MyCRA Specialist Credit Repair Lawyers

Tag: Privacy Commissioner Timothy Pilgrim

  • Nov 2014 UPDATE – 4BC MyCRA’s Graham Doessel and Privacy Commissioner Tim Pilgrim Interview

    Below is the original story and where Graham Doessel and Tim Pilgrim were both interviewed on Brisbane’s 4BC Radio

    Well a lot has changed since then and one of the biggest changes is the move away for the ludicrous listing a client if they are one day late to the not quite so idiotic listing of a client if they are just 14 days late in making a payment.

    Do you have a bad credit rating now as a result? Are you sure? Do you want to to make sure?

    to get a free copy of your:

    • Veda Advantage Credit Score
    • Dun & Bradstreet Credit File
    • Tascol Credit Report
    • Experian Credit Rating

    Another change in the legislation that you probably already know about is that a Bankruptcy only stays on your credit report for 5 years now and not 7…  Great news for those doing it tough…

    Call MyCRA Lawyers now on 1300 667 218

     

     

    ORIGINAL UPDATE – (The day after the interview)

    Yesterday, Graham Doessel, founder and CEO of MyCRA Credit Rating Repairs was interviewed along with the Privacy Commissioner, Mr Timothy Pilgrim on 1116 News Talk 4BC.

    4BC MyCRA and Privacy Commissioner Interview

    Graham took calls from listeners and explained what Will and Will NOT happen as a result of the new Credit Laws.

    Privacy Commissioner Tim Pilgrim argued that adding a listing of every client even one day late is GOOD for credit reporting as…[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][]

     

    Click HERE to read the original story

    Then, Grab a FREE copy of your credit files

     

     

     [/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • How Can You Prevent a Data Breach in Your Small Business?

    If we can learn anything from recent reports of more Australian cyber-crime victims, we must learn that personal information is so important to keep safe. Not only is today’s cyber-crook or scammer after your money – they are after the money you can borrow – through obtaining credit in your name. The recent arrests of seven Romanian people in Australia’s largest credit card data theft investigation in which those criminals had access to 500,000 Australian credit cards is a chilling reminder to all Australians that we are not immune to fraud and identity theft. The fact that these criminals were able to gain this information by hacking the databases of 100 Australian small businesses prompts us to look into what Australians can do to protect their customer information within their business network and keep their customer’s personal information and credit files safe.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    On Thursday, the Australian Federal Police announced in a joint release to the media, that they have arrested seven people in Romania in Australia’s largest credit card data theft investigation.

    The criminal syndicate had access to 500 000 Australian credit cards and approximately 30 000 credit cards have been used for fraudulent transactions amounting to more than $30 million…

    Stolen credit card data was being used to create false credit cards, enabling thousands of counterfeit transactions to be carried out in numerous overseas locations including Europe, Hong Kong, Australia and the United States.

    After the AFP identified the cause of the data compromise, the investigation grew to involve numerous international law enforcement partners and the Australian banking and finance sector also provided strong support…

    No Australian credit card holders lost money as a result of these fraudulent transactions. Australian financial institutions reimbursed the financial losses of cardholders…

    Abacus Australian Mutuals CEO Louise Petschler said today’s developments show that cyber crime is a global enterprise.

    “It underlines how a coordinated approach by law enforcement agencies, financial institutions, merchants and consumers can help fight card fraud. We all have a role to play to ensure credit card transactions are safe and secure,” Ms Petschler said.

    “Policing is only one part of the solution to stop data compromises – credit cards should be kept in a secure place, ATMS should be checked for any unusual attachments, personal details including PIN numbers should be protected, financial statements should be checked continuously, mail boxes should be secured and if possible, ‘chip and pin’ security implemented on credit cards,” Commander McEwen said.

    The ABC ran a story the same day on this issue, ‘Australian small businesses targetted by data theft syndicate.’

    It featured IT security expert, Nigel Phair from the Centre for Internet Safety at the University of Canberra. He says it proves that many small businesses are not taking data security seriously enough.

    While he’s surprised at the scale of the operation, Nigel Phair isn’t surprised Australia was a target.

    ”We are susceptible. We are a good economy, we are ripe for the picking for these international criminals,” Nigel Phair says.

    He says the issue for small businesses, is they spend next to no money on any IT security.

