Skip to main content
SpringerLink
Log in

Personal Data and Cybersecurity [Crime]

  • Chapter
  • First Online:
Data Protection Law

  • 1331 Accesses

Abstract

This Chapter highlights how personal data has become an important tool in cyber-crime. This Chapter also discusses the issues associated with the collection and use of personal data by law enforcement agencies investigating criminal offences. The Chapter brings together the discussions already highlighted in Chaps. 13 and 14 that relate to personal data being stolen to enhance the ability for organisation to increase their market position and obtain intellectual property. The issues surrounding personal data and criminal law are vast and varied. It is outside the scope of this Chapter to explore all these variables. Even so, to date, there has been little scholarly work on the relationship between personal data and criminal law.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 129.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Stratton G., Powell A., Cameron., R Crime and Justice in Digital Society: Towards a ‘Digital Criminology’? International Journal for Crime, Justice and Social Democracy 6(2): (2017) pp. 17–33.

  2. 2.

    Ibid.

  3. 3.

    Holt, T., Bossler, A An assessment of the current state of cybercrime scholarship. Deviant Behavior 35(1) (2014) pp. 20–40 DOI:https://doi.org/10.1080/01639625.2013.822209

  4. 4.

    Ibid.

  5. 5.

    Clough, J Principles of Cybercrime, Faculty of Law, Monash University Cambridge University Press, New York (2010).

  6. 6.

    Ibid.

  7. 7.

    Ibid.

  8. 8.

    Personal data theft behind 65% of all fraud cases, says United Kingdom Fraud Prevention Service https://www.out-law.com/en/articles/2013/january/personal-data-theft-behind-65-of-all-fraud-cases-says-uk-fraud-prevention-service/, accessed 9 November 2018.

  9. 9.

    Ibid.

  10. 10.

    Stratton G, Powell A and Cameron R Crime and Justice in Digital Society: Towards a ‘Digital Criminology’? International Journal for Crime, Justice and Social Democracy 6(2): (2017) pp. 17–33.

  11. 11.

    Ibid.

  12. 12.

    Ibid.

  13. 13.

    Hollywood., J Michael., J. Vermeer., M, Woods., D, Goodison., S, Jackson, B Using Social Media and Social Network Analysis in Law Enforcement, Creating a Research Agenda, Including Business Cases, Protections, and Technology Needs, https://www.rand.org/content/dam/rand/pubs/research_reports/RR2300/RR2301/RAND_RR2301.pdf, accessed 8 November 2018.

  14. 14.

    Raul, AC Privacy, Data Protection and cybersecurity Law Review, 4th Edit, Law Business Research Ltd. (2017), pp. 2–5.

  15. 15.

    Ibid.

  16. 16.

    Ibid.

  17. 17.

    Council of Europe’s Convention on Cybercrime 2001 European Treaty Series - No. 185, 1981 Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data. The preamble goes onto state Recalling Committee of Ministers Recommendations No. R (85) 10 concerning the practical application of the European Convention on Mutual Assistance in Criminal Matters in respect of letters for the interception of telecommunications, No. R (88) 2 on piracy in the field of copyright and neighbouring rights, No. R (87) 15 regulating the use of personal data in the police sector, No. R (95) 4 on the protection of personal data in the area of telecommunication services, with particular reference to telephone services, as well as No. R (89) 9 on computer-related crime providing guidelines for national legislatures concerning the definition of certain computer crimes and No. R (95) 13 concerning problems of criminal procedural law connected with information technology.

  18. 18.

    Australia signed and ratified the Council of Europe’s Convention on Cybercrime 2001, in 2013.

  19. 19.

    Japan signed and ratified the Council of Europe’s Convention on Cybercrime 2001, in 2012.

  20. 20.

    Note for further discussion regarding the GDPR and the concept of consent, see Chaps. 10 and 11.

  21. 21.

    Japan signed and ratified the Council of Europe’s Convention on Cybercrime 2001, in 2012.

  22. 22.

    Ibid.

  23. 23.

    Directive (EU) 2016/1148 of the European Parliament and the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. Official journal of the European Union, L 194, 19.7.2016, p. 1–30.

  24. 24.

    Ibid.

  25. 25.

    Ibid.

  26. 26.

    Ibid.

  27. 27.

    Ibid.

  28. 28.

    Ibid.

  29. 29.

    Ibid.

  30. 30.

    Ibid, Article 2 and 15.

  31. 31.

    An organization is considered to have links to Australia link when the organization is a company incorporated in Australia, or if the organization carries on business in Australia and collects or holds personal information in Australia.

  32. 32.

    Australian Privacy Principle 11, An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, as well as unauthorized access, modification or disclosure. Where an APP entity no longer needs personal information for any purpose for which the information may be used or disclosed under the APPs, the entity must take reasonable steps to destroy the information or ensure that it is de-identified. This requirement applies except where: the personal information is part of a Commonwealth record, or the APP entity is required by law or a court/tribunal order to retain the personal information.

    Many of the issues discussed in this Chapter are discussed in more detail in the Office of the Australian Information Commissioner’s (OAIC) Guide to securing personal information.

  33. 33.

    Privacy Act section 26WA.

  34. 34.

    Australian Government, Protective Security Policy Framework,https://www.protectivesecurity.gov.au/Pages/default.aspx, accessed 8 November 2018.

