Victorian Privacy and Data Protection Deputy Commissioner commences examination of privacy/security in Victorian Universities

October 21, 2020 |

Universities are prime targets for cyber attack as well as just poor data handling.  In the former category the Australian National University suffered a massive and prolonged data breach over 2018/2019 caused by overseas actors, probably Chinese (my post here) while more recently the University of Tasmania had a significant data breach involving over 19,000 names through incompetent data protection (my post here).

Today the Victorian Privacy and Data Protection Deputy Commissioner commences an examination of how Victorian universities protect personal information.  The press release provides:

Victoria’s Privacy and Data Protection Deputy Commissioner has commenced an examination into the protection of personal information in Victorian universities.

The governance practices and policies of eight Victorian universities that have privacy obligations under the Privacy and Data Protection Act 2014 (Vic) (PDP Act) will be examined.

The examination will consider each university’s approach to identifying and managing security risks to personal information and supporting policy documentation.

The purpose of the examination is to ensure that Victorian universities protect personal information as required by the Information Privacy Principles (IPPs). The IPPs are the foundation of privacy law in Victoria and set out the minimum standard for how Victorian public sector organisations should manage personal information.

IPP 4.1 requires Victorian public sector organisations to take reasonable steps to protect the personal information they hold from misuse, loss, unauthorised access, modification, and disclosure. To comply with IPP 4.1, organisations should identify security risks to the personal information they hold and take reasonable precautions to manage those risks.

At the conclusion of the examination the Privacy and Data Protection Deputy Commissioner will prepare a report outlining the results of the examination.

Unfortunately the Victorian regulator has no powers to bring action against those in breach of the legislation.

Leave a Reply





Verified by MonsterInsights