    He says it is relatively simple for criminals to get hold of those credit card details if a company doesn’t have any such security.

    “It really is a matter of just hacking into the organisation, finding where their credit card details are stored and then stealing them and then transacting them yourself, you know. And then the next question coming out of that is after you do a transaction with a small to medium enterprise, there’s no reason for them to retain your data,” he says.

    “In the small to medium category I would suggest most [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][small businesses] aren’t adhering to it [best practice when it comes to credit card data].”

    Preventing Data Breaches in Small Businesses

    Following the introduction of amendments to Australia’s Privacy Laws in the form of the Privacy Amendments (Enhancing Privacy Protection) Bill 2012, there will be more protection for individuals in regards to their personal information.

    How this will flow through to small business procedures is still to be officially outlined, as they will be exempt from some of the new laws.

    Small businesses looking to comply as much as possible with best practice guidelines for personal information security right now, should consult the Privacy Commissioner’s guidelines, found on the OAIC website.

    The Privacy Commissioner, Timothy Pilgrim says appropriate security safeguards for personal information need to be considered across a range of areas. This could include maintaining physical security, computer and network security, communications security and personnel security. To meet their information security obligations, agencies and organisations should consider the following steps:

    Risk assessment – Identifying the security risks to personal information held by the organisation and the consequences of a breach of security.

    Privacy impact assessments – Evaluating, in a systemic way, the degree to which proposed or existing information systems align with good privacy practice and legal obligations.

    Policy development – Developing a policy or range of policies that implement measures, practices and procedures to reduce the identified risks to information security.

    Staff training – Training staff and managers in security and fraud awareness, practices and procedures and codes of conduct.

    The appointment of a responsible person or position – Creating a designated position within the agency or organisation to deal with data breaches. This position could have responsibility for establishing policy and procedures, training staff, coordinating reviews and audits and investigating and responding to breaches.

    Technology – Implementing privacy enhancing technologies to secure personal information held by the agency or organisation, including through such measures as access control, copy protection, intrusion detection, and robust encryption.

    Monitoring and review – Monitoring compliance with the security policy, periodic assessments of new security risks and the adequacy of existing security measures, and ensuring that effective complaint handling procedures are in place.

    Standards – Measuring performance against relevant Australian and international standards as a guide.

    Appropriate contract management – Conducting appropriate due diligence where services (especially data storage services) are contracted, particularly in terms of the IT security policies and practices that the service provider has in place, and then monitoring compliance with these policies through periodic audits.

    He goes on to say that in in seeking to prevent data breaches, agencies and organisations should be considering their other privacy obligations to do with data collection and retention. Some breaches or risks of harm can be avoided or minimised by not collecting particular types of personal information or only keeping it for as long as necessary.

    Consider the following:

    What personal information is it necessary to collect? – …“Personal information that is never collected, cannot be mishandled,” he says.

    How long does the personal information need to be kept? –…”destruction or de-identification of information that this no longer required will usually be a reasonable step to prevent the loss or misuse of that information).”

    For a full and complete picture of the OAIC Privacy Guidelines, including the relevant Privacy Principles and obligations you may be subject to, we recommend you read the above information in its full context, in this article: the Office of the Australian Information Commissioner, Data breach notification: a guide to handling personal information security breaches – April 2012.

    Image: cooldesign/ www.FreeDigitalPhotos.net[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • Mandatory data breach notification finally on the table in Australia

    Should organisations be required by law to make data breach notifications when they occur? The Australian government has finally put this topic to the Australian public following the release of their discussion paper. This is long overdue so that customers who have their personal information unsecured in some way through a company data breach are notified and are able to take swift steps to secure their own records and personal information from identity crime. We look at why these laws are so important and how a data breach can impact a person’s credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    Yesterday the Australian Government released a statement to the media seeking views on the introduction of mandatory data breach notification laws, which aims to bolster privacy protections for Australians’ personal information in digital databases.

    Attorney-General Nicola Roxon said that it was timely for a public discussion on how legislation might deal with data breaches, such as when private records are obtained by hackers.

    “Australians who transact online rightfully expect their personal information will be protected,” Ms Roxon said.

    “More personal information about Australians than ever before is held online, and several high profile data breaches have shown that this information can be susceptible to hackers.

