Friday, 8 August 2014

Privacy Commissioner details 'reasonable steps' for data security

By Paris Cowan -

The Office of the Australian Information Commissioner (OAIC) has finally released comprehensive guidance on the information security provisions it expects organisations to have in place to ensure they stay on the right side of the Privacy Act.

The new legislation, which applies to all entities turning over more than $3 million in a year, states that in the case of a company’s information stores being violated or destroyed, the entity will be held in breach of the Act unless it took “reasonable steps” to protect that data in the first place. Since March, the OAIC can hand out fines of up to $1.7 million.

But exactly what these “reasonable steps” involve is a question that has puzzled Australian business since the legislation was unveiled.

To address the uncertainty, the OAIC today released a comprehensive guide to avoiding the Privacy Commissioner’s condemnation.

The document is not binding, but the Office said it is the checklist it plans to use when assessing whether an entity is liable for a data breach or whether it has met its obligations under the Privacy Act.

Read more . . . .

The OAIC is inviting feedback on the guidance until Wednesday 27 August 2014.

Our Submission to OAIC.