Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Catch of the Day: off the hook

Tag-and-release for big fish

Retail coupon operator Catch-of-the-Day has escaped penalty over sitting on a data breach for three years.

The 2011 data breach was notified to the Office of the Australian Information Commissioner (OAIC) in 2014. Catch of the Day put the delay down to deciding that the hashed passwords in the compromised systems "might" be at risk of being recovered due to "technological advances".

The privacy watchdog has now woken up and scratched out a response that it “does not intend to take any further action in relation to the incident at this time”.

Catch of the Day had better watch out, though: it's going to have to report back to the OAIC in three months about its “privacy governance and related matters”.

There's no news on what the OAIC thinks of sitting on a breach for three years, and while the watchpuppy says CoTD has conducted a privacy review, it doesn't think the outside world needs to know the details.

The OAIC has stated that CoTD notified banks, credit card companies and the police, brought in a third party investigator of some kind, rebuilt its e-commerce platform, and brought itself into compliance with the PCI data security standards.

The company never revealed the scale of the breach, and in 2014 was criticised for telling customers it had notified the Australian Federal Police before it had actually done so.

One reason the OAIC decided not to impose penalties is that there were, apparently, no complaints from individuals that their information had been misused. “The OAIC may conduct further enquiries if complaints are received from people who have been adversely affected by this incident,” the office's media statement says. ®

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like