    Those high profile data breaches include the Sony data breach in 2011, First State Super scandal in the same year; this year the Zappos data breach and the Telstra data breach to name but a few instances where the personal information of Australians was exposed to hackers. What these incidents did is highlight the gaping hole in Australia’s privacy legislation which needed to be filled to protect consumers.

    Whilst organisations are encouraged to disclose data breaches to the Commonwealth Privacy Commissioner, it has not been mandatory to do so. There has been much criticism over companies “holding out” on their customers following a data breach, and waiting days or up to a week or so to notify customers that their personal information may be at risk.

    During this time, it has been argued that hackers have had free access to this personal information without the customer doing anything to minimise their own risk, such as cancelling accounts, changing passwords and flagging their credit accounts and credit file.

    The Australian Privacy Commissioner, Mr Timothy Pilgrim has had little recourse within legislation to deal with lack of notification following a data breach.

    In his statement to the media, Mr Pilgrim said in 2011–12, the Office of the Australian Information Commissioner (OAIC) received 46 data breach notifications, an 18% decrease from the number of DBNs received in 2010–11.

    ‘This decrease in notifications is difficult to explain but I have seen reports that suggest we are only being notified of a small percentage of data breaches that are occurring. It is very concerning that many of incidents may be going unreported and customers are unaware that their personal information may be compromised,’ Mr Pilgrim said.

    He has officially supported the release of the discussion paper.

    ‘…Privacy breach notification is an important issue that needs community debate, and I’m sure there will be a wide range of views expressed on whether this notification should be mandatory.’ Mr Pilgrim said.

    ‘Currently there is no legal requirement in Australia for organisations to notify individuals when a privacy breach occurs. However, I believe that where personal information has been compromised, notification can be essential in helping individuals to regain control of that information. For example, an individual can take steps to regain control of their identity and personal information by changing passwords or account numbers if they know that a data breach has occurred,’ Mr Pilgrim said.

    We agree this is an area which is overdue for going under the legislative spotlight. We can’t take lightly the possibility that any company that keeps data on its customers could be exposed to data breaches. Identity theft is becoming more prevalent, and personal information is lucrative for fraudsters.

    Unfortunately it seems everywhere people turn some company has been hacked – and it seems every entity with a computer is vulnerable. It is still extremely scary the level of risk peoples’ personal information undergoes these days when it is stored online.

    Personal information in the wrong hands can lead not only to identity fraud, but the misuse of the victim’s credit file, which can have significant long term consequences.

    A lot of identity fraud is committed by piecing together enough personal information from different sources in order for criminals to take out credit in the victim’s name. Often victims don’t know about it right away – and that’s where their credit file can be compromised.

    Once the victim’s credit rating is damaged due to defaults from this ‘stolen’ credit, they are facing some difficult times repairing their credit rating in order to get their life back on track.

    These victims often can’t even get a mobile phone in their name. It need not be large-scale fraud to be a massive blow to their financial future – defaults for as little as $100 will stop someone from getting a home loan.

    Once an unpaid account goes to default stage, the account may be listed by the creditor as a default on a person’s credit file. Under current legislation, defaults remain on the credit file for a 5 year period.

    What is not widely known is how difficult removing credit listings which shouldn’t be there can be – even if the individual has been the victim of identity theft. There is no guarantee that the identity theft victim will have the defaults removed from their credit file. The onus is on them to prove their case and provide copious amounts of documentary evidence.

    This is where often victims who need to recover their credit rating can benefit from third party assistance, such as a credit repair company, to assist with proving the victim did not intitate the credit, help with a case for removal and negotiate on the victim’s behalf.

    But the best method is prevention – and this can be difficult for victims to have any control over. They leave their personal information with a company, and must trust that their systems are working and that their information is safe.

    The only ways people can ensure their details are safe or dealt with safely are to:

    a) Demand that the companies they deal with are protective over their customers’ personal information. They should demand companies have strong IT systems.

    b) Adopt a need-to-know basis for disclosing their personal information. They should always question the need for their details to be handed over. If it is not essential, they shouldn’t do it; and

    b) Demand our country adopt mandatory data breach notification laws so we can, as Mr Pilgrim describes, have our organisations “embed a culture that values and respects privacy.”

    Image: phanlop88/ www.FreeDigitalPhotos.net