Privacy Act

OAIC Notifiable Data Breaches report – July 2020

The Notifiable Data Breaches (NDB) scheme was established to improve consumer protection and promote better security standards to safeguard personal information in Australia.  The NDB scheme applies to all agencies and organisations who are protected by the Privacy Act 1988 (Cth) (Act) and required to take personal steps to secure personal information.

The Australian Information Commissioner (OAIC) publishes reports on notifications received under the NDB scheme to track the leading causes and sources of data breaches, and to draw attention to potential issues and areas that entities regulated under the Act need to have ongoing awareness of.  This article summarises the findings of the NDB Report for the period from 1 January to 30 June 2020. [Read more…]

Software as a Service agreements revisited

Offering software as a cloud-base software solution is important in this ever-increasing cloudy environment.  In a previous article we discussed the legal considerations for those commercialising a software as a service agreement (SaaS Agreement) as a business model.  Below we revisit SaaS Agreements and set out key issues to consider when going to market. [Read more…]

What is a data breach response plan and how do I get one?

On 23 February 2018 the notifiable data breach scheme (Scheme) was enacted, through legislation amending the Privacy Act 1988 (Cth) (Privacy Act), making it mandatory for certain (eligible) entities to notify affected individuals about eligible data breaches.  In talking to clients in this area, there appears to be some confusion about what an eligible organisation has to do to prepare for this. [Read more…]

Notifiable Data Breach Scheme commences 23 Feb 2018

As of 23 February 2018 a new notifiable data breach scheme (Scheme) will be enacted through legislation amending the Privacy Act 1988 (Cth) (Privacy Act) making it mandatory for certain entities to notify affected individuals about eligible data breaches.

[Read more…]

The Meaning of Personal Information

In the recent case of The Privacy Commissioner v Telstra Corporation Limited [2017] FCAFA 4, the question was raised as to whether the words “personal information” had any bearing on what information an individual could request from an organisation under the Privacy Act 1988 (Cth) (Act). [Read more…]

Privacy determination –Sensitive Information held in garden shed

The Privacy Commissioner, Timothy Pilgrim, has found that a Melbourne medical centre has breached the Privacy Act 1988 (Cth) (Privacy Act) in failing to provide adequate security to protect Sensitive Information contained in medical information. The breach occurred before the Australian Privacy Principles (APPs) took effect and therefore the medical centre was found to have breached the National Privacy Principles (NPPs).

[Read more…]

Send this to a friend