Skip to main content
Skip to secondary navigation
Australian Government - Office of the Australian Information Commissioner - Home

Information security is now the major issue affecting consumer privacy

Marking the start of Privacy Awareness Week 2013, 190 privacy professionals gathered this morning to hear about information security and privacy issues, and significant privacy reforms due to commence in March 2014.

The Federal Attorney-General the Hon Mark Dreyfus QC MP launched Privacy Awareness Week 2013 with the release of the OAIC’s new Guide to Information Security: ‘Reasonable steps’ to protect personal information.

The Australian Privacy Commissioner, Timothy Pilgrim, said that 100% of the high profile investigations he completed in 2011–12 involved data security issues.

‘Information security is clearly a significant privacy issue and has emerged as a major challenge for us all. These incidents tell us that ‘privacy by design’ is essential. Organisations need to build privacy into business as usual practices and new projects,’ Mr Pilgrim said.

‘With the steady increase in the collection of personal information in the online environment and the reliance on electronic and online records, businesses and government agencies cannot ignore the need to take steps to protect the personal information of their customers or clients. This is critical to meet the current requirements of the Privacy Act 1988 as well as new requirements due to commence in less than 12 months’.

Attendees also heard from information security experts Mr Stephen Wilson, Managing Director of the Lockstep Group and Gary Blair, Executive General Manager, Enterprise Privacy, Identity & Cyber, Commonwealth Bank of Australia.

‘What we have heard today is that there is a very compelling business case to be made for privacy. If an organisation mishandles the personal information of its clients or customers, the consequences are not simply legal and regulatory. There are the serious financial costs incurred due to remediation and potential significant financial loss due to diminished corporate reputation and reduced consumer trust,’ Mr Pilgrim said.

This is confirmed in a recent survey conducted by McAfee of 500 respondents which found that the two largest repercussions of a data breach feared by companies were reputation damage and loss of customer trust (both at 68 per cent). Smaller but still noteworthy issues were financial penalties (50 per cent) and the cost of remediation or repair (37 per cent).

The OAIC’s Guide to information security will help agencies and private sector businesses to comply with the information security requirements under the Privacy Act. The Guide is not binding but it sets out the Office of the Australian Information Commissioner’s expectations about what information security measures organisations should be taking.

Privacy Awareness Week (28 April — 4 May 2013) is the primary privacy awareness and education event in the Asia Pacific region. For more information see:

Media contact:     Ms Leila Daniels     0407 663 968