Office of the Australian Information Commissioner

The Cosmetic Institute

Retrieved on: 
Monday, October 31, 2022
OAIC, Risk, Cosmetic, Privacy Act 1988, Office of the Australian Information Commissioner, Privacy, Government, NDB, Medical device, Cryptocurrency, Online shopping, Property management

The Cosmetic Institute

Key Points: 
  • The Cosmetic Institute
    On this page
    |Statement||Date|
    |The Cosmetic Institute privacy investigation launched||18 August 2017|
    |The Cosmetic Institute reported data breach||6 June 2017|
    The Cosmetic Institute privacy investigation launched
    18 August 2017
    On 15 August 2017, the Acting Australian Information Commissioner opened an investigation into The Cosmetic Institute data breach.
  • The data breach allegedly occurred after an error allowed the public to view The Cosmetic Institutes website index which included medical forms and images.
  • The Cosmetic Institute is cooperating with the Office of the Australian Information Commissioners (OAIC) inquiries.
  • The Cosmetic Institute reported data breach
    6 June 2017
    My office has contacted The Cosmetic Institute about this reported data breach.

New guide paves way for better data privacy management

Retrieved on: 
Monday, October 31, 2022
Machine learning, OAIC, Software, Risk, Privacy Commissioner, Office of the Australian Information Commissioner, University, Anonymity, ENDS, Privacy Act 1988, Freedom of Information Act 1982, Privacy, CSIRO, IOT, Legislation, Environment, Science, Information, Engineering, Robotics, Freedom, Government, Exercise, Research, Industry, Technology, Risk management, Medical device, Whaling, Online shopping

New guide paves way for better data privacy management

Key Points: 
  • New guide paves way for better data privacy management
    The Office of the Australian Information Commissioner (OAIC) and CSIROs Data61 have released a guide to assist organisations to de-identify their data effectively.
  • However, we need to remember that many of these data sets are made up of individuals personal information.
  • Deciding whether data should be released or shared and if so, in what form requires careful consideration.
  • At present, there is no publicly available, comprehensive risk management guide in Australia to assist organisations with de-identification.

Amazing Rentals data breach impacting QLD and NT customers

Retrieved on: 
Monday, October 31, 2022
Internet, Security, Caboolture, Queensland, NT, A Responsible Plan to End the War in Iraq, Office of the Australian Information Commissioner, Volunteering, OAIC, QLD, Privacy, ID, Property management, Online shopping, Risk management, Mineral wool

Amazing Rentals data breach impacting QLD and NT customers

Key Points: 
  • Amazing Rentals data breach impacting QLD and NT customers
    10 January 2018: Commissioner concludes investigation into Amazing Rentals data breach
    Customers of Amazing Rentals in Darwin, Caboolture and Toowoomba are being encouraged to take proactive steps to protect their identity following a data breach involving financial information.
  • Amazing Rentals leased household items to customers in Queensland and the Northern Territory.
  • The Office of the Australian Information Commissioner has shut down the page and is investigating this potential privacy breach.
  • Right now, all previous customers are encouraged to take proactive steps to protect their personal information and prevent ID theft.

New Notifiable Data Breaches scheme resources released

Retrieved on: 
Monday, October 31, 2022
NDB, Data management, Office of the Australian Information Commissioner, Commissioner, Publication, OAIC, Privacy, Property management

New Notifiable Data Breaches scheme resources released

Key Points: 
  • New Notifiable Data Breaches scheme resources released
    29 September 2017
    We have published new draft resources for the Notifiable Data Breaches (NDB) scheme to assist organisations in preparing for the schemes commencement on 22 February 2018.
  • The draft resources include:
    - assessing a suspected data breach
    - what to include in an eligible data breach statement
    - exceptions to notification obligations
    - a draft online form to assist organisations in preparing a statement about an eligible data breach to the Australian Information Commissioner
    - a new chapter to the OAICs Guide to privacy regulatory action on data breach incidents.
  • Were interested in your feedback, so if you have any comments on the draft resources, please send them to [email protected] before 23 October 2017.
  • These resources add to a range of publications developed by the OAIC on the NDB scheme requirements.

Australians continue to exercise information rights: OAIC Annual Report 2016–17 released

Retrieved on: 
Monday, October 31, 2022
Office, Efficiency, Freedom of Information Act, OAIC, FOI, Workload, Corporation, Privacy Commissioner, Office of the Australian Information Commissioner, Privacy, Privacy Act 1988, Civil service commission, Goal, Awareness, Environment, Information, APS, Freedom, NDB, Annual report, Whaling, Bank, Online shopping, Health insurance, Sales

Australians continue to exercise information rights: OAIC Annual Report 201617 released

Key Points: 
  • Australians continue to exercise information rights: OAIC Annual Report 201617 released
    The Office of the Australian Information Commissioner (OAIC) has released its Annual Report for 201617 highlighting its proactive and engaged approach to privacy and FOI regulation.
  • Australians continue to be early-adopters of new technologies, many of which are reliant on personal information.
  • Visit Annual Report 201617
    For further information about the OAIC, please visit www.oaic.gov.au or follow @OAICgov.
  • Background
    Annual Report 201617
    The OAICs Annual Report highlights our key achievements and performance outcomes for our privacy and FOI functions.

