26 September 2023

OAIC to check Medibank’s practices

Start the conversation

The Office of the Australian Information Commissioner (OAIC) has begun investigating the personal information handling practices of Medibank following the recent data breach.

Australian Information Commissioner and Privacy Commissioner Angelene Falk said the decision to investigate Medibank followed preliminary inquiries into the matter the OAIC commenced in October.

She said the investigation would focus on whether Medibank took reasonable steps to protect the personal information they held from misuse, interference, loss, unauthorised access, modification or disclosure.

“The investigation will also consider whether Medibank took reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles (APPs),” Commissioner Falk said.

“If the OAIC’s investigation satisfies the Commissioner that an interference with the privacy of individuals has occurred, the Commissioner may make a determination that can include requiring Medibank to take steps to ensure the act or practice is not repeated or continued, and to redress any loss or damage,” she said.

“If the investigation finds serious and/or repeated interferences with privacy in contravention of Australian privacy law, then the Commissioner has the power to seek civil penalties through the Federal Court of up to $2.2 million for each contravention.”

Given that the breach involves sensitive information, Commissioner Falk reminded affected Medibank customers that they could seek assistance through Medibank’s helpline on 13 23 31.

Start the conversation

Be among the first to get all the Public Sector and Defence news and views that matter.

Subscribe now and receive the latest news, delivered free to your inbox.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.