Legal ramifications to be felt from widespread identity theft

Published: Comments:
Business Business & Economy Law & Safety Technology & Communications

This is an archived copy of an article. It is online for informational purposes only.
Social:   

In what is one of Australia’s most serious data breaches to date, it appears that thousands of people applying for jobs with WorkCover Queensland and Queensland Rail have had their personal information such as name, email, address, phone numbers and date of birth stolen by cyber criminals who could potentially use the information for identity theft.

In a statement released yesterday the international HR software company behind the data breach, PageUp, said, “Advanced methods were used to gain unauthorised access to PageUp’s IT systems in Australia, Singapore and the UK.

“After extensive review we now know that certain personal data relating to our clients, applicants, references and our employees has been accessed by a cyber attacker.”

It appears the hackers have also accessed log in details and the passwords used to create those accounts.  And with many people using the same username and passwords across a number of applications the consequences of the failure to protect such private and sensitive information could have far reaching consequences.

However, in their statement Page Up believe this risk to be minimal, “Some employee usernames and passwords may have been accessed, however current password data is protected using industry best practice techniques including hashing and salting, and therefore is considered to be of very low risk to individuals”.

With the threat of a class action mounting, one of Queensland’s leading experts in privacy law, Travis Schultz Principal of Travis Schutz Law said it’s not well settled at law as to whether there is a recognised cause of action for invasion of privacy.

“Currently, a person would only be able to claim damages for breach of privacy or release of personal information where there was negligence or a breach of contract on the part of the entity that allowed the personal information to be disclosed. Even then, for a cause of action to be viable, there would need to be some measurable loss or damage caused – and that is very difficult to establish in most cases.”

Mr Schultz believes there will soon be a case that sets a precedent dealing with this issue but for now, what is required is a legislative response to a growing risk and concern.

“Specifically, the questions we need addressed include, the rights of individuals to expect that our personal information is kept confidential and, as individuals, should we have a right to recover damages against a corporation or entity that allows or permits our personal information and data to be released to someone else without our consent?” Mr Schultz said.

“I belive the issue goes much deeper than just the personal details a company holds in a database.

“The issue goes further than just personal information held in a database. Should we as citizens have a right to expect that in our own homes and in our backyards, we are entitled to privacy? Should a photographer with a telescopic lens be permitted to take photographs of us in own home and space and then sell those for their own financial gain?

“There are competing considerations but what we need to do is start a conversation so that the community can set its own expectations and standards and have our Politicians craft legislation to reflect those in appropriate laws that protect all Australians.”

Given that data and databases are now some of the most highly valued and coveted assets of a business, the protection of the information needs to be a priority of anyone who retains such information.

If an organisation discovers that its database has been hacked, then it has an obligation to take steps to assess the breach and decide if serious harm could occur to any individual affected. If so, the organisation must notify the Australian Information Commissioner and also the individual person or people involved.

These mandatory data breach reporting rules apply to Government Agencies, businesses and non-for-profit organisations who have an annual turnover of $3 million or more. The rules also apply to organisations who have lower turnover if they are credit reporting bodies, health service providers, educational entities or the like.

For more information, go to www.schultzlaw.com.au

 
Travis Schultz Law :
6 Hancock Street, Mooloolaba
07 5404 7405
Travis Schultz Law
Showing 6 recent articles for this business
Aldi work practices to be challenged in court 11 December 2018 | Palmview man Kevin John is suing supermarket chain Aldi for damages after being sacked following a serious lower back injury sustained while unloading stock at the German Company’s Maroochydore store. More information...
Lawyer warns to check your medical privacy rights before 15 November 23 October 2018 | Leading privacy lawyer Travis Schultz has warned that people concerned about protecting their medical privacy have less than a month left to opt out of the My Health Record (MHR) system. More information...
Travis Schultz again named one of Qld’s top lawyers 15 October 2018 | High profile litigation lawyer Travis Schultz has maintained his standing as one of Queensland’s top ranks compensation lawyers for the third year running. More information...
Fake news, digital disruption and defamation. Why the law needs to change 17 July 2018 | According to a prominent Queensland lawyer, defamation laws in Australia have failed to move at a pace consistent with the digitalisation of our world and are giving the internet giants like Google, Facebook and... More information...
Facial recognition – even the manufacturers are warning against its use 28 June 2018 | Where it was once only imagined in sci fi movies, facial recognition is fast becoming common place. And it seems we are embracing it with open arms, with many prepared to forgo privacy in return for the conveni... More information...
Legal ramifications to be felt from widespread identity theft 13 June 2018 | In what is one of Australia’s most serious data breaches to date, it appears that thousands of people applying for jobs with WorkCover Queensland and Queensland Rail have had their personal information such as... More information...



Social:   
comments powered by Disqus

All articles submitted by third parties or written by My Sunshine Coast come under our Disclaimer / Terms of Service