Archived Posts Lists

Australian Regulatory Compliance Review
Australian Technology and IP Business
Credit Union and Mutual Law
National Consumer Credit Reform
Personal Property Securities Australia
Longview Business Insights
Australian Private Health Insurers
Wills, Trusts, Super
Mutuals Resource Centre


Commonwealth legislation
Corporate Governance
Not-for-Profit links
Regulator Links

July 24, 2012

No privacy breach by Dell and Epsilon

The Privacy Commissioner has decided that a sophisticated cyber attack on an organisation does not necessarily mean that the organisation has failed to take ‘reasonable steps' as required by NPP 4.1.

The Privacy Commissioner conducted investigations after Dell Australia informed the OAIC that data relating to Dell Australia's consumer, small and medium business customers had been compromised by unauthorised access to Epsilon's email system and that this involved customers' email addresses as well as first and last names.

The investigation focused on whether the overall security safeguards in place within Epsilon and Dell Australia were consistent with the National Privacy Principles contained in Schedule 3 of the Privacy Act.

The Privacy Commissioner considered that at the time of the incident Epsilon had reasonable steps in place to protect the personal information it held and in his view Epsilon has met its obligations under NPP 4.1 of the Privacy Act.

In the Commissioner's view, by entering into the contractual agreement with Epsilon, Dell Australia had reasonable steps in place to protect the personal information it holds from misuse and loss and had met its obligations under NPP 4.1.

Print This Post Print This Post

Posted 24th July 2012 by David Jacobson in Privacy