Ransomware

Australian Privacy Commissioner Concerned Over Third-Party Breaches

The privacy commissioner raised concerns against third-party supplier risks and a sense of AI "urgency"

by Alan J May 6, 2024 in Cybersecurity News, Firewall Daily Reading Time: 4 mins read 0

588 SHARES 3.3k VIEWS Share on LinkedInShare on Twitter

The warned the Australian public that third-party suppliers serve as “a real weak spot” to safeguard customer privacy. The warning follows a massive data of over 1 million Australians stemming from a data breach involving a third-party club management software contractor.

The leak impacted New South Wales and Australian Capital Territory club-goers while including sensitive personal details such as names, addresses and driver's license.

The privacy commissioner has also expressed frustrations with the push towards urgent roll out of without appropriate regulations to protect citizens.

Commissioner Makes Statement as Part of Privacy Awareness Week

's new Privacy Commissioner, , emphasized that this issue was growing and that larger organizations such as clubs needed to ensure that third-party suppliers and contractors maintained adequate data privacy standards to fulfill their obligations to consumers.

Kind highlighted that while the shift towards a digital economy presented significant opportunities for individuals, businesses, and the public, it also came at the expense of personal privacy. She pointed out that invasive data-gathering practices, weak security protocols, and unfair terms and conditions undermined individual agency while exposing organizations to additional liabilities in the form of and privacy complaints.

The commissioner felt that these new technologies have led to an expansion in the collection and usage of personal information without considering the potential intrusions into individual and collective privacy.

The commissioner advised the Australian public to be actively involved and engaged in protecting their personal information. She emphasized that businesses and other organizations collecting data must make informed decisions to safeguard and protect it, while avoiding unnecessary retention of data.

Australian Information Commissioner Angelene Falk noted that the Office of the Australian Information Commissioner (OAIC) continues to receive numerous reports of multi-party breaches, primarily stemming from breaches in cloud or software providers.

Australian Privacy Commissioner Expresses Additional AI Concerns

As part of the privacy week statement, Kind also expressed frustration about the sense of urgency for AI deployment, which seemed to override a more cautionary approach.

The commissioner noticed a worrying business perception that AI isn't being used enough, leading to  a sense of urgency and missed opportunity that ignores adequate considerations for its positive implementation and the integration of existing laws and regulations to protect customer data and privacy.

Kind has professional expertise in AI, having worked previously as the inaugural director of the London-based AI and data research organization, the Ada Lovelace Institute.

Australian Privacy Commissioner Supports Law That Bolsters Privacy

While the Australian privacy commissioner has limited power to address serious privacy breaches, the  requirement threshold to meet the requirement is excessively rigid to the point only two civil penalty proceedings were passed in the past nine years.

However, reforms to the Privacy Act introduced by Attorney-General Mark Dreyfus in August 2023, seek to empower the commissioner's ability to crack down on breaches with the inclusion of new low-tier and mid-tier civil penalty provisions that would effectively allow the commissioner to deal with non-serious and one-off breaches.

The new bill aims to strengthen privacy protections by allowing Australians to sue for deemed privacy invasions and targeted use of personal information like doxing. This reform is deemed vital as personal privacy faces increasing threats. Carly Kind, the new privacy commissioner, has noted industry support for these reforms and highlighted concerns about excessive data collection and outdated privacy laws.

Kind's appointment as the standalone privacy commissioner reflects a renewed focus on privacy issues and follows the Australian government's efforts to strengthen the Office of the Australian Information Commission.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button