Information security obligations for Australian businesses under the Privacy Act: a reminder from the OAIC

By Alec Christie and Reyhaneh Saadati

At the launch of this year’s Privacy Awareness Week on 29 April 2013, the Office of the Australian Information Commissioner (OAIC) released its new guide to information security — ‘Reasonable Steps to Protect Personal Information’. The guide aims to assist Australian businesses and those carrying on business in Australia to interpret the continuing requirement under the Privacy Act (both under the current and the amended law) to ‘take reasonable steps’ to protect the personal information they hold.

Under the current Privacy Act, there is an obligation to take ‘reasonable steps’ to protect information from misuse, loss, unauthorised access, modification or disclosure. This obligation is continued in the new APP 11 (effective from 12 March 2014) with the addition of a new obligation to protect the information from ‘interference’. Given that the obligations under the new APP 11 remain largely unchanged, information security obligations should be ‘old news’ to those carrying on business in Australia.

However, in the media release accompanying the guide, the OAIC warned that ‘information security is now the major issue affecting consumer privacy’, with 100 per cent of the high-profile investigations completed by the Australian Privacy Commissioner in 2011–12 involving data security issues. Our experience confirms the current general lack of awareness among Australian businesses of their information security obligations under the Privacy Act…

Click on the link below to read the rest of the DLA Piper briefing.

Briefings from DLA Piper

View more briefings from DLA Piper

Analysis from The Lawyer

View more analysis from The Lawyer


3 Noble Street

Turnover (£m): 1,539.00
No. of lawyers: 4,374(UK 200)
Jurisdiction: Global
No. of offices: Over 75
No. of qualified lawyers: 625 (International 50)