Luxottica loses lucrative contract because it sent personal information overseas
July 25, 2014 |
Under the Privacy Act Australian Privacy Principle 8, relating to personal information being sent off shore, is both detailed, comprehensive and can be complicated. It must necessarily be so given the significant risks of sending personal information to overseas locations where the protections may not otherwise be sufficient. The Australian reports in Luxottica’s $33.5m contract axed after Defence personal data sent offshore that once the unauthorised transfer of personal information overseas was detected the Department of Defence took the only prudent course of conduct and terminated the contract. It will be interesting to see whether the Privacy Commissioner investigates.
The article provides:
LUXOTTICA Retail Australia, which owns the OPSM brand, has lost a $33.5 million contract after checks revealed it sent the personal information of some Defence personnel offshore.
Medibank Health Solutions moved quickly to terminate its contract with sub-contractor Luxottica after a routine review earlier this month revealed that the personal details of Defence staff seeking optical services had been sent to an unnamed overseas location.
It was one of the first commercial contracts to be severed resulting from a data sovereignty issue involving a government department.
Luxottica operates a large retail footprint, including nearly 400 OPSM stores.
A Medibank spokeswoman said an initial check by Luxottica revealed there had been a breach relating to the transfer of optical claims information overseas.
“We conduct rigorous reviews with our sub-contractors to ensure our (contract) obligations with Defence are met,” she said.
The spokeswoman said Defence has strict data sovereignty guidelines which stated that all staff-related information must reside onshore.
Medibank said Luxottica has confirmed it had taken steps to recover the optical records sent overseas.
According to Medibank, there was no evidence the information had been “passed on to any parties beyond those working for Luxottica”.
Medibank apologised for the breach and said other sub-contractors had provided assurances that all customer data was held onshore.
Luxottica, a global eyewear and eyecare player, was unavailable for comment at press time.
[…] Luxottica loses lucrative contract because it sent personal information overseas […]