundaslawyers.com.au 1
Tackling the Risks & Combatting the Underbelly of the Web
Malcolm Burrows B.Bus.,MBA.,LL.B.,GDLP.,MQLS
Legal Practice Director
Disclaimer
The materials and presentation itself are general commentary on the law only. It is not legal advice. Do not rely on the information in the materials without first confirming with Dundas Lawyers that it applies to your exact circumstances.
Ó Dundas Lawyers Pty Ltd (07) 3221 0013 www.dundaslawyers.com.au 2
Cyber risk tag cloud
Ó Dundas Lawyers Pty Ltd (07) 3221 0013 www.dundaslawyers.com.au 3
Underbelly of the web
Data security
Privacy Act amendments
Risks from employees and contractors
Ó Dundas Lawyers Pty Ltd (07) 3221 0013 www.dundaslawyers.com.au 4
Underbelly of the web
Data securityCloud storage of personal and sensitive information;
Confidential information;
Privacy Act 1988 (Cth); breaches:
Guide for dealing with data breaches (not mandatory)
Data breaches occur when personal information is lost or subjected to unauthorised access, use, modification or disclosure - eg
lost or stolen laptops, removable storage devices or paper recordings;
hard drives and digital storage media being disposed without contents being erased first;
Databases being hacked into or otherwise being illegally accessed; or
paper records being taken from insecure recycling or garbage bins.
Presently a Bill before Parliament to introduce changes….
Ó Dundas Lawyers Pty Ltd (07) 3221 0013 www.dundaslawyers.com.au 5
Privacy Act 1988 (Cth) (Privacy Act)Proposed changes
Privacy Amendment (Enhancing Privacy Protection) Bill 2012 (Cth):
new amendments may create obligations to comply with mandatory breach notifications;
possible introduction of statutory cause of action for breach of privacy;
introduction of civil penalties for privacy breaches;
ALRC recommended removing the small business exemption.
Ó Dundas Lawyers Pty Ltd (07) 3221 0013 www.dundaslawyers.com.au 6
Privacy Act 1988 (Cth) (Privacy Act)Data breaches – is there an obligation to comply?
Law enforcement
Only if there is a real risk of harm to an individual (identity crime, physical harm);
Recommended steps if information is requested by Law-enforcement
Police obtain a search warrant.
Ó Dundas Lawyers Pty Ltd (07) 3221 0013 www.dundaslawyers.com.au 7
Underbelly of the web
Obligation to comply with law enforcement (continued)…
Apply to the court for an order that the information be sealed (s55 & 56 of Criminal
Rules); or
refuse to provide the information and force law enforcement to obtain a subpoena provided that in essence the employee is committed or an indictment has been presented against the employee – see s29 of the Supreme Court of Queensland Act 1991 - Criminal Practice Rules 1999 (Qld) (Criminal Rules)If the List is produced subject to a Subpoena, then section 29(6) of the Criminal Rules provides that:
“The proper officer must hold the document or thing subject to the court’s direction and must not allow anyone to inspect the document or thing other than as directed by the court”:If provide Customer List, you should mark it “Confidential” and write Copyright using the ©, (regardless of whether copyright actually subsists in a computer generated list) - s56A of the Criminal Rules provides that the Court, in responding to an application to copy an exhibit will take into account:
“the content of the exhibit and whether the exhibit contains information that is private, confidential or personally or commercially sensitive”.
Ó Dundas Lawyers Pty Ltd (07) 3221 0013 www.dundaslawyers.com.au 8
Underbelly of the web…continued
Office of Australian Information Commissioner (OAIC)
- notification is not currently mandatory but recommended when a serious data breach warrants disclosure.
Guide for dealing with data breaches.
Ó Dundas Lawyers Pty Ltd (07) 3221 0013 www.dundaslawyers.com.au 9
Underbelly of the web…continued
Ó Dundas Lawyers Pty Ltd (07) 3221 0013 www.dundaslawyers.com.au 10
Underbelly of the web…continued
Engage best practice technological measures to protect against viral and malware threats;
Employee and contractor background checks if dealing with sensitive information;
Engage a social media monitoring service;
Develop and implement a Crisis Management Plan;
Appoint a Privacy Officer and conduct a privacy audit;
Cyber risk insurance.