MyCRA Specialist Credit Repair Lawyers

Tag: OAIC

Senate Enquiry Into Credit Repair In Australia [email]
[fusion_builder_container hundred_percent=”no” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” overlay_color=”” video_preview_image=”” border_size=”” border_color=”” border_style=”solid” padding_top=”” padding_bottom=”” padding_left=”” padding_right=””][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” border_position=”all” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” center_content=”no” last=”no” min_height=”” hover_type=”none” link=””][fusion_text columns=”” column_min_width=”” column_spacing=”” rule_style=”default” rule_size=”” rule_color=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=””]

Hi,

The [credit repair] Senate Enquiry into “Credit and financial services targeted at Australians at risk of financial hardship” just concluded its Brisbane Public Hearing and our Legal Practitioner Director Patrick Earl was in attendance.

MyCRA Lawyers 80 page submission to the Senate Enquiry (Go to this link, then page 4) is summed up on page one of our submission.

“Our fundamental submission is that credit repair work should be recognised as legal work by its very nature. Consequently, it would be reserved for lawyers, thereby being regulated in each state by the relevant legal regulatory body. Restricting credit repair work to lawyers would thereby address almost all of the complaints made about credit repair bodies.

There seems to be a commonly held belief that credit repair work is unregulated whereas, in our submission it is, it is legal in nature and should be limited to and regulated as work for lawyers. The regulations already exist and it only awaits the recognition of the nature of the work”

The Canberra public hearings are scheduled for tomorrow 24 Jan 2019

You can contact us on 1300 667 218

Graham

Links: The Sanity Space | SBAA | A.D.S. Law | Family Law Five | Online Referral Form | FAQ’s | View web version |

*******************************************************
Remember, until the end of January, anyone who uses this new simple form contained within the new page will save up to *58.6% off our Solicitors Standard Hourly Rate – so CLICK HERE give it a try today and don’t miss out on savings of up to 58.6%!
*******************************************************

PPS. I hope we have your Mobile number correct (None Supplied)
You might like to reply to this email with your up-to-date- contact details

Thanks

Warmest regards,
MyCRA Lawyers

Graham Doessel
Chief Executive Officer

Tel: 1300 667 218

*************************************
have a look at a few previous success stories (Case Studies)
*************************************

Links: Sanity Space | SBAA | ADS Law | Family Law FIVE | Referral Form | View web version |

If the phones are busy please keep trying, as these amazing saving will be snapped up fast, so don’t you be the one to miss out…

To help you decide, where we help you is…
1. If you have bad crèdit; and
2. If you want a clean crèdit rating in early 2019; and
3. If you want the safety, surety, and confidence of Lawyers; and
4. If you want the best value for your money,
Then doesn’t it make good sense to get started with MyCRA Lawyers? It does, doesn’t it?

*************************************
have a look at a few previous success stories (Case Studies)
*************************************

So, if your home loan was declined and you missed out on the perfect home because of your bad crèdit rating that no one told you could be fixed by MyCRA Lawyers, then looking back maybe you’d say you’d have paid anything to have the default removed right?

So rather than waiting for more bad news, why not get started on your credit repair with MyCRA Lawyers Now at our best value ever and let us do all the work so you can have a clean credit rating in 2019?

If you can recall, I’ve been helping people fix their credit ratings since 26 November 2009 (I tested the idea from September 2009 and registered the company 26 Nov 2009), so I believe I’ve got the most experience, knowledge and success in credit repair in Australia, in MyCRA Lawyers, and this is backed up by:
1. Our fastest Default Removal Resolution in just 17 minutes from our first email to the creditor to receiving confirmation that the default would be removed
2. Being able to prove our 91.6% Default Removal Resolution Success Rate
3. The growing number of glowing client reviews, and
This all means that MyCRA Lawyers has come to be known as the premium choice if you want your credit repaired properly, in the shortest possible time, and with the least amount of work required from you (we ask you a few questions and then seek the information from your creditor, and do everything for you)

So if you want your credit repaired properly, in the shortest time, and now (until Thursday 31 January 2019 at 5pm QLD time) at the lowest lawyer rate in Australia, call MyCRA Lawyers NOW on 1300 667 218 and ask to get started NOW

Oh, I almost forgot to tell you how we worked out how to do it …

We have deconstructed our 9 years of success and reassembled it into 4 distinct stages
1. Investigation
2. Review
3. Complaint
4. Escalation
*************************************
have a look at a few previous success stories (Case Studies)
*************************************

We discovered that a large number of our clients get their defaults removed in the initial investigation stage

because by now most creditors know about MyCRA Lawyers long-standing reputation to keep working until the default is removed,

and because there is every chance we have successfully beaten your creditor many times by now, they will often make a commercial decision to remove the default sooner than later

because they know when you choose MyCRA Lawyers to represent you,

you’ll probably be successful anyway, and it makes no sense for them to waste money fighting a fight they will most likely lose anyway.

So in Stage One: (Other clients are normally billed over $2000 for this first stage)
1. You will get started TODAY by getting your verbal agreement to save you valuable time to ensure you don’t miss out on this amazing saving
2. We will open your file
3. We will Conduct a full and in-depth review of your credit files from at least two Credit Reporting Bodies (we can get the credit files if you don’t have them already)
4. We will ensure your safety and draft a full client agreement and disclosure notice specific to you and your matter and email it out to you for your records
5. You will answer a few questions to give your dedicated Lawyer as much information as you can remember
6. We will research the specifics of your creditor
7. We will compile the years of historical knowledge about your creditor from all previous cases against your creditor (our previous clients and court cases)
8. We will Draft the initial contact letter to your creditor (awaiting the return of your signed authority by email) to include the relevant information that will best help have your default removed in the shortest possible time
9. We will send your initial contact letter to your creditor after it has been reviewed by our Senior Partner Mr Patrick Earl (Most Senior and Most Respected Lawyer in our Firm) as a final quality assurance check.
10. We will chase and follow up your creditor for a default removal resolution
11. We will keep you informed every step of the way for your peace of mind
*************************************
have a look at a few previous success stories (Case Studies)
*************************************

So, if you can see the value of getting started now, please stop what you are doing, pick up your mobile right now and press 1300 667 218 right now to speak to one of my team, or leave a message to have one of my team call you back (in the order the calls are received so get in fast) and remember, if the lines are busy, please keep trying and call back on 1300 667 218 now.

Welcome to 2019!

Graham

***********************************************

More about Graham Doessel

Proudly Supporting
The Sanity Space
Foundation

National Sponsor of
The Small Business
Association Of
Australia

Armstrong Doessel Stevenson
LAWYERS
Family Law
Commercial Litigation
Debt Collection

DOWNLOAD Our
Family Law FIVE
Brochure

I’m Graham Doessel, the Founder and CEO of MyCRA Specialist Credit Repair Lawyers.

I’m a Dad, Grandad, Husband and a Small Business Owner.

For years I’ve struggled with the balance between sharing personal info about me, and being the ‘Professional Business Owner’.

Then I discovered a simple truth, an a-ha moment that has just today made me realise that I need to share more with you than I ever have before, so here we go, first…

BUSINESS
1. MyCRA Lawyers is more expensive; but
2. You get a certified Practicing Lawyer removing your default when you choose MyCRA Lawyers; and
3. Most defaults are removed in 30 days or less; with almost a 1/3 getting their removal resolution in just 7 days or less
(If you act now, you might qualify to engage the Best for less than you pay an unlicensed credit repair agency)

(So, do your research, check out the unlicensed credit repair agencies and their outlandish and unsubstantiated claims [they’re popping up everywhere like weeds in the garden], and then do what most people do, and choose the safe [and legal] path and ask MyCRA Lawyers to consider removing your default for you)
1. Call 1300 667 218 right now; and
2. Get started from as little as $1497 today; and
3. You could have clean credit before you know it!
PERSONAL
1. I find it hard to talk about myself
2. I hide away from people and I set up my office in the storeroom
3. My Wife Helen keeps me sane, and giving my kids Steph, Cory and Joel better opportunities than I had are why I work such crazy long hours
4. I am a cancĕr survivor (9 years now)
5. I am FBAA’s Vice President for QLD and NT
6. I am a JP Qualified
7. I am a Law Student
8. I was Scared Sh*tless when Steph (my Daughter) said I was going to be a Grandad – And I resisted because I saw Grandparents as OLD, and I was in my 40’s
9. I was a Mortgage Broker from 1997 to 2010
10. I closed it [mortgage now] down after being diagnosed with (and beating) cancĕr
11. I reregistered as a broker in 2016 so I could keep my CPD up so I better understand what my referring brokers are going through and help them with non-conforming scenarios.
12. I don’t know what else to write about…
*************************************
have a look at a few previous
success stories (Case Studies)
*************************************

Call my team on 1300 667 218 today, you’ll be glad you did!* The up to 58.6% saving is the difference between 15 hours at our Solicitors Standard Hourly Rate and MyCRA lawyers Unique fixed fee credit repair option calculation that you may qualify for if you complete the form.

