Guide to securing personal information update

22 February 2021
Tags: Closed

This consultation is closed. The deadline for submissions was Friday 12 March 2021.

Background

The OAIC is updating its Guide to securing personal information.

The guide provides advice on the reasonable steps entities are required to take under the Privacy Act 1988 to protect personal information from misuse, interference, loss, and from unauthorised access, modification or disclosure. It also includes guidance on the reasonable steps entities are required to take to destroy or de-identify personal information that they hold once it is no longer needed.

The guide is intended for entities covered by the Privacy Act, including organisations, Australian Government agencies, credit reporting bodies, credit providers and tax file number recipients. However, the guide may also be relevant to organisations not subject to the Privacy Act as a model for better personal information security practice.

The OAIC is initially seeking comments from interested stakeholders on the existing guide. You will also have an opportunity in late 2021 to review and provide feedback on the updated guide prior to its finalisation.

Read the current Guide to securing personal information

Purpose of consultation

To inform the development of an updated guide, the OAIC is seeking comments from interested stakeholders on:

  • how the guide could be improved
  • any additional topics or areas you would like to see covered
  • whether the guide provides adequate information on technical issues involving information security.

Consultation questions

To assist you in preparing comments for this consultation, the OAIC has prepared the questions below, which are intended to stimulate comments and reflections on the current guide.

They are not intended to limit the issues that may be raised. You may wish to respond to some or all questions, or to raise other issues related to the current guide.

  • Is the guide clear, relevant and practical?
  • Does the guide meet the needs of entities in understanding their information security and privacy obligations?
  • Are there any topics that you believe the guide should cover that have not been covered, or should be covered in greater detail?
  • Are there topics that you believe would benefit from visual representation, such as the use of graphics, flow charts or diagrams?
  • Are there topics that you believe would benefit from case studies?
  • Are there any other ways the guide could be enhanced?

How to provide comments

Comments can be made by:

Email:

gspiupdate@oaic.gov.au

Post:

GPO Box 5218
Sydney NSW 2001

The closing date for comments is 5pm Friday 12 March 2021

Although you may send your comments by email or post, email is preferred.

Requests for access to confidential comments will be determined in accordance with the Freedom of Information Act 1982.

Privacy collection statement

The OAIC will use the personal information it collects in the course of this consultation for the purpose of updating the guide and our ongoing engagement with you.