labour.org.nz | Facebook | Twitter | Red Alert Radio

Red Alert

Archive for the ‘privacy’ Category

Privacy Bill to be Debated

Posted by on May 16th, 2013

Today, my Bill to give more tools to the Privacy Commissioner to deal with privacy breaches was drawn from the members’ ballot.
The Bill gives the Privacy Commissioner the ability to undertake investigations into agencies and require them to become compliant with the Act.
Currently the Privacy Commissioner can only act on complaints from individuals – the Bill would allow her to instigate investigations and require information-handling audits.
It is timely, given the huge number of embarrasing privacy breaches happening under this Government.
From ACC to EQC, through to the deliberate privacy breaches committed by Minister Paula Bennett against two sole parents, the breaching of New Zealanders’ private information has been rife under National.
If they are serious are about addressing these issues, then they will support this Bill, as will other Parties across our Parliament.
Having had three bills drawn out of the ballot in the last 12 months, I’m keen to get to the races to see if I can pull off other trifectas!
Now, for my next bill….

Filed under: ACC, justice, members' bills, privacy, Uncategorized
2 Comments

Should notification of data breaches be mandatory?

Posted by on April 3rd, 2013

The Privacy Commissioner Marie Shroff last week told us that public trust is being eroded by government sector breaches. She said  government agencies have huge databases of information which the public is forced to provide, and in return they need to look after that information properly and that public sector agencies needed to have stronger controls in place when handling spread sheets of personal information.

Last year she warned us that the public sector can’t afford to be complacent. It’s quite clear that agencies holding large amounts of personal information need to place greater value on that information asset. They need to develop strong leadership and a culture of respect for privacy, as well as day to day policies and practices to provide trustworthy stewardship of our personal information at every level of the organisation. There has been far too little focus on the fact that there are real people behind the masses of information that government agencies hold.

Data breach notification isn’t currently required by law, but the Law Commission recently recommended that it should be made compulsory where breaches put people at risk. That would bring New Zealand law into line with practice overseas.

The private sector has warned repeatedly that New Zealand has a major problem with information security, and a strategy released late last year by a group of  IT security professionals said that although technological innovation is high within the New Zealand market, the national spend on educating, training, and developing skilled technical personnel is surprisingly low, creating an imbalance and directly contributing to the fragility and vulnerability of our nation’s IT systems. If that is not a significant warning, I do not know what is.

Last week the chief executive officer of the  Institute of IT Professionals, Paul Matthews, said that the Earthquake Commission had failed Security 101 and that it was  mickey mouse stuff that such sensitive information could be sent so easily to an outside person.

We are daily finding out about more data breaches, which indicates that they are commonplace.

The solutions aren’t off the shelf, but the Government’s refusal to treat the breaches as systemic, requiring the highest attention is very concerning.

The reason for many breaches will no doubt lie in the way each department and agencies IT systems have grown. Privacy and security systems are unlikely to have been built into these systems from the very beginning. Many issues can be resolved through training people using the systems in simple procedures to protect data. IT solutions exists to provide password protected spreadsheets being sent out as attachments and sometimes to prevent email attachments fullstop.

An across government response is required with a Chief Technology Officer with clout responsible to the Prime Minister. Our approach to information security is 20th century and inexcusable. I fear the public service is ill resourced to deal with the ongoing breaches we have faced and will face.

Instead, we have a Prime Minister who shrugs his shoulders and dismisses the breaches as “inevitable, human error and a trade-off”. He may rue those remarks.

NB: have attempted to contact Threat Toons for copyright permission. But have repeatedly been blocked from accessing their site. Might be the title. Happy to continue trying

Tags: ,
Filed under: comms & IT, digital, privacy
4 Comments

10 questions for Hekia Parata

Posted by on August 17th, 2012

There are still a lot of unanswered questions about Hekia Parata’s practice of dobbing in teachers who write to her to complain about government policy to their board of trustees. Fortuitously have an ability to ask them of her! Today I’ve lodged the following Written Parliamentary Questions. I’ll post the answers when I get them here on Red Alert.