With warm regards,
MyCRA Lawyers

Graham Doessel
Chief Executive Officer
Legal Practice Holdings

Tel: 1300 667 218

You are subscribed as lawyers@mycralawyers.com.au email address. MyCRA Lawyers Credit Reporting services are relevant to you as a potential a) client having enquired about our services, b) mortgage or finance broker. Your details were sourced from your records on our database and given your role within the organization, and the service we provide is relevant to you or your business, and that if your email address used here is publicly listed and available, and there is no accompanying message requesting the email address not be used, this email is not spam. For more information, please see the Spam Act 2003 (Cth) Schedule 2 – Consent s4 When consent may be inferred from the publication of an electronic address. | To unsubscribe, click the link

Legal Practice Holdings Pty Ltd ta MyCRA Lawyers – 246 – 256 Stafford Road, Stafford, Qld.4053 | Tel: 1300 667 218

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]
06/03/2019
MyCRA Lawyers Submission To The Price Waterhouse Coopers Three Year Review Of The Credit Reporting Code
[fusion_builder_container hundred_percent=”no” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” overlay_color=”” video_preview_image=”” border_size=”” border_color=”” border_style=”solid” padding_top=”” padding_bottom=”” padding_left=”” padding_right=””][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” border_position=”all” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” center_content=”no” last=”no” min_height=”” hover_type=”none” link=””][fusion_text columns=”” column_min_width=”” column_spacing=”” rule_style=”default” rule_size=”” rule_color=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=””]

Read our entire submission on the Privacy Commissioner’s website HERE, but in short,

MyCRA Lawyers submission to the Price Waterhouse Coopers Three Year Review of the Credit Reporting Code

detailed several areas of concern.

The main focus of this post is the alleged unlawful listing of Court data on an Individual’s Credit File.

The Privacy Act (1988) s6N(k) states:

“Credit information about an individual is personal information (other than sensitive
information) that is:

(k)publicly available information about the individual:

(i)that relates to the individual’s activities in Australia or the external Territories and the
individual’s credit worthiness; and

(ii)that is not court proceedings information about the individual or information about the
individual that is entered or recorded on the National Personal Insolvency Index; …“

It is our opinion that it is unlawful, misleading and deceptive conduct to list court proceedings on an Individual’s credit reports.

If I can ask you to just imagine for a moment, that:

You and your neighbour are discussing erecting a new fence between your properties.

The discussions break down when your neighbour demands you pay 10 times the cost to replace the fence with something similar because your neighbour wants a very fancy, unrealistic, and unnecessarily expensive fence. (or any type of financial dispute between two parties)

Next thing you know, you go to refinance your home only to discover your credit rating has been smashed because of a Court Action being listed.

You investigate to find that your neighbour filed proceedings in the local Magistrates Court for what you believe is vexatious in nature. You have no record of being served, you have not been to Court but your financial reputation is in ruins…

Just suing someone (proceedings commenced) doesn’t prove anything about their claim, let alone their creditworthiness. A Court Judgment is a more reliable indicator. That is probably why the Privacy Act (1988) specifically allows Court Judgments to be recorded.

******************************************************************
Read our entire submission on the Privacy Commissioner’s website HERE
******************************************************************

This is what is probably happening to thousands of people just like you every day – And It Needs To Stop!

MyCRA Lawyers is constantly working in the background to identify and correct Credit Reporting [related] Legislation inequities on behalf of Australian Consumers and Businesses.

This one action could help tens of thousands of hard-working Aussies dramatically improve their credit standing and credit scores without ever even knowing who MyCRA Lawyers is, or what we’ve done for them.

If you have any immediate concerns or black marks you need to have removed from your credit file, please call my team on 1300 667 218 and we’ll guide you through your options, what you need to do now, and how soon your black mark is likely to be erased completely.

What You Need To Do NOW [IMPORTANT]
1. Get a copy of your Illion AND Equifax credit files NOW – BEFORE the change
2. Keep a printed copy of both credit files (plus your PDF in your email)
3. Talk to MyCRA Lawyers (once the change is official) about potential compensation
I will publish further details on our website once the change is official.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]
20/02/2019
Is Your Privacy Policy Compliant
Really? Are You Sure? (Online & Offline?)

Is your Privacy Policy compliant with the major reforms to the Privacy Act 1988 (Cth) that came into effect on 12 March 2014 ?

Under the new reforms, the Privacy Commissioner has much stronger and far broader reaching powers to enforce compliance with the Privacy Act, which includes fines of up to $340,000 imposed on individuals and $1.7 million on corporations for serious or repeated breaches.

The Privacy Commissioner has stated that “he will not shy away” from using these new powers.

One of the new requirements is that all business organisations must have an up to date Privacy Policy that complies with the new Australian Privacy Principles (APPs) contained in the Privacy Act and that an organisation’s Privacy Policy is made freely and readily available to the public.

Don’t make yourself an easy target for the Privacy Commissioner. Take immediate steps to update your Privacy Policy NOW !

MyCRA Lawyers are experts in privacy law and we can provide you with a new privacy policy that is fully compliant with these reforms.

Here are some “MUST HAVE’s” in your new Privacy Policy:
- Specify the personal information to be collected by you;
- Specify how that personal information is to be collected and how it is to be stored or held;
- Specify the purpose for which that personal information is collected;
- Explain how an individual can access their personal information;
- Explain how an individual can correct any inaccuracies;
- Explain how an individual can make a complaint and specifically how that complaint will be handled;
- Whether you are likely to disclose their information to overseas recipients, and if so, the countries the recipients are to be located.
Depending on your needs and budget, we can provide you with a basic but compliant privacy policy or one that is specifically tailored and customised to the needs of your particular business.

We can also assist you by providing a compliance checklist and if required, undertake a complete internal audit of your current systems and processes for handling personal information, to ensure that they comply with the revised Privacy Act requirements.

To enquire about MyCRA Lawyers range of Privacy Policy Compliance products and services, please pick up the phone NOW and call MyCRA Lawyers on 1300 667 218 – We can help you avoid the massive trauma a fine from the Privacy Commissioner may cause.

Justin Russom
Privacy Law Solicitor
MyCRA Lawyers
23/05/2014
Privacy Awareness Week 2014: Protecting the Privacy of Your Customers

There has never been a more important time in business to consider the privacy of your customers. Personal information is more accessible than ever before, and with that, comes the need to create and define boundaries around personal information in the private sector. New laws have just been implemented which expand the scope of privacy law in Australia. This it seems is not merely being ‘over-cautious’ with privacy. A recent survey on identity crime shows it has officially become one of the more common crimes in Australia. Results from a survey of 5,000 Australians on their experiences of identity crime and misuse conducted by the Australian Institute of Criminology (AIC) on behalf of the Attorney-General suggest identity crime directly affects around 1 million Australians each year.

The survey has found almost 1 in 10 people experienced misuse of their personal information in the previous 12 months, and 1 in 5 people experienced misuse of their personal information at some point in their lives, with 5% of people experiencing identity crime or misuse resulting in a financial loss in the previous 12 months. Identity theft can impact the finances and the credit rating of victims. If your business handles personal information, this Privacy Awareness Week 2014, with its emphasis on education of Australia’s new Privacy Laws, is a good time to ensure you are meeting your responsibilities to consumers and to your business around Privacy, particularly if your business has obligations under the Privacy Act 1988 (Cth).

