APRA's focus on cybersecurity

APRA speech by Geoff Summerhayes in late 2020 on APRA’s current focus on cybersecurity: https://www.apra.gov.au/news-and-publications/executive-board-member-geoff-summerhayes-speech-to-financial-services

Flight Centre's Privacy Act breach

Flight Centre organised a hack-a-phon in 2017, and gave those participating access to real customer data.  This resulted in a breach of the Privacy Act.

Decision here: https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/AICmr/2020/57.html

New Californian Privacy Law: CPRA to effectively replace CCPA

On U.S. Election Day, 3 November 2020, voters in the State of California overwhelmingly voted in favour of Proposition 24—a ballot measure that creates the California Privacy Rights Act (CPRA). The CPRA revises and expands the California Consumer Privacy Act (CCPA), creating new industry requirements, consumer privacy rights and enforcement mechanisms. 

The CPRA's new obligations for businesses will come into effect on 1 January 2023.  At that time, the CPRA will effectively replace the CCPA.  In the meantime, the CPRA requires that a new California privacy agency be established and that it adopts implementing regulations.

Telstra ordered to help identify critic of doctor

Posting anonymous reviews to defame someone is risky.

Telstra has been ordered to provide documents to a doctor so that the doctor can assist identify someone who supposedly defamed him.

See this recent Federal Court decision:  Colagrande v Telstra Corporation Limited [2020] FCA 1595

Telstra did not appear at this court hearing.

This is similar to this case against Google:  http://www.cyberspac.com/2020/03/google-sued-again-for-identity-of-users.html and also these cases:

Kukulka v Google LLC [2020] FCA 1229

Kabbabe v Google LLC [2020] FCA 126 

Titan Enterprises (Qld) Pty Ltd v Cross [2016] FCA 1241 (patent attorney ordered to hand over file)

Titan Enterprises (Qld) Pty Ltd v Cross [2016] FCA 890 (written by Justice Edelman, now on the High Court)

Defamation for Facebook posts

A wedding planner has won a 'landmark' court case against consumers who made defamatory comments about her business on social media.

Tristan Moy, 33, from Brisbane, moved to Indonesia in 2014 to run a business arranging weddings in Bali for Australian tourists. 

But she suffered 'hurt and humiliation' when two Australian women began posting salacious comments about her and her business on Facebook in 2017.

They included accusations Ms Moy was unprofessional, bullied her clients and would try ruin her client's weddings.

https://www.dailymail.co.uk/news/article-8948725/Two-trolls-ordered-pay-150k-defamatory-comments-Facebook.html

See also this old Fordham article

Australia follows US in respect of patent exhaustion

 See this article regarding the recent Seiko case in the High Court of Australia

https://www.kwm.com/en/au/knowledge/insights/patent-rights-on-sale-high-court-reverses-20201113

New Domain Name Rules for Australia

A new set of rules for .au domain names will come into effect on 12 April 2021.

auDA, the domain name regulator, states:  "This new licensing framework helps maintain trust in the .au ccTLD, offers clearer guidance for registrants and registrars, and enhances auDA’s role as the guardian of a key piece of Australia’s digital infrastructure."

The new rules consolidate the more than 30 policies and guidance notes that currently govern the .au domain and consist of two key documents:

.au Domain Administration Rules: Licensing - The terms and conditions for .au domain name licences including the complaints and dispute resolution processes.

.au Domain Administration Rules: Registrar - Rules for companies providing .au domain name registration services that have been accredited by auDA.

The new licensing rules are based closely on the current rules but contain some changes that may impact a small number of registrants. You can read about these changes on our new website.  These new rules were not reviewed by the Policy Review Panel.

Launch dates are yet to be set for id.au namespace, .au namespace and Internationalised Domain Names.

APRA's cybersecurity strategy

APRA is stepping up its focus on CPS234 in 2021.  This is not a surprise.  The Australian government has a strong focus on cybersecurity (and Defence, and foreign influence).

https://www.apra.gov.au/news-and-publications/executive-board-member-geoff-summerhayes-speech-to-financial-services

AI and human rights

https://humanrights.gov.au/our-work/rights-and-freedoms/publications/using-artificial-intelligence-make-decisions-addressing

The Australian Human Rights Commission released a paper today on AI, bias and fairness.  It is worth reading.

Fraudulent Invoice Scams

A Sydney hedge fund has collapsed after a cyber attack saw its trustee and administrator mistakenly approve $8.7 million in fraudulent invoices.  Scammed by a fake Zoom invite.

The scam, the latest in a series of strikes by offshore criminal gangs against Australian fund managers, has also ensnared ANZ after the bank failed to stop almost $800,000 being withdrawn from an account linked to the cyber criminals.

 

https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c