Peter Timmins writes:
From a recent case note (S v Health Service Provider [2008] PrivCmrA 19) issued by the Federal Privacy Commissioner on whether reasonable steps were taken to protect personal information from misuse and loss and from unauthorised access, modification or disclosure:
“The Commissioner considered whether the steps taken by the health service provider, when it mailed copies of the complainant’s medical records and the original x-rays in the general mail to (another) health service provider, were ‘reasonable’ in the circumstances.”
Read more in Open and Shut