No. 1 Story

HP job cuts loom for Australian employees

A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.

read more

Related Articles

Lush, breach, shows, Australian, privacy, laws, are, toothless, tiger
Symantec shows how to patch a hole
In a masterful demonstration of security patchwork, security vendor Symantec demonstrated to the world...
Read More
NSW Police in major privacy breach
The NSW Police has been embroiled in controversy following a major privacy breach involving...
Read More
LAS sets up Australian office in Canberra
US-based name matching software developer, Language Analysis Systems (LAS), has set up an Australian...
Read More
Security costs skyrocket for Australian enterprises
Information security investments (manpower and financial) are spiralling upward, with over half of large...
Read More

More From

Popular Threads

Lush breach shows Australian privacy laws are a toothless tiger

David Heath
Wednesday, 16 February 2011 23:29

Business IT - Security

View Comments
Page 1 of 2

Despite storing the personal data of its customers without informing them via its privacy statement, the Australian privacy Commissioner has no ability to impose any penalty whatsoever upon Lush Cosmetics.

iTWire respects the Lush officials' decision to announce the breach and shut down their web site - in comments not included in the earlier article IP Payments' Director Mark Lewis noted that he was aware of many similar incidents that never saw the light of day. 

Australia, unlike many countries, has no mandatory disclosure laws.

Of interest here though is the company's privacy policy and their adherence to it.

According to Google's cache, the full extent of the Lush Cosmetics Australia privacy policy is as follows:

Your personal information
1. Your personal information is collected to enable us to:

  • Process your orders and/or
  • Inform you of special promotions, new catalogues and important changes to Lush Fresh Handmade Cosmetics that may be of interest to you. (Note: you may choose not to receive these types of notifications) and
  • Improve our services


2. Only on a need to know basis will some of your information be passed on to our delivery couriers and catalogue mailing houses to enable accurate and timely delivery of your orders and/or promotional materials and catalogues. Where appropriate and allowed by law we may also provide information to our collection agency.

3. Any inquiries concerning privacy matters please contact:
Privacy Officer (address provided)

4. Our organisation is:
Lush Fresh Handmade Cosmetics
ABN 240 77 737 663

According to this writer's casual glance, this appears to have two significant problems.  Firstly it is rather incomplete as a privacy statement and appears to lack many critical elements including statements on how data will be protected, how owners of the data might review and correct it and undertakings with regard to how the policy might evolve (amongst other issues).

Secondly, the company simply didn't adhere to it, particularly the opening statement of clause 2.

On the next page, we take expert advice on how a privacy policy ought to be constructed.


Start 1 2 Next 

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases