The Brave New World of Data (in) Security

It is prudent to be scared rather than brave in the modern world of data breaches and cyber-attacks, where criminal enterprise endeavours to breach effective security systems and keep ahead of effective regulation.

Legally, there are significant obligations on governmental and other organisations to secure personal information under Commonwealth and State privacy legislation, and significant new data breach notification requirements have been in place in Australia since 22 February 2018 (see https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme). Unfortunately, in practice, data breaches are occurring with increasing frequency and seriousness.

Most recently, Ticketmaster UK identified malicious software on a customer support product hosted by Inbenta Technologies. It could access UK Ticketmaster customers’ personal or payment information where they purchased or attempted to purchase tickets in the UK between February and 23 June 2018, as well as the information of international customers who purchased or attempted to purchase tickets between September 2017 and 23 June 2018. For details of what Ticketmaster is doing and what concerned customers should do, see https://security.ticketmaster.co.uk/.

More generally in the on-line world of apparent ease of transaction and asserted utility of Big Data, be alert if not alarmed. Helpful guidance on protecting against identity fraud, otherwise minimising harm after you become aware of a data breach, and how to make a privacy complaint are available from the office of the Australian Information Commissioner at https://www.oaic.gov.au/individuals/data-breach-guidance/what-to-do-after-a-data-breach-notification#receiving-a-data-breach-notification. Other helpful resources include:

• Australia and New Zealand’s national identity and cyber support service IDCARE at https://www.idcare.org/
• The Australian cybercrime online reporting network ACORN at https://www.acorn.gov.au/

In practice, quick action is critical but even then may not result in effective remedy. Individual caution is recommended before embracing too wholeheartedly promises of digital security, ease and convenience of transaction and related requirements for personal information.