Information Commissioner issues a statement regarding the MyDeal data breach

October 17, 2022 |

The Australian mandatory data breach notification regime while 4 years old has not attracted the overt public profile as other regimes overseas and has not resulted in high profile notifications until the Optus Data Breach.  In some American states notifications must be made to authorities who publish broad details of the data breach and how many residents of the state have been affected.  As such there is a better understanding of the frequency of data breaches and which businesses or agencies have suffered breaches.  In Australia relatively little is known of the notifications and data about breaches are confined to six monthly reports of raw numbers and the industries involved.

Last Saturday the Information Commissioner issued a statement about the MyDeal data breach confirming it had been contacted by the Woolworths Group about a da.  Whether this is the new normal for the Information Commission is yet to be seen.  It may be a brief high profile response at a time of increased focus on data breaches and privacy.

The Commissioner’s statement provides:

The Office of the Australian Information Commissioner (OAIC) confirms it has been notified by the Woolworths Group and made aware of the MyDeal data breach. Information on the breach is available on the MyDeal website here.

The OAIC will engage with Woolworths to ensure compliance with the requirements of the Notifiable Data Breaches (NDB) scheme in accordance with our usual process.

The initial focus is on ensuring that MyDeal customers are notified and have information and resources available to take steps to protect themselves from any further risk to their personal information. Following a breach, individuals need to be alert to scams and any suspicious or unexpected activity on their personal accounts or devices. Check the Scamwatch website for information.

Under the NDB scheme, organisations covered by the Privacy Act 1988 must notify affected individuals and the OAIC as quickly as possible if they experience a data breach that is likely to result in serious harm to individuals whose personal information is involved.

The NDB scheme ensures individuals are informed and can take steps to protect themselves from any further risk.

Under the Privacy Act, organisations have obligations to protect against unauthorised access, unauthorised disclosure or loss of personal information. When a breach occurs, an organisation should contain the breach and take remedial action.

Leave a Reply





Verified by MonsterInsights