Tackling the Risks & Combatting the                                   Underbelly of the Web                               ...
Cyber risk tag cloud                       2
Underbelly of the web  Data security  Privacy Act amendments    Risks from employees and contractors                      ...
Underbelly of the web  Data security    Cloud storage of personal and sensitive information;    Confidential information; ...
Privacy Act 1988 (Cth) (Privacy Act)  Proposed changes    Privacy Amendment (Enhancing Privacy Protection) Bill 2012 (Cth)...
Privacy Act 1988 (Cth) (Privacy Act)  Data breaches – is there an obligation to comply?    Law enforcement      Only if th...
Underbelly of the web  Obligation to comply with law enforcement (continued)…       Apply to the court for an order that t...
Underbelly of the web…             continued  Office of Australian Information Commissioner (OAIC)  - notification is not ...
Underbelly of the web…   continued                                     9
Underbelly of the web…             continued  Engage best practice technological measures to protect  against viral and ma...
Upcoming SlideShare
Loading in …5
×

Malcolm Burrows - Web Strategy Summit 2012 Presentation Slides

379 views
342 views

Published on

Malcolm Burrows from Dundas Lawyers gave this presentation at the Web Strategy Summit in Brisbane on Wed 21st Nov 2012, held at the Australian Institute of Management.

The presentation included the topic of tackling the risks & combatting the underbelly of the web. It was held along side Tim Underhill of the Australian Federal Police.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
379
On SlideShare
0
From Embeds
0
Number of Embeds
121
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Malcolm Burrows - Web Strategy Summit 2012 Presentation Slides

  1. 1. Tackling the Risks & Combatting the Underbelly of the Web Malcolm Burrows B.Bus.,MBA.,LL.B.,GDLP.,MQLS Legal Practice DirectorDisclaimerThe materials and presentation itself are general commentary on the law only. It is not legaladvice. Do not rely on the information in the materials without first confirming with DundasLawyers that it applies to your exact circumstances. 1
  2. 2. Cyber risk tag cloud 2
  3. 3. Underbelly of the web Data security Privacy Act amendments Risks from employees and contractors 3
  4. 4. Underbelly of the web Data security Cloud storage of personal and sensitive information; Confidential information; Privacy Act 1988 (Cth); breaches: Guide for dealing with data breaches (not mandatory) Data breaches occur when personal information is lost or subjected to unauthorised access, use, modification or disclosure - eg lost or stolen laptops, removable storage devices or paper recordings; hard drives and digital storage media being disposed without contents being erased first; Databases being hacked into or otherwise being illegally accessed; or paper records being taken from insecure recycling or garbage bins. Presently a Bill before Parliament to introduce changes…. 4
  5. 5. Privacy Act 1988 (Cth) (Privacy Act) Proposed changes Privacy Amendment (Enhancing Privacy Protection) Bill 2012 (Cth): new amendments may create obligations to comply with mandatory breach notifications; possible introduction of statutory cause of action for breach of privacy; introduction of civil penalties for privacy breaches; ALRC recommended removing the small business exemption. 5
  6. 6. Privacy Act 1988 (Cth) (Privacy Act) Data breaches – is there an obligation to comply? Law enforcement Only if there is a real risk of harm to an individual (identity crime, physical harm); Recommended steps if information is requested by Law-enforcement Police obtain a search warrant. 6
  7. 7. Underbelly of the web Obligation to comply with law enforcement (continued)… Apply to the court for an order that the information be sealed (s55 & 56 of Criminal Rules); or refuse to provide the information and force law enforcement to obtain a subpoena provided that in essence the employee is committed or an indictment has been presented against the employee – see s29 of the Supreme Court of Queensland Act 1991 - Criminal Practice Rules 1999 (Qld) (Criminal Rules) If the List is produced subject to a Subpoena, then section 29(6) of the Criminal Rules provides that: “The proper officer must hold the document or thing subject to the court’s direction and must not allow anyone to inspect the document or thing other than as directed by the court”: If provide Customer List, you should mark it “Confidential” and write Copyright using the ©, (regardless of whether copyright actually subsists in a computer generated list) - s56A of the Criminal Rules provides that the Court, in responding to an application to copy an exhibit will take into account: “the content of the exhibit and whether the exhibit contains information that is private, confidential or personally or commercially sensitive”. 7
  8. 8. Underbelly of the web… continued Office of Australian Information Commissioner (OAIC) - notification is not currently mandatory but recommended when a serious data breach warrants disclosure. Guide for dealing with data breaches. 8
  9. 9. Underbelly of the web… continued 9
  10. 10. Underbelly of the web… continued Engage best practice technological measures to protect against viral and malware threats; Employee and contractor background checks if dealing with sensitive information; Engage a social media monitoring service; Develop and implement a Crisis Management Plan; Appoint a Privacy Officer and conduct a privacy audit; Cyber risk insurance. 10

×