What does the Australian Information Commissioner do?

Posted on by Emilia Duggan

What does the Australian Information Commissioner do?

Our primary functions are privacy, freedom of information and government information policy. Our responsibilities include conducting investigations, reviewing decisions, handling complaints, and providing guidance and advice.

Who must be contacted when a notifiable data breach has occurred?

Australian Government For breaches involving tax file numbers (TFN), which may result in serious harm, NSW Government agencies are required under the federal Notifiable Data Breaches scheme to report the breach to the Office of the Australian Information Commissioner (OAIC).

Is there a data Protection Act in Australia?

The Privacy Act 1988 (Privacy Act) is the principal piece of Australian legislation protecting the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information in the federal public sector and in the private sector.

What is a notifiable data breach Australia?

Under the Notifiable Data Breaches scheme, an organisation or agency that must comply with Australian privacy law has to tell you if a data breach is likely to cause you serious harm. Examples of serious harm include: identity theft, which can affect your finances and credit report.

What are the 5 objectives of the Privacy Act 1988?

the collection, use and disclosure of personal information. an organisation or agency’s governance and accountability. integrity and correction of personal information. the rights of individuals to access their personal information.

What happens if you breach the Privacy Act 1988?

Compensation for Privacy Data Breaches under the Privacy Act 1988 (Cth) Data breaches involving individual’s personal, medical and financial/credit information can result in reputational damage and financial losses, particularly where the breaches result in identity theft.

How do I report a data breach in Australia?

To notify us of a data breach, you should use our online Notifiable Data Breach form. To see the type of information we need, view this read only training version.

Do companies have to tell you about data breaches?

All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have laws requiring private businesses, and in most states, governmental entities as well, to notify individuals of security breaches of information involving personally identifiable information.

Who regulates data protection in Australia?

The Australian Competition and Consumer Commission (ACCC) is responsible for administering the CDR regime pursuant to the Competition and Consumer Act 2010 (Cth). The APRA is responsible for regulating powers in accordance with CPS 231 and CPS 234.

Does Australian data need to be stored in Australia?

Data sovereignty means keeping Australia’s data here in Australia and in the hands of Australian people, our governments and our industry. This requires that our data be kept in data centres that are physically located in Australia (data residency), and only accessible by Australian people and companies.

What happens if I don’t report a data breach?

If you decide not to notify individuals, you will still need to notify the ICO unless you can demonstrate that the breach is unlikely to result in a risk to rights and freedoms. You should also remember that the ICO has the power to compel you to inform affected individuals if we consider there is a high risk.