Protecting personal information

Written on the 7 February 2014 by Macmillans Waller Fry

As businesses prepare for the Privacy Act reforms that are coming into play in March 2014, it is important they also look at the security of the personal information they hold.

The Office of the Australian Information Commissioner (OAIC) has released a “Guide to Information Security: reasonable steps to protect personal information.”

This Guide provides information to businesses on the measures they need to be taking to protect personal information, including sensitive information.

Currently, the Information Privacy Principles (IPPs) and the National Privacy Principles (NPPs) require businesses to take ‘reasonable steps’ to protect the personal information that they hold from misuse, loss and from unauthorised access, use, modification or disclosure.

This obligation is retained in the new Australian Privacy Principles (APPs). However, it is important to note that APP 11 requires a business to take the further step of protecting personal  information from ‘interference.’

The inclusion of this is intended to recognise that attacks on personal information could also include interference such as computer hacking.

When the OAIC investigates a potential breach of the APPS, it will consider two factors: 

  1. the steps that the business took to protect the information 
  2. whether those steps where reasonable in the circumstances

Here are some steps and strategies that businesses could consider in order to protect personal information:

IT security: Using effective IT measures, as well as ensuring websites are secure and safe for individuals to use.

Physical security: Regulating access to the workplace and securing workshops and storage areas.

Testing: Regular testing of security systems to identify any weaknesses that require attention.

Workplace policies: Training staff on their responsibilites under the businesses privacy policy, as well as conducting compliance reviews.

The Guide also outlines what is considered to be a ‘reasonable step’ in ensuring the security of personal information. This includes the nature of the business holding the  personal information, the nature of the information being held, the risk of harm and the data handling practices.

Whilst the Information Security Guide is not binding, the OAIC has stated that it will refer to the Guide when assessing a business’s  compliance with its obligations under the Privacy Act.


Author: Macmillans Waller Fry

 

Spouse contributions – when are you eligible for a tax offset?

Contributions made on behalf of your spouse to a complying superannuation fund or a retirement savings account (RSA) may be eligible for a tax offset. The 2019/2020 tax rules allow you to claim an 18% tax offset on super contributions up to $3,000 on behalf of your spouse. While you are able to co...
Read More...


Building your interpersonal skills at work

Demonstrating strong interpersonal skills in the workplace can boost your performance and improve your experience at work by promoting positive workplace relationships. Interpersonal skills that will help employees thrive amongst each other can include communication skills, negotiation, problem s...
Read More...

associations

 

 

Who we are

 

What we do

 

Macmillans - Accountants

Address:40 Church Street

Maitland NSW 2320

Phone:02 4933 4444

Fax:02 4933 7781

Email

 

Online PaymentContact Us