Love in the time of the NPP: privacy commissioner finds Cupid Media in breach
The Australian privacy commissioner has found that Cupid Media, the operator of more than 35 niche online dating websites, failed to take reasonable steps to secure personal information held on its websites and had therefore breached its obligations under the Privacy Act. The investigation was prompted by media allegations that the personal information of Cupid users, including full names, email addresses, passwords and dates of birth, had been found on a server operated by hackers. The nature of the niche dating websites also meant that the hackers had access to sensitive information including users’ sexual orientation, religious affiliations and racial and ethnic origins.
The privacy commissioner’s report indicates that in January 2013 Cupid identified a rogue file on its servers. Cupid’s investigations into the rogue file found that hackers had exploited a vulnerability in the application server platform that allowed them to access Cupid’s databases. A patch for the vulnerability had been released days before the attack. However, Cupid had not received notice from the developer that the patch was available (despite this being the usual practice). Cupid promptly applied the patch after becoming aware of its existence, which prevented the hackers from obtaining further data.
At the time of the data security breach, the Australian Privacy Principles (APPs) were not yet in force. Accordingly, the privacy commissioner considered whether Cupid had complied with the following National Privacy Principles, which required organisations to take reasonable steps to protect the personal information they hold from misuse and loss and from unauthorised access, modification or disclosure…
Click on the link below to read the rest of the DLA Piper briefing.
Sign in or Register to continue reading this article
It's quick, easy and free!
It takes just 5 minutes to register. Answer a few simple questions and once completed you’ll have instant access.Register now
Why register to The Lawyer
In-depth, expert analysis into the stories behind the headlines from our leading team of journalists.
Identify the major players and business opportunities within a particular region through our series of free, special reports.
Receive your pick of The Lawyer's daily and weekly email newsletters, tailored by practice area, region and job function.
More relevant to you
To continue providing the best analysis, insight and news across the legal market we are collecting some information about who you are, what you do and where you work to improve The Lawyer and make it more relevant to you.
News from DLA Piper
News from The Lawyer
Briefings from DLA Piper
The Australian Taxation Office released a draft ruling on the Goods and Services Tax treatment of bitcoin transactions on 20 August 2014.
DLA Piper’s ‘Life sciences: patent extension strategies and antitrust global update’ video covers global antitrust and competition issues including product hopping and reverse payment patents.
Analysis from The Lawyer
Regulators are ramping up the pressure in the aftermath of recession, leaving firms to compete for compliance and restructuring work
Shearman & Sterling is making its presence felt in the City, squaring up to magic circle firms and looking to muscle in on key relationships. Private equity house Bridgepoint is one outfit that has had its head turned by the US firm.