Australia: Guide to securing personal information issued
Published 19 January 2015
Following the issue of a guide to information security, the Office of the Australian Information Commissioner (OAIC) has released a guide to securing personal information (the Guide).
The Guide contains five ‘reasonable steps’ to help entities subject to the Privacy Act 1988 meet their obligations under the Australian Privacy Principles.
In summary the five ‘reasonable steps’ are:
- Consider whether to collect personal information
- Privacy by design
- Assessing the risks
- Taking appropriate steps and putting into place strategies to protect personal information
- Destroy or de-identify personal information
The Guide is not legally binding, but will be taken into account by the OAIC when it is conducting assessments.
A finalised version of the Guide is available here.
What action could be taken to manage risks that may arise from this development?
If your company operates in Australia, it should take into account these Guidelines when processing personal information in Australia to assist compliance with local data protection laws.