Mandatory data breach notification comes into force this Thursday

Retrieved on: 
Monday, October 31, 2022
Government agency, OAIC, Data management, Risk, Privacy Act 1988, Office of the Australian Information Commissioner, CII, ENDS, Privacy, Privacy Act, Commissioner, NDB, Exercise, Property management, Health insurance, Online shopping, Tutoring, Private investigator, Practice of law, Lease

= Mandatory data breach notification comes into force this Thursday =

Key Points: 
  • = Mandatory data breach notification comes into force this Thursday =
    The Office of the Australian Information Commissioner (OAIC) has released new resources for the Australian public ahead of the commencement of the Notifiable Data Breaches (NDB) scheme on 22 February 2018.
  • One of the new resources published by the OAIC, titled Receiving data breach notifications, provides useful guidance on what to expect when you receive a data breach notification, including how organisations might deliver notifications and when a privacy complaint can be made to the OAIC.
  • The other new resource, What to do after a data breach notification, provides a wide range of actions you can take to reduce the risk of experiencing harm after a data breach.
  • The OAIC has worked with consumer groups, not-for-profits, and Australian Government agencies in the development of these resources.
  • The Australian Information Commissioner, Timothy Pilgrim, said, the Notifiable Data Breaches scheme formalises a long-standing community expectation to be told when a data breach that is likely to cause serious harm occurs.
  • By reinforcing accountability for personal information protection, the NDB scheme supports greater consumer and community trust in data management.
  • Organisations are required to notify the Australian Information Commissioner in addition to notifying individuals affected by an eligible data breach (a data breach that is likely to result in serious harm).
  • Mandatory data breach notification: https://www.oaic.gov.au/media-and-speeches/statements/mandatory-data-bre...

Commissioner’s opening statement — Senate Estimates 27 February 2018

Retrieved on: 
Monday, October 31, 2022
Information management, Review, Office, Australasian Legal Information Institute, Efficiency, Senate, Assistance, Disagreement, OAIC, Freedom of Information Act 1982, Democracy, Interception, Health, FOI, Workload, Time, Capital, Privacy Commissioner, Government, Face, Privacy Act 1988, The Department, Office of the Australian Information Commissioner, Proceeds of Crime Act 2002, Civil service commission, National Health, Privacy Act, Personal Property Securities Register, Community, Commissioner, Public service, Crime, Legislation, Environment, Information, Freedom, NDB, Policy, Department, Research, IPS, Hearing, Committee, Private sector, Information commissioner, Medical device, Internet service provider, Private investigator, Property management, Financial adviser, Online shopping, Marketing, Cryptocurrency, Bank, Whaling, Telecommunication, Privacy
Key Points: 

Clarification regarding health data breaches

Retrieved on: 
Monday, October 31, 2022
NDB, Privacy Act, Risk, Awareness, Privacy Act 1988, Privacy, Commissioner, OAIC, Federal court, International Safe Harbor Privacy Principles, Office of the Australian Information Commissioner

Clarification regarding health data breaches

Key Points: 
  • Clarification regarding health data breaches
    Regarding a media report today that references data breaches of health information, the Office of the Australian Information Commissioner (OAIC) wishes to provide the following information:
    Since 22 February 2018, all organisations with obligations under the Privacy Act 1988 to secure personal information, including health service providers, have a legal obligation to notify affected individuals and the OAIC where there is a likely risk of serious harm to any of the individuals whose personal information is involved in the data breach.
  • This reflects one of the primary purposes of the Notifiable Data Breaches (NDB) scheme to ensure organisations notify individuals of a data breach involving their personal information to mitigate the risks of the data breach.
  • Ahead of the scheme commencing, the OAIC raised awareness of the scheme, including in the health services sector, to educate about the new obligations.
  • 15 of those concerned health service providers affecting a total of 119 individuals.

Statement on Commonwealth Bank of Australia incident in 2016

Retrieved on: 
Monday, October 31, 2022
Privacy, Commonwealth Bank of Australia v Barker, Australian Prudential Regulation Authority, Commonwealth Bank, Office of the Australian Information Commissioner, Prudential regulation, OAIC, CBA

Statement on Commonwealth Bank of Australia incident in 2016

Key Points: 
  • Statement on Commonwealth Bank of Australia incident in 2016
    The Office of the Australian Information Commissioner was notified of an incident by the Commonwealth Bank of Australia (CBA) in 2016.
  • Having regard to the findings in the report by the Australian Prudential Regulation Authority into the CBA released on Tuesday, the OAIC has made further inquiries in relation to this matter and has sought information from the CBA to satisfy the OAIC that the CBA has taken on board lessons learned from this incident, to ensure the privacy of customers personal information is adequately protected.
  • If anyone has concerns about this incident they can, in the first instance, contact CBA directly on 1800 316 433 and if not satisfied with their response they can contact the OAIC at www.oaic.gov.au or on 1300 363 992.

Statement on Family Planning NSW

Retrieved on: 
Monday, October 31, 2022
NDB, Office of the Australian Information Commissioner, OAIC, Risk, Environmental remediation, Medical device

Statement on Family Planning NSW

Key Points: 
  • Statement on Family Planning NSW
    The Office of the Australian Information Commissioner was notified by Family Planning NSW about a data breach incident that occurred on 25 April 2018.
  • The OAIC understands that Family Planning NSW is in the process of notifying individuals whose personal information may have been affected by the breach.
  • The OAIC has published a number of resources for those affected by a data breach and action they can take: https://www.oaic.gov.au/individuals/data-breach-guidance.
  • If anyone has concerns about this incident they can, in the first instance, contact Family Planning NSW directly on 1800 957 860 or [email protected] and if not satisfied with their response they can contact the OAIC at www.oaic.gov.au or on 1300 363 992.