Heartbleed bug

The Heartbleed bug has put personal information held on many systems running OpenSSL at risk.

The Office of the Australian Information Commissioner (OAIC) reminds all entities covered by the Privacy Act that they must take reasonable steps to protect the personal information they hold.  

Part of those obligations would include regularly monitoring the operation and effectiveness of their ICT security measures to ensure that they remain responsive to changing threats and vulnerabilities and other issues that may impact the security of any personal information they hold.

Where a vulnerability has been identified, patches and software upgrades should be rolled-out as soon as possible.

Once organisations have patched the Heartbleed vulnerability, the OAIC strongly encourages them to assist their users to change their passwords.

Changes to privacy law

Content found in this section or on this page may no longer reflect the current law.

> Read more: Privacy law reform

Share this page

Protecting information rights — advancing information policy