The Guide provides guidance and practical examples of the
"reasonable steps" entities are required by law to
protect personal information and dispose of it when no longer
needed. While the Guide is not legally binding; the OAIC will refer
to it when conducting its compliance assessment functions.
Amongst the proposed recommendations for organisations to
incorporate a privacy framework are to:
Conduct a Privacy Impact Assessment (PIA),
Conduct an information security risk assessment to inform any
Establish a privacy "governance body" that defines
and implements information security measures.
Part A of the Guide recognises that there are a range of
circumstances and factors which may affect the assessment of what
constitutes "reasonable steps." Such circumstances
include the amount and sensitivity of personal information
involved;for example, where there is a high volume of sensitive
data being collected, the Guide recommends the deployment of higher
levels of protection.
Steps and strategies that may be reasonable for an organisation
to take are outlined in Part B of the Guide. The Guide proposes
that organisations should consider the following steps to protect
personal information: governance, culture and training; internal
practices, procedures and systems; ICT security; access security;
third party providers; data breaches; physical security;
destruction or de-identification of personal information; and
Perhaps nothing particularly new or innovative... but together
with those guidelines published by other data protection
authorities worldwide, this Guide can be a useful aid to those
organisations looking to assess their security risks and take steps
in planning, implementing, and reviewing measures to improve their
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).