Alison Baker and Rhiannon Nixon of Hall & Wilcox write:
The Office of the Australian Information Commissioner (OAIC) has ordered Comcare to pay a Defence Force employee $23,000 after it inadvertently published on its website personal information, including sensitive health information, about the employee.
For organisations with obligations under the Privacy Act 1988 (Cth), this case highlights:
- the importance of having in place appropriate security mechanisms to protect personal information and
- how a proactive and prompt response to a privacy breach can minimise the damage to an affected individual and the liability faced by the offending organisation.
Read more on Lexology.