By Graham Doessel, Non-Legal Director of MyCRA Lawyers www.mycralawyers.com.au.

With the emphasis on privacy protection in Australia’s new Privacy Laws, businesses which handle personal information are required to update their Privacy Policies and possibly their systems to fall in line with new changes. Under the new privacy law the IPPs and NPPs has been replaced by the new, unified, Australian Privacy Principles (APPs) – these will apply to businesses with a turnover of at least $3 million, as well as government agencies. This is just one of the many significant changes to the Privacy Act 1988 (Cth).

The Federal body which handles Privacy in Australia, the Office of the Australian Information Commissioner (OAIC) has previously suggested some basic questions for businesses to prompt further investigation if necessary into possibly obligations under the Privacy Act 1988 (Cth).

• Does your business or agency handle personal information? There are some changes to what constitutes personal information under the Privacy Act

• Do you need to review your business or agency’s privacy policy? You should have an up-to-date policy that is reviewed regularly. The new laws set out some requirements for privacy policies

• Do you need to review your business or agency’s outsourcing arrangements? You will need to do this particularly if you are sending personal information overseas.

• Do you use direct marketing to reach your customers? If you do, you will need to provide an easy way for people to opt-out of receiving these communications. There are some new rules in the area of direct marketing

• Does your business or agency receive unsolicited personal information. There are some new rules on how to handle this information

• Do your information security systems need to be reviewed and updated?

On Monday, the OAIC launched ‘A guide to developing an APP privacy policy’ to assist organisations and agencies meet this challenge. The Guide sets out a step-by-step process for developing privacy policies and a helpful checklist. There are also a number of tips to ensure that privacy policies are accessible and clearly expressed.

The OAIC also launched ‘A revised Guide to undertaking privacy impact assessments.’ A Privacy Impact Assessment (PIA) is an assessment tool that ‘tells the story’ of a project from a privacy perspective. PIAs analyse the possible privacy impacts on individuals’ privacy and recommend options of managing, minimising or removing these impacts. PIAs are one way of building an organisational culture that respects privacy while also minimising the risk of data breach which can result in reputational damage and a range of other costs.

What else can businesses do to ensure it is creating a culture of respect for Privacy of its customers?

Privacy and your business

Good privacy practice is important for more than just ensuring compliance with the requirements of the Privacy Act. If an entity mishandles the personal information of its clients or customers, it can cause a loss of trust and considerable harm to the entity’s reputation. Additionally, if personal information that is essential to an entity’s activities is lost or altered, it can have a serious impact on the entity’s capacity to perform its functions or activities.

It is important for entities to integrate privacy into their risk management strategies. Robust information-handling policies, including a privacy policy and data-breach response plan, can assist an entity to embed good information handling practices and to respond effectively in the event that personal information is misused, lost or accessed, used, modified or disclosed without authorisation. (OAIC Guide to Information Security)

There is a large amount of help in the OAIC’s Privacy Business resources section on their website, including a Privacy checklist for small businesses.

It is important businesses don’t leave privacy to chance. Possible ramifications of not protecting personal information can be that customers are left embarrassed, distressed, or potentially financially affected. In the case of identity theft, where personal information is used to assume the identity of the victim, there is a grave potential for credit to be taken out in the vicitm’s name. Their credit rating can be destroyed for 5 to 7 years due to defaults they haven’t actually incurred themselves. Click here to find out more about the ramifications of identity theft on the credit rating. (Article courtesy of MyCRA Credit Repair).

Under the amended laws, the Privacy Commissioner has been given enhanced powers to conduct assessments of privacy performance for government agencies and businesses, as well as the ability to accept enforceable undertakings and importantly, to seek civil penalties in the case of serious or repeated breaches of privacy.

MyCRA Lawyers is an Incorporated Legal Practice focused on credit file consultancy and credit disputes. MyCRA Lawyers means business when it comes to helping those disadvantaged by credit rating mistakes.

MyCRA Lawyers is a proud partner for Privacy Awareness Week 2014.

Link to see more on the AIC Survey on Identity Theft and Misuse in Australia

Image 1: pakorn/ www.FreeDigitalPhotos.net

Image 2: Stuart Miles/ www.FreeDigitalPhotos.net

08/05/2014
Privacy Awareness Week 2014: New Privacy Laws and You

MyCRA Lawyers is a proud partner for Privacy Awareness Week (PAW), held 4-10 May 2014. Privacy Awareness Week is held every year to promote awareness of privacy issues and the importance of the protection of personal information. This year is focused on our new Australian Privacy Laws, which came into force on 12 March 2014. Find out about how Privacy Laws may affect you and your credit rating, this week during PAW.

By Graham Doessel, Non-Legal Director of MyCRA Lawyers www.mycralawyers.com.au.

In an age of increasing accessibility of personal information, privacy is growing ever more important, and more valued for Australians. According to a recent survey by the Office of the Australian Information Commissioner (the federal Australian Government body responsible for privacy in Australia), a third of Australians reported they had a privacy problem in the last year. In addition, 60% of Australians decided not to deal with a private business and 25% have decided not to deal with a government agency due to concerns as to how their personal information will be used.

Australia’s new privacy laws were the most significant changes to privacy laws in over 25 years, affecting a large section of the community. The changes to the Privacy Act 1988 include a new set of Australian Privacy Principles that regulate how your personal information is handled and new enforcement powers for the Office of the Information Commissioner (OAIC).

One of the aims of the new privacy laws is to ensure that your personal information is managed in an open and transparent way.

Here are some tips provided by the OAIC during PAW, to help you protect your personal information:

• Know your privacy rights

• Read privacy policies and notices

• Always ask why, how and who — this will help you to know how your personal information is going to be used, and if it is going to be given to another agency or organisation

• Only give out as much personal information as you need to — always think before handing your personal information over

• Ask for access to your personal information

• Make sure the information an organisation or agency holds about you is accurate and up to date

• Take steps to protect your online privacy

• Make sure your hard copy records are properly destroyed

• You can ‘opt out’ of marketing communications if you do not want to receive any further contact of this kind

• Make a privacy complaint if you consider that your personal information has not been handled properly.

Many identity theft cases that impact your credit rating could have been prevented with better education and more vigilance around the protection of personal information. Complacency around personal information, both on the part of consumers and entities such as agencies and businesses, can be the undoing of someone’s ability to obtain credit.

Pieces of personal information are the building blocks for credit file misuse. You can lose your personal information to fraudsters in many ways, and you may be unaware of how or when it has occurred – particularly if it has happened via malware, through data breaches or even through too much sharing online.

Sometimes it’s not until you apply for credit and are refused that you even find out you have been exposed to identity fraud, and by then it may be too late to detect how it took place.

This is why it is so important for all Australians to educate themselves on how to keep their information secure, and to demand that any information they are required to give over to any person or company be treated with the utmost privacy. Australia’s new Privacy Laws will hopefully add the requirements for all entities holding our personal information to be more aware of and accountable for upholding personal information privacy.

You can find out about your rights in more detail through the OAIC’s Privacy factsheet ‘How changes to privacy law affect you.’

THIS PAW WEEK: If you have a business, get some help in our next post with how to navigate the new privacy laws, including how to update your Privacy Policy, and how and when to conduct a Privacy Impact Assessment. For consumers and businesses alike, also stay tuned this week for how Australia’s new Privacy Laws may impact your ability to obtain credit, through changes to credit reporting laws.

07/05/2014
Privacy Law Reform To-Do List: Privacy Awareness Week 2013

In our last post for Privacy Awareness Week 2013, we set out some actions you can take now for your family to get you up to speed and ready for important changes to the Privacy Act 1988 (Cth) which will impact you. We include the specific things you can to do to support your ability to obtain credit and have your credit file looking its best when changes come into effect on March 2014.

