Privacy Commissioner responds to privacy complaint

I finally heard back from the Office of the Privacy Commissioner about my complaint against the RSL club (to be fair, it may have been sitting in my PO Box for a while – I don’t check it as often as I should!). They said that the Privacy Act prevents them from investigating my complaint if I have not first complained directly to the organisation I am making the complaint against.

And although I have previously raised my concerns with the club, I thought I should tell them about the Privacy Commissioner’s letter and give them a final opportunity to respond. Read more

June 25, 2007 | Filed Under case study | Leave a Comment 

Privacy report - Google takes heat for Apple, Yahoo and others

The Google-focussed media frenzy following the release of a privacy report by Privacy International saying that Google is “leading a race to the bottom” must have Apple, Yahoo and the other companies analysed breathing a huge sigh of relief!

ZDNet, Australian IT, The Sydney Morning Herald and countless others have published stories about Google’s placement in the worst of six categories (and Google has refuted many of the claims, as expected). Which is understandable – the label “hostile to privacy” makes for a great headline. Read more

June 19, 2007 | Filed Under article | Leave a Comment 

Top 10 ways to prevent Identity Theft

Identity theft is a growing problem and the thieves are getting smarter. Follow these tips to help you stay one step ahead! More…

1. Pay at the till. Don’t let waiters or shop assistants take your credit card out of your sight when paying for a meal. They only need a second to swipe it through a gizmo and suck all the information off it (this is called ‘skimming‘). Go up to the till to pay instead.

2. Shred-it! Dispose of your bank statements, medicare correspondence, and other papers containing your personal information properly. If you work in an office, your company may have secure disposal bins. They’re like the big wheelie bins, but are padlocked closed and have a slit in the top to put your papers into. If not, consider investing in a shredder or, if that’s outside your budget, a packet of matches (yes – burning things is bad for the environment, but if you rip out your personal information from the piece of paper and just burn that, you’re minimising the risk – both to the environment and to you!).

3. Copy-wrong. Don’t let anyone photocopy your ID. Most of the time they just need to sight it. Sometimes they need to write down your ID reference number (e.g. your drivers license number). Many times when they want to take a photocopy of your ID they don’t really need to. If they insist, ask them if they’re aware of their obligations under the privacy act and get them to tell you what they are. If they can’t tell you, don’t trust them with your personal information.

4. Whose website is it? Before entering your credit card details into a website, check a couple of things: is it a reputable site? Is the site secured (is there a padlock in the lower-right corner?)

5. User profiles. When creating a user profile on social networking or other sites, don’t provide your address and phone numbers if they can be viewed by anybody who chooses to look. For example, if you enter those details when creating your skype account, anyone can view them – even before you’ve accepted them as a contact! Aside from leaving you open to contact by random freaks and weirdos, this makes for easy pickings for identity thieves.

6. Know your credit status. Banks and many other organisations use your credit file to help determine your credit-worthiness. Your credit file is updated every time you open a bank account, get a new credit card, or do anything else that affects your credit status. Sign up to receive an email every time your personal credit file changes. Then, if you (or an identity thief) open a bank account in your name, you will be sent an email. MyCreditFile offer this service for $30 per year. And yes – I know this one is ‘detection’ rather than ‘prevention’, but I think it’s important so I’m including it anyway!

7. Type it yourself. Never follow a link to your internet banking website. Type the URL in yourself, and check for typos before continuing.

8. Be ‘social engineering’ savvy. Only provide personal information over the phone if you initiated the call. If you receive a phone call from someone claiming to work for your bank and asking you to confirm your identity by providing your account number or other personal information – don’t give it to them. This is called social engineering and it’s one of the easiest ways for identity thieves to get hold of your personal details.

9. Boring but important: Network Security Software! Install anti-spyware and virus protection, and keep the signatures up to date and run them regularly. If you have a computer at work, chances are your company does this for you, but keeping your home computer safe may be your responsibility. Check out these free ones: Spybot Search and Destroy, Lavasoft Ad-aware, and Grisoft AVG.

10. Downloading files. Be careful when you download executables or any files off untrusted sites. If the site provides a checksum for the download, check that it matches (I’ll explain how to do that in a future post).

11. Limit the potential damage. Open a credit card with a low credit limit to use for internet transactions. That way if someone steals the details the amount of damage they can do is limited.

I know – that’s eleven – but squashing it down any further was impossible!

June 13, 2007 | Filed Under article | Leave a Comment