How is the WannaCry ransomware attack related to information privacy? - 15 May 2017

The Privacy Act 1988 (Cth) sets out 13 Australian Privacy Principles (APPs) which Australian Government agencies and most private sector organisations must follow for handling personal information.

APP 11.2 requires APP entities to take reasonable steps to protect personal information they hold from misuse, interference and loss, and from unauthorised access, modification or disclosure.

This past weekend's WannaCry ransomware attack reportedly infected over 200,000 computers on six continents, and encrypted all the files on those machines. If a user fails to pay the $300 ransom within three days, the price doubles to $600; then after a week, the user’s files are at risk of being deleted entirely.

Unlike the ways other malware can spread, WannaCry did not infect these machines because employees clicked on a malicious link in email. Instead, WannaCry infected their computers simply because they were running on unpatched versions of the Windows operating system.

Regular patching of your organisation's operating systems, applications and websites is an important way to protect against the risks of malware - and is also one of the (but not the only) "reasonable steps" that APP entities should take to comply with their obligations under APP 11.2.

Our Intellectual Property & Technology team can help your organisation to assess its privacy compliance and ensure it complies with the APPs. If you are unsure whether your organisation is subject to the Privacy Act, please contact our Intellectual Property & Technology team for a quick check.

HopgoodGanim Lawyers is a full service commercial law firm. Our firm has 41 partners and more than 280 staff. We operate nationally and internationally with a focus on Asia from our two key locations of Brisbane and Perth. We offer highly skilled and agile legal teams across key sectors and areas of practice. In all of our areas of speciality, our lawyers are recognised by legal publications as leaders in their fields.