Legal ramifications to be felt from widespread identity theft

Published: Comments:
Business Business & Economy Law & Safety Technology & Communications

This is an archived copy of an article. It is online for informational purposes only.
Social:   

In what is one of Australia’s most serious data breaches to date, it appears that thousands of people applying for jobs with WorkCover Queensland and Queensland Rail have had their personal information such as name, email, address, phone numbers and date of birth stolen by cyber criminals who could potentially use the information for identity theft.

In a statement released yesterday the international HR software company behind the data breach, PageUp, said, “Advanced methods were used to gain unauthorised access to PageUp’s IT systems in Australia, Singapore and the UK.

“After extensive review we now know that certain personal data relating to our clients, applicants, references and our employees has been accessed by a cyber attacker.”

It appears the hackers have also accessed log in details and the passwords used to create those accounts.  And with many people using the same username and passwords across a number of applications the consequences of the failure to protect such private and sensitive information could have far reaching consequences.

However, in their statement Page Up believe this risk to be minimal, “Some employee usernames and passwords may have been accessed, however current password data is protected using industry best practice techniques including hashing and salting, and therefore is considered to be of very low risk to individuals”.

With the threat of a class action mounting, one of Queensland’s leading experts in privacy law, Travis Schultz Principal of Travis Schutz Law said it’s not well settled at law as to whether there is a recognised cause of action for invasion of privacy.

“Currently, a person would only be able to claim damages for breach of privacy or release of personal information where there was negligence or a breach of contract on the part of the entity that allowed the personal information to be disclosed. Even then, for a cause of action to be viable, there would need to be some measurable loss or damage caused – and that is very difficult to establish in most cases.”

Mr Schultz believes there will soon be a case that sets a precedent dealing with this issue but for now, what is required is a legislative response to a growing risk and concern.

“Specifically, the questions we need addressed include, the rights of individuals to expect that our personal information is kept confidential and, as individuals, should we have a right to recover damages against a corporation or entity that allows or permits our personal information and data to be released to someone else without our consent?” Mr Schultz said.

“I belive the issue goes much deeper than just the personal details a company holds in a database.

“The issue goes further than just personal information held in a database. Should we as citizens have a right to expect that in our own homes and in our backyards, we are entitled to privacy? Should a photographer with a telescopic lens be permitted to take photographs of us in own home and space and then sell those for their own financial gain?

“There are competing considerations but what we need to do is start a conversation so that the community can set its own expectations and standards and have our Politicians craft legislation to reflect those in appropriate laws that protect all Australians.”

Given that data and databases are now some of the most highly valued and coveted assets of a business, the protection of the information needs to be a priority of anyone who retains such information.

If an organisation discovers that its database has been hacked, then it has an obligation to take steps to assess the breach and decide if serious harm could occur to any individual affected. If so, the organisation must notify the Australian Information Commissioner and also the individual person or people involved.

These mandatory data breach reporting rules apply to Government Agencies, businesses and non-for-profit organisations who have an annual turnover of $3 million or more. The rules also apply to organisations who have lower turnover if they are credit reporting bodies, health service providers, educational entities or the like.

For more information, go to www.schultzlaw.com.au

 
Travis Schultz Law :
6 Hancock Street, Mooloolaba
07 5404 7405
Travis Schultz Law
Showing 5 recent articles for this business
Pill testing questions still need to be answered 01 February 2019 | Following another spate of music festival drug overdoses on the weekend, high profile compensation lawyer Travis Schultz has questioned whose responsibility it is to keep patrons safe from harm at these events. More information...
Lawyer calls for Lime to introduce insurance 14 February 2019 | Prominent Queensland compensation lawyer Travis Schultz has warned that pedestrians may be the biggest losers from the uptake of Lime electric scooters, and has called for the company to provide public liability... More information...
Aldi work practices to be challenged in court 11 December 2018 | Palmview man Kevin John is suing supermarket chain Aldi for damages after being sacked following a serious lower back injury sustained while unloading stock at the German Company’s Maroochydore store. More information...
Lawyer warns to check your medical privacy rights before 15 November 23 October 2018 | Leading privacy lawyer Travis Schultz has warned that people concerned about protecting their medical privacy have less than a month left to opt out of the My Health Record (MHR) system. More information...
Travis Schultz again named one of Qld’s top lawyers 15 October 2018 | High profile litigation lawyer Travis Schultz has maintained his standing as one of Queensland’s top ranks compensation lawyers for the third year running. More information...



Social:   
comments powered by Disqus

All articles submitted by third parties or written by My Sunshine Coast come under our Disclaimer / Terms of Service