ABC cabinet files highlights low-tech privacy risks
The release at the end of January by the Australian Broadcast Corporation (ABC) of certain documents which were acquired by a member of the public purchasing ex-Government furniture at a second hand shop in Canberra reveals that while cyber security is currently a high priority issue, a determined and consistent focus on low-tech risks cannot be ignored.
The filing cabinets provided to the ABC contained a range of documents that were highly classified and of embarrassment to the Government. This raises a range of questions around how the documents all came to be collated in the one place and how furniture that was relegated for third party sale could be removed from Government control without some form of review to see if the cabinets did contain any papers or other information.
The discovery of the cabinet files indicates what might be regarded by some as a one-off but this is not the case. In 2015, the Office of the Australian Information Commission (OAIC) obtained an enforceable undertaking from former mobile phone provider TeleChoice, where it had stored old documents in a dis-used shipping container in rural Victoria making fortnightly visits to determine that the container was secure.
On one visit it was found that the container had been vandalised and documents removed. The extent of the document loss was unable to be ascertained and one of the elements of the enforceable undertaking was that TeleChoice were required to pay for credit monitoring for any former clients who wished to use that service to assist in preventing fraud and identity theft as a consequence of loss of their documents. There are also circumstances both far away and close to home where “low tech” breaches have occurred. In 2011, UK Cabinet Minister Oliver Letwin was found to be in breach of the UK Data Protection Act by disposing of letters sent to him by his constituents by placing them in rubbish bins, in his local park on his walk home.
Similarly, in 2011, RailCorp in New South Wales was investigated by the then NSW Privacy Commissioner over the sale of certain lost property. In that case, approximately 50 USB memory sticks which had been left on trains were sold as part of an annual lost property sale but they had not been 'cleaned' and were found to contain material as diverse as CVs and copies of tax returns.
Accordingly, while the current focus on cyber security and cyber risks from malicious actors is an important element of privacy compliance, another element which is not to be ignored is old-fashioned physical security and access controls and ensuring that at the end of the information lifecycle information is de-identified or destroyed.
Author: Lyn Nicholson
NSW Government Lawyers Linkedin Group
To start a conversation about Government Bulletin or issues of interest to NSW government lawyers, join the LinkedIn group NSW Government Lawyers by clicking on this link. Membership is open to those employed in the public sector.
In the media
Law Society to tackle court delays and Legal Aid funding in 2018
The Law Society of NSW will lobby for more resources for Legal Aid and look at "alternatives to imprisonment" as part of a list of priorities revealed at NSW Parliament on Wednesday night (01 February 2018). More...
Extent of donations to Australia’s political parties revealed
The Australian Electoral Commission’s annual returns, published on Thursday morning, reveal the extent of the cash poured into the political process - more than $207 million in total. Thursday’s returns are likely to put the spotlight back on foreign donations and come as the Joint Standing Committee on Electoral Matters examines legislation aimed at banning overseas cash from the Australian political process (01 February 2018). More...
Toothless' anti-corruption watchdog pales against ICAC, barrister says
While the New South Wales Independent Commission Against Corruption held 28 public hearings between 2012 and 2016, Tasmania's anti-corruption watchdog has never held a full inquiry (01 February 2018). More...
Access to justice and transparent appointments
Greater resourcing of the courts and Legal Aid and a more transparent process in appointments to Commonwealth Tribunals, are among top advocacy priorities for The Law Society of NSW's new President Doug Humphreys (31 January 2018). More...
NSW Custody Statistics: Quarterly Update December 2017
New figures released today by the NSW Bureau of Crime Statistics and Research (BOCSAR) show that the NSW prison population grew by just 0.7 per cent in the last 12 months. In December 2017, the NSW prison adult population stood at 12,989 (30 January 2018). More...
Terrorist's refusal to stand in court could have 'ramifications', judge warns
A NSW Supreme Court Justice tells a man involved in police accountant Curtis Cheng's 2015 murder that his refusal to stand during his sentencing hearing could have "ramifications" (29 January 2018). More...
Inmates facing charges after South Coast CCTV reviewed
Up to 27 inmates from South Coast Correctional Centre are being investigated over their involvement in a disturbance at the Nowra facility on 3 January. Commissioner Peter Severin said this type of behaviour is unacceptable and our staff are working hard to ensure the inmates responsible are charged over their involvement in the incident, which put officers and other inmates at risk (23 January 2018). More...
