"Companies are trying to use the sheer scale and profitability of their shady data practices to shield them from the law."Īnd with Experian disclosing a breach in 2015 and then another in 2020, it's clear these firms are attractive targets for cybercrime. "Those kind of examples are irrelevant and can't be used to justify data enrichment for profiling or targeting," she says. We believe third-party data is vital to a healthy data ecosystem."Įxperian claims that critical services and education around the pandemic and the Black Summer bushfires were enabled by "modern data uses". But it failed to specify how these uses were threatened by this privacy law.ĭr Kemp, for one, is not convinced by this argument. Data broker Experian has argued for removing this principle in its submission to the Privacy Act Review.Īn Experian spokesperson told the ABC: "We and others in the industry believe it is outdated and does not fit well with modern data uses. The OAIC did not directly comment on whether data enrichment was legal in Australia or why it had not pursued enforcement action against data-enrichment practices.ĭr Kemp believes this law rightfully poses "an existential threat to businesses that are entirely disrespecting the dignity and autonomy of individuals".Īnd this has some major industry players concerned. The ABC reached out to the OAIC and a spokesperson said they were "not able to comment on whether a specific company is complying with the Australian privacy principles". "It's had a lot of privacy scholars and practitioners in Australia scratching their heads," Dr Kemp says. Only, in her view, this law isn't being enforced by Australia's privacy regulator, the Office of the Australian Information Commissioner (OAIC), in respect to data enrichment for profiling or targeting.Īnd when she asked her colleagues why this might be, no-one seemed to know. Katharine Kemp says data "enrichment" of customer data for profiling and targeting is unlawful in Australia. It states: "Data must be collected directly from an individual unless it is unreasonable or impracticable to do so." Her research paper, released in late 2022, points to Australia's "forgotten privacy principle". Katharine Kemp, a data privacy law expert at The University of New South Wales, believes this "enrichment" of customer data for profiling and targeting is actually unlawful in Australia.
#SECURITY BREACH FULL#
"If we were able to see the full extent of all the pieces of information available about me, you'd probably end up with a high-definition mosaic portrait."ĭata enrichment services sell access to large databases of personal information about education levels, religious beliefs and personal interests. "These companies - the data-enrichment industry, data brokers, data intermediaries, and aggregators - turn a profit by compiling data about us from a variety of sources," she says. "What it doesn't show is all of the other data about me that is floating around."Īnd data breaches only make up part of a bigger picture, as personal data is regularly bought, sold and traded in wideranging data markets. The types of information they've had breached most often are email addresses (7), names (5), geographic locations (4), passwords (3), and usernames (3)įor more detailed information about your personal history of breaches, check out Have I Been Pwned. But we're not done yet.Īll told, they've been caught up in seven breaches.īetween them, 11 distinct pieces of their identity have been potentially exposed, many of them multiple times over. Their email also shows up in a breach at YouveBeenScraped, which exposed email addresses, employers, geographic locations, job titles, names and social media profiles.īy 2019, with another at Canva, this portrait is starting to take shape. With each successive breach, more pieces of their identity are falling into place.
Later that same year, they were caught up in a breach at LinkedIn, which included email addresses and passwords. In this breach, email addresses, passwords, usernames and website activity were exposed.īut this is only the start of their history of exposed data.
The first breach they showed up in was at Lastfm back in 2012. This visualisation will reflect the worst possible case for the breaches they've been caught up in, according to Have I Been Pwned. The portrait of this person's identity starts with an email address. This interactive element is available only on the ABC News website. Note: You're reading the generic version of the story.
0 kommentar(er)
