Preview
Archived Posts Lists

Australian Regulatory Compliance Review
Australian Technology and IP Business
Credit Union and Mutual Law
National Consumer Credit Reform
Personal Property Securities Australia
Longview Business Insights
Australian Private Health Insurers
Wills, Trusts, Super
Mutuals Resource Centre

Resources

Commonwealth legislation
Corporate Governance
Not-for-Profit links
Regulator Links

December 7, 2012

Draft OAIC guide to information security

The Office of the Australian Information Commissioner (OAIC) is conducting a public consultation and is seeking comments on a draft Guide to information security: Reasonable steps to protect personal information.

The guide is aimed at government agencies and the private sector and will cover the reasonable steps that entities have to take under the Privacy Act 1988 (Cth) to protect the personal information that they hold from misuse, loss and from unauthorised access, modification or disclosure. It is also relevant to credit reporting agencies (CRAs), credit providers and tax file number (TFN) recipients.

The guide also includes steps and strategies that entities should consider taking in order to secure personal information including:
•IT security
•data breaches
•physical security
•personnel security
•the information life cycle
•workplace policies
•communications security
•standards

Although it will not be binding, the OAIC will refer to the guide when assessing an entities compliance with its information security obligations in the Privacy Act.

Print This Post Print This Post

Posted 7th December 2012 by David Jacobson in Consumer Law, Financial Services, Privacy, Risk Management