In practice and courts
OAIC: Australian Government Agencies Privacy Code
The Australian Government Agencies Privacy Code (the Code) was registered on 27 October 2017 and commences on 1 July 2018. The Code sets out specific requirements and key practical steps that agencies must take as part of complying with Australian Privacy Principle 1.2 (APP 1.2). It requires agencies to move towards a best practice approach to privacy governance to help build a consistent, high standard of personal information management across all Australian Government agencies.
OAIC: Freedom of information regulatory action policy
The OAIC is seeking public comment on an exposure draft of the Freedom of information regulatory action policy. The closing date for comments is 16 February 2018. Below are links to the draft Freedom of information regulatory action policy and the consultation information.
Consultation information: Freedom of information regulatory action policy
Consultation draft: Freedom of information regulatory action policy
OAIC: Notifiable Data Breaches (NDB) scheme
Data breach notification will become mandatory as of February 2018 for all Australian entities required to comply with the Privacy Act 1988. When Federal Parliament passed the Privacy Amendment (Notifiable Data Breaches) Act 2017 last year, it started a process that means from 22 February 2018, all entities covered by the Australian Privacy Principles will have clear obligations to report eligible data breaches within 30 days. More...
OAIC: What the Notifiable Data Breaches scheme means for schools
The Notifiable Data Breaches (NDB) scheme comes into effect on 22 February 2018, and private schools and private tertiary educational institutions across Australia will be required to comply. More...
OAIC: Retailers mandatory data breach reporting obligations from 2018
From 22 February 2018, retail businesses with an annual turnover of $3 million or more, or that trade in personal information, will be required to comply with the Notifiable Data Breaches (NDB) scheme. It is important to understand your obligations under the NDB scheme before commencement on 22 February 2018 - find out more, and start preparing for the scheme, with our draft NDB resources. More...
OAIC: IC review procedure direction
The Australian Information Commissioner has issued a written direction under s 55(2)(e)(i) of the Freedom of Information Act 1982 as to certain procedures to be followed in Information Commissioner (IC) reviews. The Direction applies to agencies and ministers during IC reviews and preliminary inquiries prior to the commencement of an IC review. The Direction has been published on the OAIC’s website and takes effect from 26 February 2018.
OAIC: FOI regulatory action policy - exposure draft
The OAIC has developed a new policy document that outlines and explains the Australian Information Commissioner’s approach to exercising freedom of information (FOI) regulatory action powers. The policy should be read together with the Guidelines issued by the Australian information Commissioner under s 93A of the Freedom of Information Act 1982 (FOI guidelines).The exposure draft of the policy has been published on the Consultations page on the OAIC’s website. Comments on the readability and accessibility of the policy can be provided to the OAIC by 16 February 2018.
Submission: Realising the Right to Equality
This submission responds to the Modernisation of the Anti-Discrimination Act Discussion Paper (Discussion Paper) released by the Department of the Attorney-General and Justice in September 2017 regarding the modernisation of the Anti-Discrimination Act (the Act) (31 January 2018). More...
Submission: Secrecy offences: the wrong approach to necessary reform
The Human Rights Law Centre has told a parliamentary committee about the serious concerns raised by the new criminal offences for handling government information, concluding that the proposed regime has no place in a healthy democracy, in which open government and the freedom to scrutinise government must be maintained (23 January 2018). More...
AAT Bulletin
The AAT Bulletin is a weekly publication containing a list of recent AAT decisions and information relating to appeals against AAT decisions:
Issue No. 3/2018, 29 January 2018
Issue No. 2/2018, 22 January 2018
Judiciary Amendment (Commonwealth Model Litigant Obligations) Bill 2017
On 7 December 2017 the Senate referred the Judiciary Amendment (Commonwealth Model Litigant Obligations) Bill 2017 to the Legal and Constitutional Affairs Legislation Committee for inquiry and report by 8 May 2018. The deadline for submissions to the inquiry is 28 February 2018. More...
The adequacy of existing offences in the Commonwealth Criminal Code and of state and territory criminal laws to capture cyberbullying
On 7 September 2017 the Senate referred the below matter to the Legal and Constitutional Affairs References Committee for inquiry and report by 29 November 2017. On 19 October 2017 the Senate extended the committee's reporting date to the last sitting day in March 2018, which is 28 March 2018. More...
Joint Protocol to reduce the contact of people with disability with the criminal justice system
The NSW Ombudsman’s office has developed a Joint Protocol for disability services and police. The Joint Protocol aims to reduce the frequency of police involvement in responding to behaviour by people with disability living in supported accommodation. This will facilitate collaboration between police and residential services for a coordinated approach (29 January 2018). More...