By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

What can you do to support your credit file and ensure you look your best to Credit Providers? It will be essential from now and going forward to be mindful of what may constitute bad credit. Although as a consumer you are not privy to your credit ‘rating’ score, a Credit Provider will be provided with a number based on your credit habits – and this will be used to help calculate your credit worthiness. Whilst it is not disclosed by credit reporting agencies the specific items which lower your score and how much by, traditionally there are some things you can do to which will help keep your credit-worthiness in check. We look at good credit habits, and what things you need to do when our Privacy Laws change in March 2014:

1. Pay on time, every time.

Your repayment history information is being collected now. It is imperative you make repayments on accounts by their due date to avoid having late payment notations recorded on your credit file and shown after the March 2014 implementation.

If you can’t pay on time, seek alternative arrangements with your lender – but be advised these new arrangements will be recorded on your credit file. This would always be preferable to a default listing though – especially if you can show good repayment history at those new terms – so there is a new incentive to get in and work it out with your lender prior to letting your accounts go into arrears and copping a default listing.

2. Check your credit file regularly.

Make a habit of checking your credit file regularly. You can do this for free annually through the Australia’s credit reporting agencies. There will be five new data sets of information available to Credit Providers who request a copy of your credit report. These will be:

– repayment history information;

– the date on which a credit account was opened;

– the date on which a credit account was closed;

– the type of credit account opened; – and the current limit of each open credit account.

It is essential that you take responsibility for the accuracy of your credit file information and even more so when the above new sets of information becomes available to Credit Providers.

3. Correct credit information which you believe is inaccurate, inconsistent or unfair.

If there is anything on your credit report which you believe rings untrue, or shouldn’t be there, you have the right to request this information be rectified. You will need to contact your Credit Provider to alter this information. You should do this before the information has any bearing on a credit application you may make in the future. You may contact a credit repair company to assist you with this if the change is a significant one, or if you expect resistance to the request. After March 2014, if your Credit Provider disagrees with your request to correct your credit information, you can have your dispute noted on your credit file and this would be worthwhile requesting if you believe your listing shouldn’t be there.

4. Take precautions when applying for credit.

You may not realise, but the volume of credit you apply for and the type of credit you apply for can hinder any future credit application you may make. Whilst it is a great idea to research credit before applying – you should only ever make a credit application you have full intention of pursuing. Too many credit applications will mean you are refused credit. And from March 2014 this will be clearly displayed on your credit report. Likewise, if you apply for too many ‘high interest’ or ‘bad credit’ loans – you could be penalised with a lender if you apply for a mortgage – especially with a credit ‘scoring’ method which may shave points off your score through this type of credit application.

5. Seek cautions credit limits.

You may have a credit limit of $10,000 – but only have used a quarter of that. This may not be to your advantage. If you’re not using it, don’t have it is the general adage. If you take out a credit card or other line of credit, it’s probably not wise to opt for a lofty limit. You could try to get it closer to what you intend to use. A Credit Provider will only see the credit limit and not the actual amount you have utilised on that limit. As with credit applications, any credit ‘score’ may be reduced by credit limits which are too high.

6. Make information security paramount.

Understand how lucrative your personal information can be in the wrong hands, and take steps to keep abreast of how it can be at risk from things like identity theft. Identity theft can lead to the stealing of credit through the fraudsters accessing your credit file. Victims can end up with defaults on their credit file and a ban on obtaining credit for 5 years. The Office of the Information Commissioner (OAIC)’s factsheet Ten Steps To Protect Your Personal Information gives you some guidance on how to do that. New laws will allow you to place a ban period on your credit information if you believe you may be at risk of identity theft, which can prevent fraudsters from accessing credit in your name – so if you do feel you may be at risk – acting quickly may save your credit file from misuse.

Image 1: Rawich/ www.FreeDigitalPhotos.net

Banner: Courtesy of OAIC

03/05/2013
Information Security – Is Your Business Ready for Privacy Law Reform? Privacy Awareness Week 2013

Do you have a plan to walk your business through privacy law reforms? The Office of the Information Commissioner (OAIC) recommends businesses and government agencies who have obligations under the Privacy Act 1988 (Cth) should start planning now for the implementation of privacy law reform in March 2014. We provide you with guidance and links to the many significant aspects governing new obligations and responsibilities as a business which handles the personal information of individuals to assist you with the changes coming your way next year.

By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

Currently, businesses covered by the Privacy Act are subject to the 10 National Privacy Principles (NPPs), while most Australian, ACT and Norfolk Island government agencies must comply with 11 Information Privacy Principles (IPPs). Under the new privacy law the IPPs and NPPs will be replaced by the new, unified, Australian Privacy Principles (APPs). This is just one of the many significant changes to the Privacy Act.

The OAIC has outlined some questions you can ask yourself to see what your requirements may be within the new privacy laws:

• Does your business or agency handle personal information? There are some changes to what constitutes personal information under the Privacy Act

• Do you need to review your business or agency’s privacy policy? You should have an up-to-date policy that is reviewed regularly. The new laws set out some requirements for privacy policies

• Do you need to review your business or agency’s outsourcing arrangements? You will need to do this particularly if you are sending personal information overseas.

• Do you use direct marketing to reach your customers? If you do, you will need to provide an easy way for people to opt-out of receiving these communications. There are some new rules in the area of direct marketing.

• Does your business or agency receive unsolicited personal information. There are some new rules on how to handle this information.

• Do your information security systems need to be reviewed and updated?

We recommend you download the OAIC’s Guide to Information Security (PDF) – an essential document for any business or agency which establishes a requirement to protect the personal information of individuals.

If you are directly handling personal information, see also below the OAIC’S privacy factsheet 7 on ‘Ten Steps to protect other people’s personal information’ below:

Ten steps to protect other people’s personal information.

The aim of this 10 step guide is to help your organisation or agency protect other people’s personal information.

Personal information is defined in s 6 of the Privacy Act 1988 (Cth) (Privacy Act) and means information that identifies or could reasonably identify an individual. There are some obvious examples of personal information, such as a person’s name and address. Personal information can also include medical records, bank account details, photos, videos, and even information about what an individual likes, their opinions and where they work.

The 10 step guide gives a snapshot of some of the privacy rights for individuals, and obligations that organisations and Australian, ACT and Norfolk Island Government agencies have under the Privacy Act.

The OAIC website has more information for organisations and agencies. You can also call our Enquiries Line on 1300 363 992.

1. Only collect information you need

Make sure individuals know what personal information your organisation or agency collects and why. Also ensure that: each piece of information is necessary for any of the functions or activities of the organisation or agency, and the information is required in the circumstances. Sometimes, activities can be carried out without collecting personal information. This allows individuals to interact anonymously with your organisation or agency.

2. Don’t collect personal information about an individual just because you think that information may come in handy later.

Only collect information that is necessary at the time of collection, not because it may become necessary or useful at a later date. If you need it later, collect the information then.

3. Tell people how you are going to handle the personal information you collect about them.

Have a publicly available policy that tells people how you handle personal information. Also, when you collect personal information, always let people know why you need to collect the information, how you plan to use it, who you are going to give it to. Make sure they know your contact details and, if they want to, how they can get access to their personal information.

4. Think about using personal information for a particular purpose.

Generally, organisations should not use personal information for a secondary purpose unrelated to the main purpose for which they collected the information. Unless your organisation has consent from the individual concerned or authorisation under law, it should generally only use personal information if it is: related to the purpose your organisation collected it for, and within the reasonable expectations of the individual.

Similarly, agencies must: only use personal information for a relevant purpose, and take reasonable steps to ensure that personal information is accurate, up to date and complete before using it.

The OAIC website has more information on the obligations organisations and agencies have under the Privacy Act.

5. Think before disclosing personal information

The Privacy Act allows organisations and agencies to disclose personal information in some circumstances. Sometimes, organisations and agencies disclose personal information when they don’t need to, or without considering whether the disclosure is authorised under the Privacy Act. Always think about whether a purpose can be achieved without disclosing personal information. Good practice: Get consent from the individual if you want to disclose their personal information for a reason that is different from the reason you collected it.

6. If people ask, give them access to the personal information you hold about them

Organisations and agencies have a general duty to give individuals access to their personal information. Here are some things to consider: Be as open as possible by giving individuals access to their personal information in the form they request. If you deny access to personal information, give the reason — consistent with the Privacy Act — to the individual as soon as you can. An individual also has an alternative path when seeking information from an agency. If an individual seeks access under the Freedom of Information Act 1982 ((Cth)) (FOI Act), the agency is obliged to consider the request under the FOI Act rather than the Privacy Act. Access under the FOI Act may be subject to specific exemptions. This alternative applies only to agencies, not organisations. The OAIC website has more information for agencies regarding the FOI Act.

7. Keep personal information secure

It is important that you keep personal information safe and secure from unauthorised access, modification or disclosure and also against misuse and loss. How you do this depends on the sensitivity of the information you hold, and the circumstances of your organisation or agency. Methods could include: considering the adequacy of existing security measures and procedures, including whether any relevant standards are met training staff in privacy procedures ensuring adequate IT security, such as installing firewalls, cookie removers and anti-virus scanners on work IT systems checking that all personal information has been removed from electronic devices before you sell or destroy them keeping hard copy files in properly secured cabinets allowing staff to access personal information on a ‘need to know’ basis only regularly monitoring your information handling practices to ensure they are secure. Depending on the size of your organisation and the information it collects, it may be prudent to have an external privacy audit done.

8. Don’t keep information you no longer need or that you no longer have to retain

If you no longer need personal information and there is no law that says you have to retain the information, then destroy it. Shred, pulp or destroy the personal information paper records. Dispose of files in security bins. Delete electronic records or files securely so that they can’t be retrieved.

9. Keep personal information accurate and up to date

The accuracy and currency of personal information you hold can change. Your organisation or agency needs to take reasonable steps to keep the personal information it holds current. Amend your records to reflect changes and make sure both hard copy and electronic files are updated. If you know that some personal information is likely to change regularly, go through the files periodically to ensure that your records are accurate and up to date.

10. Consider making someone in your organisation or agency responsible for privacy

This could be a designated person (often called a Privacy Contact Officer or Chief Privacy Officer) who: knows your organisation or agency’s responsibilities under the Privacy Act, and is willing and able to handle complaints and enquiries about the personal information handling practices of your organisation or agency. This person could also be responsible for implementing a complaint handling process, staff training programs and promoting Privacy Act compliance.

Don’t leave privacy to chance.

In tomorrow’s Privacy Awareness Week 2013 post – we look at the Privacy Reforms aimed at protecting individuals, and their credit file from identity theft.

01/05/2013
Cybercrime goes all the way to RBA but do our laws protect us?

[fusion_builder_container type=”flex” hundred_percent=”no” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” overlay_color=”” video_preview_image=”” border_color=”” border_style=”solid” padding_top=”” padding_bottom=”” padding_left=”” padding_right=””][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ background_position=”left top” background_color=”” border_color=”” border_style=”solid” border_position=”all” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” center_content=”no” last=”true” min_height=”” hover_type=”none” link=”” border_sizes_top=”” border_sizes_bottom=”” border_sizes_left=”” border_sizes_right=”” first=”true”][fusion_separator style_type=”default” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” class=”” id=”” flex_grow=”0″ top_margin=”” bottom_margin=”” width=”” alignment=”center” border_size=”” sep_color=”” icon=”” icon_size=”” icon_color=”” icon_circle=”” icon_circle_color=”” /][fusion_text]

It seems no Australian business is immune to cyber-attack, including the Reserve Bank of Australia which it was recently revealed has been hacked. A prominent cyber security specialist says cover ups happen all the time and that we must push for mandatory data breach notification laws to protect against the threat of identity theft and subsequent credit fraud. We look at the reality of these cyber-attacks, and the position SME’s find themselves in moving forward in issues of privacy.

By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

How real is the threat of a major cyber-attack leading to mass money loss and credit fraud, or even cyber terrorism on our shores? As a recent story in the Australian Financial Review titled Attacks ‘highlight need for data breach notification law’ reveals, pretty real and it seems our lack of mandatory data breach notification laws is not only down-playing the threats Australians face, but could be helping these criminals.

“Not a day goes by when someone is not attempting to hack into any of the banks around Australia.”

This was a statement made by the outgoing technology chief of the National Australia Bank, Gavin Slater at a recent talk to investors.

He also revealed that just a few weeks ago:

“11 United States banks were targeted by terrorist organisations in response to something that happened in the Middle East.”

So if our banks are constant targets, why aren’t we informed?

It was recently uncovered that the Reserve Bank of Australia’s systems had been compromised by China-based hackers. In response, technology security experts, including the former head of investigations at the Federal Police’s Australian High Tech Crime Centre, Nigel Phair called for the passing of long planned mandatory data breach notification laws.

Mr Phair, who is now Director of the Centre for Internet Safety at the University of Canberra says the breach highlights the need for these laws to be passed.

“The RBA story was hugely important, because the attack happened some time ago, and we only found out about it because of a freedom of information request,” Mr Phair said.

“We desperately need data breach legislation; we are quite behind in global terms on that, to force businesses to disclose when sensitive data is breached. I don’t know what is holding it up, and I would like to think it is achievable. It will help other government agencies and businesses, to be aware that it is not just them being targeted, that the threats are pretty wide ranging,” he told the Fin Review.

Mr Phair said many businesses wanted to avoid bad publicity and that it was understandable they would try to keep news of the loss of any intellectual property and customer details quiet. He said for listed companies, the fear that investors would be spooked was a big factor. But he said the current code of silence was only making it easier for cyber criminals.

The Fin Review revealed these statistics on data breaches:

KPMG estimates that 75 per cent of the 1000 largest Australian companies have had a material data breach, reported to cost Australian companies an estimated $2.16 million per company per year, according to a 2011 study by the Ponemon Institute. The Australian Bankers Association has defended the strength of IT security processes in Australia’s banking system.

ABA chief executive Steven Münchenberg recently told The Australian Financial Review that there were no reports of similar attacks on other local banks, and that effective processes were already in place to co-ordinate fraud investigations with federal and state police.

“The Australian Bankers Association is not aware of any successful hacking attempts on Australian banks,” Mr Münchenberg said. “Banks have systems in place to protect customer information and accounts – such as employee training, employee accountability, strict privacy policies, rigorous security standards, encryption and fraud detection software.”

“The nature of these discussions needs to remain confidential as any details may be misused by criminals,” Mr Münchenberg said.

But Mr Phair elaborates in the Fin Review how easily cyber-attacks play out in business situations:

Mr Phair warned that a significant number of Australian businesses and government agencies were ill-prepared for the kind of social engineering attacks which penetrated the RBA. In the attack it just required internal staff to be tricked into clicking on a fake email purporting to be from management.

“Lots of organisations like the RBA have great perimeter and other security mechanisms in place, but this was basically just a phishing, social engineering attack. If I was a decent cyber criminal, that is what I would be doing,” he said.

“People are the most susceptible and the weakest link, so you target them with what looks like a bona fide email, with an executable file in an attachment, and that is how you gain a weakness.”

Mr Phair said the RBA’s subsequent claims that the attacks had been contained and that no sensitive information had been stolen were largely a public relations move to calm fears in the market.

He said it was not really possible to tell exactly what people do once they have had access to networks.

He also believed the problem was much wider spread than is ever reported, because a large number of hacking victims remain ignorant of the fact.

“The RBA was right to come out with its public response.

“The average person out there reading your pages would like to know that the RBA is protected,” Mr Phair said.

Last October, the federal government was considering requiring companies to notify customers and the public of serious data breaches. However, the Fin Review reports it is over four years since a similar recommendation was made by the Australian Law Reform Commission.

The then attorney-general, Nicola Roxon, published a discussion paper on potential implementation of plans, which could require companies and public-sector agencies to notify the Office of the Australian Privacy Commissioner when names, addresses and financial data are leaked or obtained by someone else.

A spokeswoman for Attorney-General Mark Dreyfus said there were voluntary guidelines on how Australian companies and organisations should report a security breach, but increasing risks meant tougher laws could be on the way.