  35. 35.

    Australian government Attorney General Department, https://www.protectivesecurity.gov.au/directive/Pages/directive-security-government-business.aspx, accessed 10 November 2018.

  36. 36.

    Ibid.

  37. 37.

    Ibid.

  38. 38.

    Ibid.

  39. 39.

    Personal Data Protection Act 2010.

  40. 40.

    Ibid.

  41. 41.

    Ibid.

  42. 42.

    Ibid.

  43. 43.

    Mycert Incidents Statistics www.mycert.org.my/statistics/2016.php, accessed 8 November 2016.

  44. 44.

    Communications and Multi Media Act 1998, sections 231, 233, 234, 235. Personal Data Protection Act 2010. Sectoral regulators such as Securities Commission Malaysia have been actively tackling issues relating to cybersecurity in relation to their relevant sectors by issuing guidelines and setting standards for compliance.

    The PDPA does not constrain government access to personal data, as discussed in Section VI. The reasons given to justify broad government access and use include national security, law enforcement and the combating of terrorism.

  45. 45.

    Cybersecurity Malaysia, http://www.cybersecurity.my/data/content_files/46/1634.pdf, accessed 12 November 2018.

  46. 46.

    Basheer Ahmad Maula Sahul Hameed v PP [2016] 6 CLJ 422.

  47. 47.

    Ibid.

  48. 48.

    Act on the Protection of Personal Information 2016, Article 25, 26, 83.

  49. 49.

    Ibid, Article 20.

  50. 50.

    Guidelines on Protection of Personal Information in the Employment Management (Announcement No. 357 of 14 May 2012 by the Ministry of Health, Labour and Welfare). Guidelines Targeting Financial Sector Pertaining to the Act on the Protection of Personal Information (Announcement No. 63 of 20 November 2009 by the Financial Services Agency). Guidelines Targeting Medical and Nursing-Care Sectors Pertaining to the Act on the Protection of Personal Information (Announcement in April 2017 by the PCC and the Ministry of Health, Labour and Welfare). General Guidelines regarding the Act on the Protection of Personal Information dated November 2017 (partially amended March 2017).

  51. 51.

    Basic Act on Cybersecurity 2014, Article 1.

  52. 52.

    Act on the Protection of Personal Information 2016.

  53. 53.

    Ibid.

  54. 54.

    Ibid.

  55. 55.

    Cybersecurity Act 2018 (No. 9 of 2018), Cybersecurity Agency Singapore.

  56. 56.

    Act 9 of 2018 wef 31/08/2018.

  57. 57.

    [2001] 1 SLR(R) 631.

  58. 58.

    Act 9 of 2018 wef 31/08/2018.

  59. 59.

    Public Prosecutor v S Kalai Magal Naidu [2006] SGDC 226.

  60. 60.

    Ibid.

  61. 61.

    Public Prosecutor v Tan Hock Keong Benjamin [2014] SGDC 16.

  62. 62.

    Ibid.

  63. 63.

    Act 9 of 2018 wef 31/08/2018.

  64. 64.

    Ibid.

  65. 65.

    Ibid.

  66. 66.

    Information Technology Act 2000.

  67. 67.

    Guidelines on Information security, Electronic Banking, Technology risk management and cyber frauds, https://rbidocs.rbi.org.in/rdocs/content/PDFs/GBS300411F.pdf, accessed 10 November 2018.

  68. 68.

    Information Technology Act 2000, section 72, IT Act states that save as otherwise provided in this Act or any other law for the time being in force, if any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made thereunder, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to2 years, or with fine which may extend to one lakh rupees, or with both.

  69. 69.

    Ibid, provides that save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to 3 years, or with fine which may extend to five lakh rupees, or with both.

  70. 70.

    Ibid.

  71. 71.

    State of Odisha v. Jayanta Das G.R. Case No. 1739/2012 T.R. No. 21/2013.

  72. 72.

    Ibid.

  73. 73.

    Electronic Transactions Law No. 19 of 2016, Articles 2, 4, 5, 30, 35.

  74. 74.

    Chisholm, J Indonesia launches cyber agency to combat country’s extremism and fake news, http://sea-globe.com/indonesia-cybersecurity/, accessed 8 November 2018.

  75. 75.

    Thailand Penal Code, B.E. 2499, 1956.

  76. 76.

    Toomgum, S Cybersecurity Centre on way, The Nation, http://www.nationmultimedia.com/detail/Startup_and_IT/30342035, accessed 10 November 2016.

  77. 77.

    Ibid.

  78. 78.

    Ibid.

References

Download references

Author information

Authors and Affiliations

  1. Victoria University, Melbourne, VIC, Australia

    Robert Walters

  2. Faculty of Law, University of New South Wales, Kensington, NSW, Australia

    Leon Trakman

  3. University of Western Australia, Crawley, WA, Australia

    Bruno Zeller

Authors
  1. Robert Walters
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Leon Trakman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bruno Zeller
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Walters, R., Trakman, L., Zeller, B. (2019). Personal Data and Cybersecurity [Crime]. In: Data Protection Law. Springer, Singapore. https://doi.org/10.1007/978-981-13-8110-2_15

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-8110-2_15

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-8109-6

  • Online ISBN: 978-981-13-8110-2

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation