An entity that is required to comply with the Privacy Act 1988 must take reasonable steps to protect the personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure. This extends to situations where an entity engages a third party to store, maintain or process personal information on its behalf.
New provisions will take effect on the 22nd February 2018.
In February, 2017, the Australian Commonwealth government passed the Privacy Amendment (Notifiable Data Breaches) Bill 2016, which will amend the Privacy Act, making it mandatory for companies and organisations to report “eligible data breaches” to the Office of the Australian Information Commissioner (OAIC) and any affected, at-risk individuals.
Does the Privacy Act apply to my organisation?
Australian Government agencies and all businesses and not-for-profit organisations with an annual turnover more than $3 million have responsibilities under the Privacy Act, subject to some exceptions.
Some small business operators (organisations with a turnover of $3 million or less) are covered by the Privacy Act including:private sector health service providers. Organisations providing a health service include:traditional health service providers, such as private hospitals, day surgeries, medical practitioners, pharmacists and allied health professionalcomplementary therapists, such as naturopaths and chiropractorgyms and weight loss clinicchild care centres, private schools and private tertiary educational institutions.businesses that sell or purchase personal informationcredit reporting bodies. More information about responsibilities under the Privacy Act can be found here.
What are reasonable steps?
The reasonable steps entities should take to ensure the security of personal information will depend on the circumstances, including the following:the nature of the entity holding the personal informationthe amount and sensitivity of the personal information heldthe possible adverse consequences for an individualthe information handling practices of the entity holding the informationthe practicability of implementing the security measure, including the time and cost involvedwhether a security measure is itself privacy invasive.Guidance from the OAIC on what “reasonable steps” are may be found here.
Reasonable steps would include:Performing or conducting Privacy Impact Assessments (PIA)Implementing Privacy by design principlesPerforming information security risk assessmentsCreating and maintaining a Privacy PolicyHaving a comprehensive and up to date set of information security policiesRestricting physical and logical access to personal information on a “need-to-know” basisKeeping your software up to date and currentEmploying multi factor authenticationConfiguring your systems for securityEmploying end point security softwareSecurity monitoring tools to detect breachesUsing network security toolsPenetration testing exercisesVulnerability assessmentsHaving a data breach response process
Contact us for more information.
Pingback: Buy Exelon (Rivastigmine) 6mg, 4.5mg, 3mg, 1.5mg - Best Prices 2023
Pingback: methotrexate buy
Pingback: gabapentin price
Pingback: zetia tablets 10mg
Pingback: generic etodolac
Pingback: buy generic strattera
Pingback: cheap oxcarbazepine
Pingback: risperdal tablets
Pingback: buy baby benadryl
Pingback: order ventolin online
Pingback: colchicine tablets dosage gout
Pingback: nitrofurantoin online
Pingback: buy zocor heart pro
Pingback: diltiazem hcl tablets
Pingback: order diclofenac uk
Pingback: buy meclizine cvs
Pingback: buy naltrexone no prescription
Pingback: pioglitazone online
Pingback: prednisone online
Pingback: generic alendronate
Pingback: buy olanzapine zyprexa
Pingback: generic amantadine
Pingback: buy requip online no prescription
Pingback: cheap triamterene
Pingback: bentyl online
Pingback: buy clomid and arimidex
Pingback: fluoxetine 2023
Pingback: dulcolax 5mg
Pingback: compazine 25 mg tablets
Pingback: elavil for sleep disorder
Pingback: diclofenac xr tablets
Pingback: cheap singulair generic
Pingback: pentoxifylline prices
Pingback: buy furosemide 2023
Pingback: doxazosin prices
Pingback: topamax sale
Pingback: cheap cetirizine
Pingback: what pain pills can you take with coumadin
Pingback: dexamethasone sleeping pills
Pingback: seroquel for sale online
Pingback: buy zofran australia
Pingback: omnicef price
Pingback: buy premarin nasal spray
Pingback: reglan price
Pingback: cheap motrin
Pingback: generic lansoprazole
Pingback: losartan prices
Pingback: buy prazosin
Pingback: depakote and birth control pills
Pingback: order depo medrol for cats
Pingback: metformin online
Pingback: how to buy celebrex
Pingback: buy phenazopyridine online
Pingback: prednisolone online
Pingback: buy clonidine
Pingback: buy goodyear allegra in canada
Pingback: amlodipine generic
Pingback: zyprexa 5mg
Pingback: buy toradol
Pingback: discount januvia canada
Pingback: nexium prices
Pingback: dramamine online
Pingback: promethazine-codeine buy uk
Pingback: generic tamsulosin
Pingback: carbamazepine generic
Pingback: aricept online cheap
Pingback: haloperidol price
Pingback: lisinopril 5mg
Pingback: buy prilosec canada
Pingback: atarax tabletes 25mg
Pingback: where to order depo provera
Pingback: can you buy allopurinol over the counter
Pingback: can buy ventolin online
Pingback: clonidine buy uk