“The Attorney-General is considering proposals that would require companies to report to consumers and the Commonwealth Privacy Commissioner when a data breach occurs, to improve privacy, bolster the security culture within organisations and bring Australia into line with international jurisdictions.”

SME’s and Data breach notification.

Data breach notification is a complicated issue. Yes, by sharing how threats have occurred we could be inviting copy-cat attacks. But Australians need to be made aware of what could threaten them.

There has been much criticism after past data breaches such as the well-publicised Sony data breach, that companies who have in the past “held out” on their customers following a data breach, waiting days or up to a week or so to notify customers were putting the consumer’s personal information may be at risk.

And rightly so. During the time, of ‘silence’ it can be argued that hackers have free access to this personal information without the consumer being able to do anything to minimise their own risk, such as cancelling accounts, changing passwords and flagging their credit accounts and credit file.

For small to medium businesses, we need to make plans and take precautions to prevent future attacks and protect our consumers – and without the requirement out there to disclose data breaches SME’s are missing a big opportunity to be guided by the example of big business in how to handle (or not to handle) cyber-attack.

That wider issue is what Australian SME’s face today – we are in the firing line for cyber-attacks simply by having a website, and staff with email addresses – but we rarely have the same security capabilities, the same profit margin and in many cases the same ‘publicity’ power that large entities would have. I can’t help imagining that as data breach laws begin to be enhanced, that SME’s could become the section of business most concerned with privacy issues, and the application of privacy law and indeed lawsuits against SME’s could be just as big a threat as the data breaches themselves.

That is another reason why big business needs to set the example. Until the law requires them to do so, it would be ideal for them to voluntarily disclose data breaches as they occur, with a view to educating the whole community on the nature of cyber-attack, and showing examples of the correct process for both preventing occurrences and dealing with them when they happen.

Currently, the best place to go for up to date information on cyber-security and your rights and obligations is the Office of the Australian Information Commissioner (OAIC). The OAIC’s article A Guide To Handling Personal Information Security Breaches is really essential reading for SME’s and includes information on obligations under the Privacy Act 1988, and advice on both handling a data breach, and preventing future data breaches in your company.

As consumers.

If you suspect your credit accounts may have been affected by identity theft – either through a cyber-attack or any form of credit fraud, you should do three things:

1. Contact Police to report it.

2. Notify your banks and Creditors.

3. Notify the credit reporting agencies which hold your credit file.

Act quickly. The faster you are able to take these actions the better you will be able to protect your credit file from impairment. Catching identity theft early could prevent defaults and other credit listings.T

This is why mandatory data breach notification is so important from the perspective of the consumer. Recovering your clean credit file following identity theft which has led to credit fraud can be difficult for individuals to do, as you have to prove you didn’t initiate the credit in your name.

For further help or advice contact a MyCRA Credit Repair Advisor on 1300 667 218.

Image 1: renjith krishnan/ www.FreeDigitalPhotos.net

Image 2: AscensionDigital/ www.FreeDigitalPhotos.net

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

27/03/2013
Privacy Commissioner casts final verdict on Sony data breach

It seems that there will be no reprisal according to Australian law for the victims of the Sony PlayStation/Qriocity saga which left the personal information of approximately 77 million Sony customers worldwide exposed to hackers and threatened the victims with possible identity theft and credit file misuse.

Australian Privacy Commissioner Timothy Pilgrim released his official report last Thursday on his investigation into Sony Australia’s possible breach of the Privacy Act.

His investigation found that Sony did not breach Australia’s Privacy Act when it fell victim to a cyber-attack.

The investigation looked at whether Sony complied with the National Privacy Principles in the Privacy Act. The Principles require organisations to take reasonable steps to protect personal information, and limit the circumstances in which organisations can use and disclose personal information.

“I found no evidence that Sony intentionally disclosed any personal information to a third party. Rather, its Network Platform was hacked into. I also found that Sony took reasonable steps to protect its customers’ personal information, including encrypting credit card information and ensuring that appropriate physical, network and communication security measures were in place,” Mr Pilgrim said.

Mr Pilgrim was concerned about the time that elapsed between Sony becoming aware of the incident and notifying its Australian customers and the OAIC. There was a gap of a week between the data breach and the notification. However, the Privacy Act does not contain a deadline for data breach notification – so this failure to notify does not classify as a breach of privacy.

“I would have liked to have seen Sony act more swiftly to let its customers know about this incident. Immediate or early notification of a data breach can allow individuals to take steps to mitigate the risks that arise from their information being compromised,” Mr Pilgrim said.

“However, I am pleased that in response to this incident, Sony has now implemented extra security measures to strengthen protections around the Network Platform.”

During the investigation, the Privacy Commissioner examined information pertaining to relationships between the various Sony entities involved in this matter.

“The international nature of these relationships raises challenges for regulators monitoring personal information flows in these kinds of situations where large global companies are collecting personal information while operating in a number of different jurisdictions.”

In recognition of this, the Privacy Commissioner will provide a copy of his investigation report to privacy regulators in APEC member economies for their consideration.

The Privacy Commissioner can only investigate what is in the bounds of the Australia’s Privacy Act to investigate – and here we get to the real problem.

Unfortunately our Privacy Laws don’t extend to mandatory data breach notification. So the Privacy Commissioner was unable to investigate what many agree was the real issue – why Sony took a week to notify its millions of customers their personal information – including credit card details had been compromised.

The entire saga and this subsequent investigation has served to highlight a massive hole in Australia’s privacy laws which are leaving people open to this kind of breach of security with no retribution via our Government policy.

As we advised at the time of the data breach, it is important for anyone who has had their personal details compromised in this way to be on the lookout for possible misuse of their credit file.

Often people don’t know they have been victims of identity theft until they attempt to obtain credit and are refused, due to defaults on their credit report they are unaware of.

It is recommended that everyone check their credit file for free every year from Australia’s credit reporting agencies. For people who have been the victim of a data breach and other people vulnerable to identity theft, it might pay to include a separate credit file monitoring service. For instance Veda Advantage will (for a fee) monitor people’s credit files and alert the credit file holder to any changes or entries on their credit file – including credit enquiries.

If people need help with credit rating repair following identity theft, they can contact MyCRA Credit Repairs toll free within Australia on 1300 667 218.

Image: Arvind Balaraman / FreeDigitalPhotos.net

03/10/2011
Sony dangles a carrot to entice users back to its system

Sony has offered a sweetener in the hope that most of its 17 million users will be enticed back to using its services after the PlayStation data breach last month.

Sony has offered its customers a ‘welcome back’ package that includes 30 days of free access to PlayStation Plus, 30 days of free access to Music Unlimited by Qriocity, as well as free identity theft monitoring from Debix, and a promise of free downloads in the future.

In the video message below to customers, Executive Deputy President of Sony, Kazuo Hirai says all PS3 customers must change their PSN and Qriocity account passwords upon their return.

“Your new password can only be changed on the same PS3 in which your account was activated or through validated e-mail confirmation,” Hirai said. Customers will also have to update their PS3 firmware to receive the latest security patches,

16/05/2011
Privacy Commissioner Investigates Sony Data Breach

On April 27 I posted about the Sony PlayStation data breach which occurred on April 17 and has possibly affected PlayStation users worldwide.

To update this issue, yesterday the Australian Privacy Commissioner, Timothy Pilgrim revealed findings from his initial investigation into the data breach:

“Yesterday, Sony Online Entertainment (SOE) advised me it had discovered that hackers may have obtained SOE customer information. SOE has said that the information was held in an out dated database from 2007 and contained approximately 12,700 non-US customer credit or debit card numbers and expiration dates. It is unclear at this point how many of these customers are Australian citizens or recipients.”

Australian Victim Ot The Sony PlayStation Identity Theft Issue Lost $2000

“This latest incident is extremely worrying. I am particularly concerned that it involves information stored on an out of date database. It reinforces my view that organisations need to consider further limiting the amount of information they collect and store about people. They should also make sure that information is destroyed when it is no longer needed as is required under the Privacy Act” he says.

