A legacy to be proud of - thanks Bill Shorten
Posted on 17 Sep 2024
Love him or loath him, departing NDIS Minister Bill Shorten has been a solid supporter of the…
Posted on 14 Aug 2024
By Matthew Schulz, journalist, Institute of Community Directors Australia
Australia’s privacy watchdog has halted an investigation into the charity telemarketer behind a data breach in which the information of up to 50,000 donors from 70 charities was leaked onto the dark web.
The Office of the Australian Information Commissioner (OAIC) – in response to questions from the Community Advocate about the status of the investigation – has revealed that it has quietly ended its investigation, which began in October last year.
The OAIC cited the company’s collapse, limitations on likely “remedies” for victims and resource constraints as reasons for closing the case.
“The reason for not further pursuing the investigation is that, having looked into the matter, and noting that the company is in liquidation, the possible remedies that we could obtain for the community would not be proportionate to the resources required,” an OAIC spokesperson said.
The Brisbane-based Pareto Phone company’s system was first breached in April, but the incident was made public only in late August, about the same time that LockBit ransomware operatives published 150GB of data onto the dark web, to the shock and dismay of many Pareto Phone clients.
The hack saw more than 320,000 files taken from the company, including personal information, credit card details, donor histories, internal documents, financial information and staff details. A KPMG audit of the true extent of the hack was never made public.
Among the worst hit charities were WWF Australia (20,500 donors), the Australian Conservation Foundation (13,500 donors), and Plan International Australia (8,000 donors).
By October, the company was placed into external administration, owing more than $17 million to creditors, less than two months after its major charity clients abandoned ship.
At that time, the OAIC confirmed it had launched an investigation and said it was pursuing the owners of the company, Merchant Place Investments, which describes itself as “a private investment company” with “some of Australia’s most successful families and charitable foundations” as clients.
At the time, Merchant Place was controlled by two directors, Nicholas Mole and Nick Batchelor. As of yesterday, Australian Securities and Investments Commission (ASIC) records show that Pareto Phone Pty Ltd remains under external administration, with Thomas Mould as its sole director and secretary.
Many of the affected charities complained to both the OAIC and the fundraising peak body, Fundraising Institute Australia (FIA), that Pareto Phone had breached privacy rules by holding onto donor data for years longer than it should have.
Some organisations contemplated legal action or seeking compensation from Pareto Phone, but may now face an uphill battle in the absence of any formal regulatory ruling and the company’s shutdown.
The OAIC said this week that it was in the process of updating guidance for the charity and not-for-profit sector in the wake of the incident, with a focus on the use of third-party providers.
“In response to issues raised in the investigation, the OAIC is updating its guidance for the charity and not-for-profit sector to highlight the sector’s obligations under the Privacy Act when engaging third-party providers to assist in fundraising activities, particularly when the third parties are provided with the personal information of donors.
“The updated guidance will include practical advice about ensuring good privacy practices when engaging external vendors, such as being informed about how information will be collected, handled and stored; conducting periodic reviews of arrangements; and ensuring the third party deletes any personal information at the end of the contract term.”
The OAIC stressed that all organisations should ensure “vendors have appropriate processes in place to protect personal information and comply with any obligations they have under the Privacy Act”.
Similar warnings have come from FIA, ASIC, the Australian Charities and Not-for-profits Commission (ACNC) and New Zealand’s Office of the Privacy Commissioner.
Peak bodies including the Community Council for Australia (CCA) and the Australian Council for International Development (ACFID) sought additional federal support in the wake of the hack, and CCA wrote to the Prime Minister warning, “charities and not-for-profits have not been provided with the support they need to deal with an increasingly sophisticated level of cyber-attacks”.
The OAIC last year said 25 notifiable data breaches had affected the charity sector in 2022–2023.
Authorities overseas had some success in March in taking down some of the Lockbit hackers behind the Pareto Phone incident.
They took control of the LockBit sites, arrested several suspects, froze LockBit Bitcoin accounts, shut down servers and websites, and took charge of ransomware infrastructure.
LockBit was understood to have re-emerged soon after with new encrpytors and servers.
Cybersecurity remains a hot-button issue for NFPs (includes resource links)
Posted on 17 Sep 2024
Love him or loath him, departing NDIS Minister Bill Shorten has been a solid supporter of the…
Posted on 17 Sep 2024
Every Australian student deserves access to a quality education, no matter where they live or their…
Posted on 17 Sep 2024
The crowded fundraising landscape means organisations trying to raise money for a good cause must…
Posted on 17 Sep 2024
Funding for local not-for-profit (NFP) and community groups that support areas affected by drought…
Posted on 17 Sep 2024
Eduardo Maher has seen first-hand the negative effects climate change has wrought on his community…
Posted on 17 Sep 2024
Many older Australians from migrant backgrounds are severely disadvantaged when it comes to…
Posted on 17 Sep 2024
Improving the sometimes-fraught relationship between the not-for-profit (NFP) sector and government…
Posted on 16 Sep 2024
Philanthropists are increasingly shooting for the moon in their efforts to make a lasting impact.
Posted on 16 Sep 2024
September 18 is Childhood Dementia Day. With many Australians unaware that thousands of children…
Posted on 12 Sep 2024
Fundraising experts say that better understanding donors’ attitudes to the community sector will go…
Posted on 12 Sep 2024
NFPs would be wise to consider innovative ways to diversify their income and the benefits of doing…
Posted on 12 Sep 2024
Small to medium not-for-profits have enjoyed a 5% donations spike compared to this time last year,…