The OAIC has a memorandum of understanding (MOU) with the Australian Customs and Border Protection Service (ACBPS) to conduct one privacy assessment each year of an aspect of ACBPS’s handling and use of Passenger Name Record (PNR) data. The MOU also has regard to an agreement between the Australian Government and the European Union (EU) for the provision of PNR data.
In 2013-14, the OAIC’s privacy assessment focussed on the handling of PNR data (including data sourced from the EU) by the ACBPS Melbourne International Airport Operations Room. The assessment looked at whether ACBPS was handling PNR data in accordance with the requirements of Australian Privacy Principle (APP) 11.
APP 11 deals with the security of personal information. Under APP 11, an APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
The assessors conducted the fieldwork component of the assessment on 29 May 2014 at Melbourne International Airport. Generally, assessors considered that the Melbourne International Airport Operations Room is maintaining PNR data in accordance with its APP 11 security obligations.
The assessors did identify some privacy risks in relation to ACBPS’s handling of PNR data and made three recommendations in relation to these. A recommendation is a suggested course of action or a control measure that, if put in place by the agency, will (in the opinion of the OAIC) minimise the risks identified around how personal information is handled against the relevant criterion. ACBPS accepted all three recommendations.
The assessment report was finalised on 13 January 2015.
At the request of ACBPS, the finalised assessment report will not be published on the OAIC’s website due to the operational sensitivity of the content of the report.
Was this page helpful?
If you would like to provide more feedback, please email us at firstname.lastname@example.org