The Ashley Madison hack raises some awkward questions,
and not just in the bedroom.
The adult website that tells us 'Life is short. Have an
affair' is in deep trouble after its data was apparently hacked
and all of its members exposed online. Ironic for the site that
boasts "over 38,855,000 anonymous members". Awkward.
While it makes for intriguing, albeit mostly sad and 'erode
your faith in humankind' reading, the security breach might put
Ashley Madison in serious legal strife.
The Privacy Act requires companies to take 'reasonable
steps' to ensure the security of the personal information they
hold. For most companies, that means firewalls and encryption
devices for the information they have online and physical
protection (i.e. locked drawers) for the hard copy stuff. For
others, the bar may be set a little higher. The Privacy
Commissioner has released some guidance on what will constitute
'reasonable steps' stating it will depend on the
The nature of the entity (size, resources, business
The amount and sensitivity of the information held (note that
'sensitive information' is a defined term under the Privacy
Act, but the whole 'affair' thing is pretty
The possible adverse consequences for an individual in the case
of a breach (tick!);
The practical implication of implementing a security measure,
including time and cost;
Whether that security measure is itself privacy invasive.
The Privacy Commissioner is already onto the Ashley Madison
breach and is investigating how it occurred as well as what the
company is doing to mitigate the situation. The Commissioner has
also urged caution for anyone reporting details of the published
database, as initial reports say that it is potentially inaccurate
–something Fitzyand Wippaof Nova 969 could be accused of
having ignored when they live broadcasted the moment Jo from
Blacktown learned her husband's name was on the list. (Refer to
the 'erode your faith in humankind' comment above.)
We think Ashley Madison is in big trouble, particularly if it
can't demonstrate some decent security was in place or that it
didn't do enough to clean up the breach once it happened. There
are also suggestions it had been charging members a fee to have
their data deleted, but hadn't actually carried the deletions
out. If that's right, ouch. The Commissioner has the power to
impose penalties of up to $1.7 million for serious and repeated
And that's just one consequence. In the US, the first class
action lawsuit by members has already been launched against Ashley
Madison, and we can expect the same here. Along with a spike in the
divorce rate. Funny, but not funny at all.
We do not disclaim anything about this article. We're
quite proud of it really.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Privacy issues require a considered strategy where sets of big data come with ever-increasing regulatory obligations.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).