In my last post I called for Australia’s legislation to come up to date with what is occurring worldwide. Being part of the technological network means we are part of the global network and therefore we cannot deny that security threats in any country and particularly the United States could have an impact on us here in Australia as it has done in this instance.

In fact, current statistics show that high-tech crime costs Australians $15billion per year, and the Australian Crime Commission now sites identity theft as the fastest growing crime in Australia.

What is encouraging is the Australia Law Reform Commission’s recommendation that consideration should be given to the introduction of mandatory data breach notification laws. This means that when something of the nature of the Sony PlayStation data breach or the recent Dell Computers data breach occurs in the future, there will be an obligation for the company to notify its customers in this country of the occurrence.

What is also being considered by the Government is more power for the Privacy Commissioner to impose penalties following an ‘own motion investigation’, such as enforceable undertakings and civil penalties for serious breaches of privacy. So if this part of the recommendations becomes legislation, the Privacy Commissioner would be able to penalise those companies which are found liable in relation to privacy breaches.

In the meantime, Sony recommends its customers take these steps to help protect their personal data:

“For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.

When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports” says Sony’s Patrick Seybold.

In Australia we can check our credit file for free by obtaining a credit report with credit reporting agencies Veda Advantage, Dun & Bradstreet or Tasmanian Collection Agency. A copy of our credit rating is then sent within 10 working days. Or for a fee they will supply one urgently.

If there are any errors on this file, including evidence of identity theft, it is possible the credit file can be repaired.

Contact www.mycra.com.au for more information.

05/05/2011
Crime storm blows in after Cyclone Yasi

VICTIMS of CYCLONE YASI are urged to take real and important measures to protect their identities from thieves in the aftermath of the cyclone’s devastation to homes and businesses.

With homes in absolute ruin and thousands of people still displaced, there is a danger of victims being hit again by identity thieves.

These fraudsters could pose as insurance people or attempt to remove personal information from homes and businesses while they are vacant and in disarray, according to credit rating repair company MY CRA’s Director GRAHAM DOESSEL.

“Victims should not be preyed upon again by criminals, but the fact is they are prime targets for identity thieves” Mr DOESSEL says.

This warning follows the deployment of 35 extra police to NORTH QUEENSLAND following the arrest of six looters in TOWNSVILLE.

The state’s disaster co-ordinator, IAN STEWART, says there had been 11 reports of looting since CYCLONE YASI hit north and far north QUEENSLAND, including an “opportunistic” break and enter at a pharmacy in CAIRNS during the height of the storm.

“It really is a disgrace that people would even consider doing this sort of thing at a time when the trauma being suffered by our community is so great,” he said.

The SOUTH-EAST QUEENSLAND floods produced scammers who tricked victims in to giving their bank details to people claiming they would help them obtain emergency funds. Scammers also claimed to be tradesmen offering to repair flood damage – they requested payment in advance before disappearing.

MR DOESSEL says cyclone victims may not only be targets for this type of crime, but particularly for other types of looting where thieves obtain personal information from vacant homes and use that information to steal someone’s identity or to claim compensation in their name.

“People could be at great risk of identity theft, due to their homes being vacant and possibly unsecured for significant parts of the day and night” he says.

He suggests if displaced victims are unable to secure important documents in their homes at present and are able to retrieve them and store them in a safe and secure place they should do so.

“Documents like marriage, birth and death certificates, past tax returns and even utility bills could all be stolen and used to appropriate someone’s identity” Mr DOESSEL says.

The AUSTRALIAN CRIME COMMISSION now sites identity theft as the “fastest growing crime in AUSTRALIA.”

Compromised financial information can be used directly to attempt to access the victim’s accounts, or be used to obtain credit cards/ loans in the victims’ name.

Fraudsters have even been known to send SMS and emails from a compromised identity to victims’ friends and associates, asking for money on the victims’ behalf. This often involves a story in regards to the victim being stranded somewhere and requiring the funds urgently.

Mr DOESSEL says his office has experienced an increase in credit rating repair due to identity theft – from card skimming through to professional gangs who ferret for personal information at a person’s home or in their rubbish bin.

“Identity crime hits twice. People are not only ripped off at the time, but their credit rating is destroyed generally for 5 years once defaults are listed on the victim’s credit file. This is regardless of how the defaults got there. A default on a person’s credit file is usually enough for an automatic decline on a home loan” he says.

The nature of credit ratings in AUSTRALIA, is once a default has been listed on a person’s file – it is very difficult to have it removed. Creditors will generally only mark the listing as paid.

“Effectively people are robbed of their financial future. The best course of action for most people fighting a default that is unjust, incorrect or just simply shouldn’t be there is to contact a reputable credit file repairer. “

“A credit rating repairer is generally more aware of the appropriate legislation, experienced at researching case by case and presenting that information in the most effective manner to ensure the best possible chance of having the default removed – as it rightly should be” Mr DOESSEL says.

People can visit the MY CRA website for more information on identity theft – what to look for, tips on preventing it and what to do if people have been scammed or their identity stolen.

###

LINKS

http://www.theaustralian.com.au/news/nation/police-head-north-to-crack-down-on-theft/story-e6frg6nf-1226000442845

http://www.crimecommission.gov.au/media/faq/financial_crime.htm

http://www.smh.com.au/environment/weather/vultures-descend-on-victims-with-scams-20110116-19sm0.html

Please contact:

Graham Doessel       http://www.mycra.com.au/

Ph: 07 3124 7133

246 Stafford Road, STAFFORD QLD.

About MyCRA.com.au

MyCRA.com.au is 100% Australian owned and operated and we are based in Stafford, a northern suburb of Brisbane in Qld.

My CRA was developed for the sole purpose of giving clients access and ability to work with their Credit File.   This is in order to give them the best chance of getting approval, getting a lower interest rate or just to reduce the upfront fees that can be associated with obtaining credit. My CRA are able to help you get a copy of your credit file and from that determine how we can help repair a credit file.

We have more than 15 years combined experience in working with and helping clients with their credit files. We are the fastest known credit rating repair agency in Australia. We can often remove judgements in as little as 3 days.

As Director I [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][GRAHAM DOESSEL] previously owned a very successful mortgage brokerage company “Mortgage Now” before establishing My CRA because I saw a great need in the industry for credit repair.

[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

12/03/2011
Identity Theft the ticking time bomb in Australia

SAFETY of personal information needs to be taken more seriously in this country, to avoid Australian identity theft statistics rising to the percentages of those in the UNITED STATES, GRAHAM DOESSEL CEO of credit rating repair company MY CRA warns.

“Identity theft is the curse of the 21st Century and that is becoming more evident in our industry of credit rating repair. There are more and more people needing help with repairing their credit file due to having their identity misrepresented in some way.”

“With exposure of our personal information greater than ever before, opportunities for fraud are higher than ever” he says.

This follows a recent investigation into VODAFONE for allegations of possible breaches of privacy by having customer information available on a publically accessible internet site.

This investigation conducted by the Privacy Commissioner found the allegations were unsubstantiated, but his report, released 16 February did illustrate other areas of concern at VODAFONE in relation to privacy.

“Vodafone did not have appropriate security measures in place to protect customer’s personal information at the time. Consequently Vodafone was in breach of their obligations under the Privacy Act. I was particularly concerned by Vodafone’s use of shared logins and passwords for staff and the broad range of detailed personal information available to them.” Privacy Commissioner TIMOTHY PILGRIM says.

Vodafone agreed to review its IT security, and all appropriate staff including employees in retail stores and dealerships will be issued with individual login IDs and passwords.

Mr Pilgrim said that this case should serve as a reminder to all businesses using customer management systems to ensure that they have robust privacy protections built in.

The latest AUSTRALIAN BUREAU OF STATISTICS data from a Personal Fraud Survey conducted in 2007 shows over 800,000 Australians were victims of at least one incident of personal fraud in the 12 months prior to interview, with over half of these victims incurring a financial loss.

Research in 2009 conducted by Galaxy Research for VEDA ADVANTAGE showed 4.4 million Australians were affected in some way by identity theft, compared to 3.8 million in the previous year.

The AUSTRALIAN CRIME COMMISSION now sites identity theft as the “fastest growing crime in AUSTRALIA.”

