The Office of the Australian Information Commissioner (OAIC) has begun investigating the personal information handling practices of Medibank following the recent data breach.
Australian Information Commissioner and Privacy Commissioner Angelene Falk said the decision to investigate Medibank followed preliminary inquiries into the matter the OAIC commenced in October.
She said the investigation would focus on whether Medibank took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure.
“The investigation will also consider whether Medibank took reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles (APPs),” Commissioner Falk said.
“If the OAIC’s investigation satisfies the Commissioner that an interference with the privacy of individuals has occurred, the Commissioner may make a determination that can include requiring Medibank to take steps to ensure the act or practice is not repeated or continued, and to redress any loss or damage,” she said.
“If the investigation finds serious and/or repeated interferences with privacy in contravention of Australian privacy law, then the Commissioner has the power to seek civil penalties through the Federal Court of up to $2.2 million for each contravention.”
Given that the breach involves sensitive information, Commissioner Falk reminded affected Medibank customers that they could seek assistance through Medibank’s helpline on 13 23 31.