The Ashley Madison data breach had its enforcement postscript this month, with the dating website’s parent company agreeing to settle with privacy authorities by paying $US1.6 million.
For 20 years, I practiced law offering, among other things, a specialty in “information and privacy law”. Clients would come to me and say “we are thinking about doing X; Is that allowed under the Privacy Act?” My response was almost always “don’t ask me if you can do X, ask me how can we do X”.
“I was never ruined but twice: once when I lost a lawsuit, and once when I won one.” Voltaire’s words encapsulate the sharp reality that it can cost a lot of money for cases to be heard and decided in a court of law – even if you are the successful party. A recent Human Rights Review Tribunal case, for example, cost ACC just over $33,000.
The consequences of not sharing information in the social services sector can lead to worsening family violence and child abuse cases, and more training in the Privacy Act is needed for those who work in the community frontline, are some of the new findings from research by Methodist Mission Southern.
Have you ever been tempted to search your company’s database for information about your colleagues’ pay, promotions, employment disputes or performance? Or perhaps you have access to client databases which contain juicy information about customers’ purchase history and financial situation? Humans are inherently curious beings, but be aware that browsing other people’s private information is against the law.