DLA Piper writes:
The Australian Privacy Commissioner has found that a suburban Melbourne medical practice has breached the Privacy Act 1988 (Cth) by failing to take reasonable steps to secure personal information in its possession.
[…]
The Pound Road Medical Centre (PRMC) moved premises in 2011 and believed that all paper-based medical records had been transferred to its new premises. However, when a shed at the old premises was broken into in November 2013, the medical records of 960 patients were discovered. In addition the shed (which was only locked with padlocks) contained records of payments to medical practitioners, staff and other third parties such as WorkCover and the Victorian Transport Accident Commission. The voluminous number of records contained both personal information and sensitive information.
Read more on The Lawyer.