Unauthorised Accessing of Data is Not Just a Breach of Civil Rights
Unauthorised Accessing of Data is Not Just a Breach of Civil Rights
Tuesday 25 September 2018 / by Tal Williams posted in Business, Corporate & Commercial Technology Law

Even if you are, or were, an employee, the Criminal Law deals with such interference quite seriously.

Many damaging cyber incidents occur as a result of employees, or ex-employees seeking unauthorised access to data and systems.  Indeed, more than a third of cyber breach incidents reported to the Office of the Australian Information Commission in the second quarter of 2018 arose as a result of compromised or stolen credentials and consequent unauthorised access.

In a recent case where an ex-employee was found to have accessed the data of his old employer, Perram J in the Federal Court said:

“I note in passing that it is a federal criminal offence carrying a maximum penalty of two years imprisonment to obtain unauthorised access to data held in a computer to which access is restricted by an access control system”  (TICA Default Tenancy Control Pty Ltd v Datakatch Pty Ltd [2016] FCA 815)

So in addition to complying with the Essential 8, privacy training, education on phishing, spear phishing, whaling and other access methods, you may want to consider alerting staff to the following: 

478.1(1) Criminal Codeunauthorised access to, or modification of, restricted data

  1. A person commits an offence if:
    1. the person causes any unauthorised access to, or modification of, restricted data; and
    2. the person intends to cause the access or modification; and
    3. the person knows that the access or modification is unauthorised.

The maximum penalty for unauthorised access to, or modification of, restricted data is two years’ imprisonment.

s.477.3(1) Criminal Code—unauthorised impairment of electronic communication

  1. A person commits an offence if:
    1. the person causes any unauthorised impairment of electronic communication to or from a computer; and
    2. the person knows that the impairment is unauthorised.

The maximum penalty for unauthorised impairment of electronic communication is 10 years’ imprisonment.

s.474.17 Criminal Code—using a carriage service to menace, harass or cause offence

  1. A person commits an offence if:
    1. the person uses a carriage service; and
    2. the person does so in a way (whether by the method of use or the content of a communication, or both) that reasonable persons would regard as being, in all the circumstances, menacing, harassing or offensive.

The maximum penalty for using a carriage service to menace, harass or cause offence is three years’ imprisonment.

Being aware of the serious consequences of improperly accessing  data may make staff that little bit more reluctant to interfere with your data.

If you have a query relating to any of the information in this article, or you would like to speak with somebody in Holman Webb's Business, Corporate and Commercial team in relation to privacy and the legal aspects of cyber, please don't hesitate to get in touch with Tal Williams today.


Recent Posts