The A.C.C. says compromised financial information can be used directly to attempt to access someone’s accounts, or be used to obtain credit cards, loans or any other credit in the victims’ name.

Fraudsters have even been known to send SMS and emails from a compromised identity to victims’ friends and associates, asking for money on the victims’ behalf. This often involves a story in regards to the victim being stranded somewhere and requiring the funds urgently.

Current U.S. statistics point to 8.1 million people being victimized in 2010, according to a report by JAVELIN STRATEGY AND RESEARCH. Although that’s still a huge number, it’s 3 million fewer victims than in 2009.

So why have the U.S. statistics begun to improve? JAVELIN sites the top reason for the decrease is due to a significant drop in data breaches, or situations in which batches of personal information have become vulnerable to identity thieves.

The number of breaches last year was down by almost one-third, to 407 incidents, or 26 million records exposed, according to the DataLossDB project. Again, still a huge number, but down – from 604 breaches, or 221 million records exposed, in 2009.

“We definitely see evidence that the banks and other institutions are taking stronger precautions to prevent data breaches. Data breaches are a big deal. You are eight times more likely to be a victim of fraud if you get a data-breach notice.” James Van Dyke, president and founder of Javelin says.

He also sites consumer-education efforts as possibly another factor.

Mr DOESSEL says this demonstrates the importance of vigilance in the war against identity theft.

“It is so important for Australians to educate themselves on how to keep their information secure, and to demand that any information they are required to give over to any person or company be treated with the utmost privacy” Mr DOESSEL says.

“Our message at MyCRA to someone who has found themselves a victim of identity theft is two-fold. Firstly don’t be embarrassed to report it to police – it is only through identity theft being reported that data gets collected and appropriate preventative measures eventually get put in place.”

“Secondly don’t put up with the damage it causes to your credit file and to your life, get in touch with a reputable credit rating repairer who can help you to clear your credit file and restore the financial freedom you rightly deserve” he says.

Visit www.mycra.com.au for more information on identity theft.

###

LINKS

PRIVACY COMMISSIONER’S STATEMENT:

http://www.oaic.gov.au/news/media_release_vodafone_omi.html

VEDA ADVANTAGE:

http://www.vedaadvantage.com/news-and-media/article.dot?id=505933

AUSTRALIAN BUREAU OF STATISTICS:

http://www.abs.gov.au/ausstats/abs@.nsf/Latestproducts/1301.0Feature%20Article13012009%E2%80%9310?opendocument&tabname=Summary&prodno=1301.0&issue=2009%9610&num=&view

A.C.C. IDENTITY CRIME STATEMENT:

http://www.crimecommission.gov.au/media/faq/financial_crime.htm

U.S. STATISTICS:

http://www.washingtonpost.com/wp-dyn/content/article/2011/02/09/AR2011020906064.html

12/03/2011
Privacy Commissioner gets tough on Vodafone

An investigation into possible breaches of privacy by Vodafone reveals the privacy measures that are currently in place there are inadequate to ensure the security of its customers and could result in identity theft.

Recently I commented on an investigation underway by the Privacy Commissioner into allegations that Vodafone’s customer information was available on an internet site (MyCRA Blog January 10, 2010).

Commissioner Timothy Pilgrim has just released his findings and below are his statements:

“In the course of my investigation I did not find any evidence that substantiated the claim that Vodafone customers’ personal information was available on a publically accessible website. However, in my view, Vodafone did not have appropriate security measures in place to protect customer’s personal information at the time. Consequently Vodafone was in breach of their obligations under the Privacy Act,”

“I was particularly concerned by Vodafone’s use of shared logins and passwords for staff and the broad range of detailed personal information available to them.”

As part of an undertaking given to the Privacy Commissioner, Vodafone agreed to review its IT security, and all appropriate staff including employees in retail stores and dealerships will be issued with individual login IDs and passwords.

“I am pleased that on being made aware of the allegations Vodafone acted promptly to put in additional security measures to limit access to the personal information it holds. While I welcome the steps that were taken I have also asked Vodafone to report back to me on the progress of the review and implementation of increased security measures,” Mr Pilgrim said.

Mr Pilgrim said that this case should serve as a reminder to all businesses using customer management systems to ensure that they have robust privacy protections built in.

“All businesses must take the privacy of their customers seriously. Systems should be up to date and secure and staff should only have access to the information that is necessary for their work. To comply with the Privacy Act and retain the trust and loyalty of their customers, I urge businesses to review their data security practices to prevent the likelihood of a privacy breach occurring which could have the potential to lead to identity theft or fraud,” Mr Pilgrim warned

Security of your personal information should be taken very seriously.
The AUSTRALIAN CRIME COMMISSION now sites identity theft as the “fastest growing crime in AUSTRALIA.”
Compromised financial information can be used directly to attempt to access the victim’s accounts, or be used to obtain credit cards/ loans in the victims’ name.
Fraudsters have even been known to send SMS and emails from a compromised identity to victims’ friends and associates, asking for money on the victims’ behalf. This often involves a story in regards to the victim being stranded somewhere and requiring the funds urgently.
This is not to say that any Vodafone staff would be dishonest enough to misuse the information they had available to them, but it is good to know the new system they will be implementing will prevent this possibility.
Identity theft can catch anyone out and often times it is someone you know who has used credit in your name. For lack of reportage, we may not know the real scale of this crime.

Our message at MyCRA to someone who has found themselves victims of identity theft is firstly don’t be embarrassed to report it to police – it is only through identity theft being reported that data gets collected and appropriate preventative measures eventually get put in place.

Secondly don’t put up with the damage it causes to your credit file and to your life.

Get in touch with us at MyCRA and see how we can help you get your financial freedom back again.
Visit our site for more information on identity theft and how to prevent it happening to you.

www.mycra.com.au

LINKS
PRIVACY COMMISSIONER’S STATEMENT:
http://www.oaic.gov.au/news/media_release_vodafone_omi.html
ACC IDENTITY CRIME STATEMENT:
http://www.crimecommission.gov.au/media/faq/financial_crime.htm

25/02/2011
First Telstra & Now Vodafone… What Privacy Protection Do We Really Have?

Recently I blogged about Telstra allegedly breaching the privacy of some 200,000 clients by sending out letters to clients containing the details of other Telstra clients phone services and contact details.

Now it seems, Vodafone have allegedly breached privacy also..

According to a OAIC release, Vodafone have allegedly allowed personal and private Client information to have been available on a website which may have breached the Privacy Act.

I am glad I am not a Vodafone client right now.

MyCRA works everyday with clients that have defaults on their credit files and with hundreds of thousands of ‘reported’ cases of Identity Theft every year in Australia, this Vodafone issue is just what the organised gangs are after to steal more identities.

The following excerpt is directly from the OAIC Media release:

The Australian Privacy Commissioner, Mr Timothy Pilgrim, will investigate allegations that Vodafone has made the personal information of its customers available via an internet site.

“Our Office takes all allegations of privacy breaches very seriously. All organisations should ensure the security of their customers’ personal information or risk breaching the Privacy Act and causing serious customer dissatisfaction and possible loss of business as a result,” Mr Pilgrim said.

“The Office’s first step will be to determine whether Vodafone’s activities constitute a breach of the Privacy Act. I am concerned about the amount of personal information that may have been disclosed which could include sensitive information. For this reason I have opened an own motion investigation into the matter today. I have spoken with the CEO of Vodafone and he has assured me of Vodafone’s full cooperation,” Mr Pilgrim said.

The Australian Privacy Commissioner also advised that if an individual believes their privacy has been interfered with they should first contact Vodafone and if they are not satisfied with their response they can make a complaint to the Office of the Australian Information Commissioner.

If you have fallen victim to Identity Theft, firstly report it to the police and cancel any accounts that may have been affected.

Once you have that area under control, Give MyCRA Credit Rating Repair a call and we can guide you through the process of removing any black marks that may have appeared on your credit file or credit rating as a result of the Identity theft Issue

You can contact MyCRA Credit Rating Repair on 07 3124 7133 or www.MyCRA.com.au

10/01/2011