“I believe it’s important to harness the buying power of larger groups… but nothing should subsume appropriate privacy protection,” says wine columnist RICHARD CALVER. 

Autocorrect can go straight to he’ll. 

I am sometimes concerned at the extent to which I rely on technology and the increasing reliance on computers and mobile telephones for everyday transactions.

This year I bought wine from a large online wholesaler and online from a couple of vineyards and placed my faith in them by, amongst other things, providing my credit card details.

Given reliance on technology, it is therefore worrying when you know that your data has been published on the dark web, with concomitant threats to your computer’s security and, potentially, your financial welfare.

This was brought home by the recent Qantas data release and a prior release of my customer information from Medibank Private. These thoughts also arise from the planning for the purchase of holiday drinks. Should I order online or not? 

Mid-year, mate Tom and I had agreed to share a case of wine ordered via Vinomofo.

The Vinomofo website says that it created its company “in a little garage in Adelaide back in 2011, and in just over 10 years we’ve grown to a tribe of over 500,000 wine-loving mofos around the world.” 

That organisation had Tom’s details but not mine as I’d agreed to pay Tom post-purchase for my six wines.

Even so, I was annoyed when I recently read that Vinomofo had a finding against it by the Privacy Commissioner that it had interfered with the privacy of almost a million individuals (the cyber reach is obviously much greater than the customer base) by failing to take reasonable steps to protect the personal information from security risks. This led to a data breach.  

On October 17, the Privacy Commissioner published the results of her investigation into Vinomofo.

This investigation arose from a September 25 2022 data breach, where an unauthorised third party accessed and exfiltrated data from the Vinomofo database.

The nub of the commissioner’s finding was that Vinomofo had breached a privacy principle, which requires an entity that is subject to the Privacy Act to take reasonable steps to protect the personal information that it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure.

The company wasn’t penalised, but the commissioner specified steps to address interference.

The context was a data migration project. I believe that it is important to harness the buying power of larger groups and that generally Vinomofo does a good job in getting appropriate bargains. But nothing should subsume appropriate privacy protection.

In a response to the commissioner’s findings published in Daily Wine News, Vinomofo said: “We have… taken steps to further strengthen our information security environment, governance and staff training since the incident. We will continue to do so in line with Vinomofo’s spirit of continuous improvement as a business.

“We understand the importance that our customers place upon their personal information, and the protection of their information and privacy is always our utmost priority.”

It’s important that whatever business you deal with online they have rock solid privacy protection.  

“Privacy is not an option, and it shouldn’t be the price we accept for just getting on the internet.” –Gary Kovacs