shutterstock_170954663 Linkedin
Unauthorised accessing of data is not just a breach of civil rights. Even if you are, or were, an employee, the Criminal Law deals with such interference quite seriously
Sep 25, 2018 8:43:59 AM / by Tal Williams posted in Technology Law Business Corporate & Commercial

Many damaging cyber incidents occur as a result of employees, or ex-employees seeking unauthorised access to data and systems.  Indeed, more than a third of cyber breach incidents reported to the Office of the Australian Information Commission in the second quarter of 2018 arose as a result of compromised or stolen credentials and consequent unauthorised access.

In a recent case where an ex-employee was found to have accessed the data of his old employer, Perram J in the Federal Court said:

“I note in passing that it is a federal criminal offence carrying a maximum penalty of two years imprisonment to obtain unauthorised access to data held in a computer to which access is restricted by an access control system”  (TICA Default Tenancy Control Pty Ltd v Datakatch Pty Ltd [2016] FCA 815)

So in addition to complying with the Essential 8 (see our earlier article), privacy training, education on phishing, spear phishing, whaling and other access methods, you may want to consider alerting staff to the following: 

478.1(1) Criminal Codeunauthorised access to, or modification of, restricted data

(1)    A person commits an offence if:

(a)       the person causes any unauthorised access to, or modification of, restricted data; and

(b)  the person intends to cause the access or modification; and

(c)  the person knows that the access or modification is unauthorised.

The maximum penalty for unauthorised access to, or modification of, restricted data is two years’ imprisonment.

s.477.3(1) Criminal Code—unauthorised impairment of electronic communication

(1)    A person commits an offence if:

(a)       the person causes any unauthorised impairment of electronic communication to or from a computer; and

(b)       the person knows that the impairment is unauthorised.

The maximum penalty for unauthorised impairment of electronic communication is 10 years’ imprisonment.

s.474.17 Criminal Code—using a carriage service to menace, harass or cause offence

(1)   A person commits an offence if:

(a)       the person uses a carriage service; and

(b)       the person does so in a way (whether by the method of use or the content of a communication, or both) that reasonable persons would regard as being, in all the circumstances, menacing, harassing or offensive.

The maximum penalty for using a carriage service to menace, harass or cause offence is three years’ imprisonment.

Being aware of the serious consequences of improperly accessing  data may make staff that little bit more reluctant to interfere with your data.

 

If you have any questions about privacy and the legal aspects of cyber, please give me a call.


Recent Posts







HW_White.png
who_we_are.jpg

Who We Are

HW_White.png
What_we_Do.jpg

What We Do

HW_White.png
Careers.jpg

Careers

HW_White.png
Publications.jpg

Publications