On Friday the Privacy Commissioner published its Guide to mandatory data breach notification in the PCEHR system.

It provides:

1. Introduction

The PCEHR system and breach notification

The Personally Controlled Electronic Health Record (PCEHR) system, established by the Personally Controlled Electronic Health Records Act 2012 (PCEHR Act), is designed to facilitate access, by the consumer and treating healthcare providers, to a summary of health information about an individual. The information is drawn from a number of different sources with individuals controlling what information is included on their record and who may access it. Read the rest of this entry »

Timothy Pilgrim in a speech Office of the Australian Information Commissioner — Update delivered on 1 September 2015 to the New South Wales Government Solicitors conference in Sydney gave some insight into the role  and future of the Office of the Information Commissioner.  It is a subject of some debate and Read the rest of this entry »

The Attorney General, George Brandis, today announced the reappointment of Timothy Pilgrim as Australian Privacy Commissioner.  The appointment is for 12 months from 19 October 2015.  The timing is Read the rest of this entry »

The Privacy Commissioner has announced an investigation into the widely reported likely breach of iiNet.  Notably the breach occurred during the period in which the Privacy Commissioner has enhanced powers, that is after 12 March 2014. The sanctions can be significant, including Read the rest of this entry »

When Adobe suffered a data breach on 3 October 2013, or at least announced knowledge of a data breach, it was regarded as a totemic event.  Since then there have been breaches which have pushed the Adobe breach into the more mundane category. It affected the accounts of hundreds of thousands of Australians.  The data breach and notification by Adobe occurred Read the rest of this entry »

The Privacy Commissioner has released the last tranche of draft guides:

• Chapter 2 – Privacy Complaint handling process,
• Chapter 5 – Determinations,
• Chapter 6 – Injunctions.

The draft chapters are open for consultation until Read the rest of this entry »

 The Privacy Commissioner has found that Telstra Corporation Ltd (“Telstra”) has breached National Privacy Principle 6.1 in failing to provide to the applicant, Ben Grubb (“Grubb”) access to his personal information in Ben Grubb v Telstra Corporation Limited [2015] AICmr 35.

FACTS

On 15 June 2013 Grubb sought access Read the rest of this entry »

The Privacy Commissioner has released 3 international money determinations Read the rest of this entry »

The Privacy Commissioner has just posted his most recent speech, titled Privacy Governance to the iappANZ on 11 February 2015.  The Commissioner’s prose tends to the general and intentions and directions, when voice, are couched in such opaque terms that it would be easier to Read the rest of this entry »

The Privacy Commissioner has issued a statement titled Global privacy authorities urge app marketplaces to make links to privacy policies mandatory. The laxity in privacy protections and compliance with data protection laws, including proper privacy policies and consents have been a long standing concern.  The Federal Trade Commission has been active in Read the rest of this entry »