Community to have its say on ancient mercy law
Attorney General Mark Speakman has called for public submissions on whether petitions for mercy and their outcomes should be made publicly available. The review will deliver its recommendations to the NSW Government by 6 April 2018. Anyone interested in making a submission should do so by close of business 9 February 2018. To lodge a submission to the review, please visit the NSW Government Have Your Say website.
ICAC: Prosecution briefs with the DPP and outcomes
Tables of prosecution briefs with the DPP and outcomes. Last updated 31 January 2018. More...
Published - articles, papers, reports
The new Senate voting system and the 2016 election
Damon Muller; Parliamentary Library (Australia): 25 January 2018
This research paper outlines the recent history of Senate electoral reform in federal elections, including examining the reasons for the most recent changes to the Senate voting system. More...
Freedom of speech and political communication in Australia
Gideon Rozner; Institute of Public Affairs: 30 January 2018
Freedom of speech is fundamental to a free society. Political communication is obviously an important mode of speech and accordingly, the laws and regulations that seek to restrict it are inherently concerning. More...
Report on government services 2018: Justice
Steering Committee for the Review of Government Service Provision; Productivity Commission: 25 January 2018
The justice sector services aim to contribute to a safe and secure community and promote a law abiding way of life. More...
Australian Electoral Commission’s procurement of services for the conduct of the 2016 federal election
Australian National Audit Office: 22 January 2018
This audit was conducted to assess whether the Australian Electoral Commission appropriately established and managed the contracts for the transportation of completed ballot papers and the Senate scanning solution for the 2016 federal election. More...
OAICnet 02 February 2018
In this issue: Welcome to 2018; IC review procedure direction; FOI regulatory action policy - exposure draft; Upcoming events; Key dates; OAIC careers; IC review decisions; Safer Internet Day; Notice about a representative complaint. More...
Cases
Liristis v State of New South Wales [2018] NSWSC 39
ADMINISTRATIVE LAW - declaratory relief - applicant in custody - access sought to computer equipment - requirements for a fair trial - undertakings given - orders made.
Alameddine v Roads and Maritime Services [2018] NSWCATAD 22
ADMINISTRATIVE REVIEW - Passenger Transport - Private hire vehicles - Refusal of applications for authorisation as driver of private hire car and driver of taxi-cab under Passenger Transport Act 1990 - Commencement of new legislation - Whether Tribunal still has jurisdiction to review decisions made under Passenger Transport Act.
Wattie v Industrial Relations Secretary [2018] NSWCA 5
PRACTICE - appeal - stay - balance of convenience - interests of justice - no question of principle.
Denise McKay v Department of Family & Community Services [2018] NSWSC 44
INDUSTRIAL LAW - appeal from decision of Commissioner of Industrial Relations Commission dismissing an appeal against termination of employment of a government sector employee - appeal to Supreme Court limited to questions of law alone - whether findings of fact made by Commissioner for which no evidence - whether Commissioner failed to apply “Briginshaw standard” - whether inadvertence in one’s private life to criminality constitutes “misconduct” for the purposes of s 69 of the Government Sector Employment Act 2013 (NSW)- appeal upheld - matter remitted to Industrial Relations Commission for making of ancillary orders.
Walker v Government Service of New South Wales State Transit Authority Division [2018] NSWSC 30
COSTS - party/party - bases of quantification - ordinary basis - indemnity basis - specified gross sum cost orders - offers of compromise/Calderbank offers - where plaintiff did not accept genuine offer.
Fisher v Transport NSW [2018] NSWSC 17
ADMINISTRATIVE LAW - judicial review - grounds of review - extraneous or improper purpose - whether failure to apply relevant standard - failure to take into account relevant consideration - procedural fairness -apprehended bias - failure to inquire - errors in fact finding process - Wednesbury unreasonableness - whether ADT erred in affirming the decision to suspend and cancel driver authority under Passenger Transport Act 1990 (NSW) - summons dismissed.
Application of Fairfax Media Publications Pty Ltd; NSW Crime Commission v Yucel [2017] NSWSC 1779
MEDIA AND COMMUNICATIONS LAW - application by media outlet for access to file - proceedings originally heard in closed court - open justice - fair and accurate coverage of court proceedings - risk that publication will affect future proceedings.
Legislation
NSW
Regulations and other miscellaneous instruments
Drug Court Amendment (Eligibility Criteria) Regulation 2018
(2018-15) - published LW 25 January 2018.
Disclaimer
The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this publication is accurate at the date it is received or that it will continue to be accurate in the future. We are not responsible for the information of any source to which a link is provided or reference is made and exclude all liability in connection with use of these sources.
Published by: