Australian Privacy Commissioner takes expansive view of jurisdiction in Ashley Madison case

Many regulators take an expansive view of their remit, and the Australian Privacy Commissioner has acted in this way in the Ashley Madison case. The Ashley Madison data security breach attracted enormous publicity worldwide, when details of approximately 36 million subscribers were published by hacktivists operating under the monicker “The Impact Team”. The company that read more...
Subjects: Privacy

Lessons to be learned from the OAIC’s security assessment of St Vincent’s Hospital

Authors: Michael Swinson (Partner) and TJ Saw (Solicitor) Last month the Office of the Australian Information Commissioner (OAIC) issued a privacy assessment report of St Vincent’s Hospital Sydney Limited (St Vincent’s).[1] The Privacy Commissioner has the power to carry out assessments under section 33C of the Privacy Act in order to determine whether an organisation read more...

Privacy Commissioner awards damages

In a rare example of the Commissioner making a determination under the Privacy Act, Aerocare Pty Limited has been found liable to compensate an airline passenger for the manner in which they collected and disclosed sensitive health information about the passenger in an airport departure lounge. The facts and determination Aerocare was acting as a read more...
Subjects: Privacy

OAIC releases privacy ‘better practice guide’ for mobile app developers

The Office of the Australian Information Commissioner (OAIC) has been busy of late.  As well as releasing the second stage of its Draft Australian Privacy Principles Guidelines for consultation in late September, it recently sent an open letter to Facebook, which we posted about here. However, it’s not very often that we see regulators encouraging the read more...