The Office of the Australian Information Commissioner (OAIC) has declared the Optus data breach has highlighted a number of organisations in Australia who hold personal information and how they are expected to hold them.
According to the Australian Information Commissioner and Privacy Commissioner, Angelene Falk (pictured), the OAIC has been seeking information from Optus to ensure it was complying with the requirements of the Notifiable Data Breaches (NDB) scheme.
“Under the NDB scheme, organisations covered by the Privacy Act 1988 must notify affected individuals and the OAIC as quickly as possible if they experience a data breach that is likely to result in serious harm to individuals whose personal information is involved,” Commissioner Falk said.
“This is a significant incident that is of great concern to millions of Australians,” she said.
“The situation has highlighted a number of issues that all organisations who hold personal information should consider.”
She said all organisations needed to assess the risk a data breach posed to compromising their own customers’ data and ensure additional safeguards were in place.
“Entities covered by the Privacy Act must take reasonable steps to protect the personal information that they hold from misuse, interference, loss, unauthorised access, modification or disclosure,” Commissioner Falk said.
“Organisations should also make sure that they are only gathering personal information that is necessary to carry out their business,” she said.
“When that information is no longer required, they must take reasonable steps to destroy or de-identify the personal information they hold.
“Collecting and storing unnecessary information breaches privacy and creates risk.”
She said that if any organisation experienced a data breach likely to result in serious harm, the organisation must be as clear and timely as possible determining what kind of personal information is involved.
“This allows individuals to take steps to reduce their risk,” Commissioner Falk said.
“It also enables organisations across the economy to put in place more targeted security controls.”
She said Australians needed to have the trust and confidence that there is an appropriate regime that incentivises organisations to proactively protect personal information.
Further information about resources available to Optus customers can be found on the OAIC’s website at this PS News link.