  1. How many letters did she receive expressing concern about her government’s plan to increase class sizes?
  2. How many letters did she receive from teachers expressing concern about her government’s plan to increase class sizes?
  3. How many of her responses to letters she has received from teachers expressing concern about her government’s plan to increase class sizes were sent to the Board of Trustees that employs the teacher concerned?
  4. Is it her policy to send replies to any correspondence she receives from teachers to the Board of Trustees that employs the teacher, if so, why?
  5. How many letters did she receive from teachers expressing concern about her government’s plan to increase class sizes where the teacher did not identify the school that they work at, and how many of those teachers received a direct response?
  6. How many letters did she receive from teachers expressing concern about her government’s plan to increase class sizes where the teacher did not identify the school that they work at, and how many of her responses to those letters were sent to that teacher’s employer?
  7. If she sent a reply to a letter from a teacher who did not identify the school they work at to the Board of Trustees that employs the teacher, how did she identify which school board to send the letter to?
  8. Who prepared her replies to letters she received from teachers expressing concern about her government’s plan to increase class sizes?
  9. Did any of the people involved in preparing her replies to letters she received from teachers expressing concern about her government’s plan to increase class sizes access any government database or record system to identify the school the teacher worked at?
  10. Why did she send replies to letters she has received from teachers expressing concern about her government’s plan to increase class sizes to the Board of Trustees that employs the teacher concerned?
Tags: , , , , ,
Filed under: education, privacy, Teachers
12 Comments

Not sure I like the sound of this

Posted by on October 11th, 2010

Government licensing access to the internet. If your computer is thought to be “infected” you get shut down til it is cleansed. A Microsoft executive put up the idea during last week in the US using a health scare (an epidemic or pandemic) as the analogy.

Not sure I like the sound of this. Particularly in the light of discussions around open government and the importance of and need for access to the internet by the population.

But I need to do more research on it. So shall not take a hard and fast view yet.  Privacy issues and cybersecurity keep being raised with me in discussions with a range of tech people across the spectrum.

This is one of the big issues. Keen for your thoughts.

Here’s one take on what Microsoft said

Here’s another :

A new proposal by a top Microsoft executive would open the door for government licensing to access the Internet, with authorities being empowered to block individual computers from connecting to the world wide web under the pretext of preventing malware attacks.

Speaking to the ISSE 2010 computer security conference in Berlin yesterday, Scott Charney, Microsoft vice president of Trustworthy Computing, said that cybersecurity should mirror public health safety laws, with infected PC’s being “quarantined” by government decree and prevented from accessing the Internet.

“If a device is known to be a danger to the internet, the user should be notified and the device should be cleaned before it is allowed unfettered access to the internet, minimizing the risk of the infected device contaminating other devices,” Charney said.

Charney said the system would be a “global collective defense” run by corporations and government and would “track and control” people’s computers similar to how government health bodies track diseases.

Invoking the threat of malware attacks as a means of dissuading or blocking people from using the Internet is becoming a common theme – but it’s one tainted with political overtones

Tags: ,
Filed under: #OpenLabourNZ, civil liberties, comms & IT, internet, privacy
33 Comments

Our private parts… are they?

Posted by on January 12th, 2010

On 9 January, the guy who started Facebook did a public U turn on the site’s privacy policy which has created an online storm.

Facebook founder Mark Zuckerberg told a live audience that if he were to create Facebook again today, user information would by default be public, not private as it was for years until the company changed dramatically in December. He says the age of privacy is over.

How private should the online information about us be? Whether we post it ourselves, or whether someone posts it about us.

Social networking sites like Facebook and the subscribers to those sites are confronting this issue. Read this open letter to the Huffington Post to give you an idea. Google it to read more.

The privacy of our information is a huge issue. Data privacy is key policy ground for governments around the world. There are shifting meanings for what is public and private. But I would contend there is still very much a need and desire by people to keep control of information about themselves. Which seems to me, to be the important principle.

Not sure what right Facebook’s founder has to make a decision on behalf of 350 million subscribers that they don’t care about privacy.

This is important stuff for policy makers and legislators as well as companies.

Tags:
Filed under: comms & IT, internet, privacy, Social media
32 Comments