With the results of the Ashley Madison investigation now available, it’s important for all businesses to recognise that the personal information they collect is one of their biggest assets — and if breached, has the capacity to cause irreparable reputational damage, and significant cost.
‘The enforceable undertakings entered into by Avid Life Media (owners of the Ashley Madison website) are a positive approach to improving privacy practices,’ said Australian Privacy Commissioner, Timothy Pilgrim.
‘But the impact of this incident reinforces what my office has stressed for some time — that privacy is not a bolt on accessory; it needs to be integrated into businesses and products by design.’
Businesses handling personal information should adopt clear and appropriate processes, procedures and systems to handle information security risks. Especially, when the personal information is sensitive in nature and could cause significant reputational or other harms to individuals.
As a result of this joint Australian and Canadian investigation, Ashley Madison must now take the following legally binding steps to ensure compliance:
- enhance privacy safeguards.
- amend information retention practices.
- improve information accuracy.
- increase transparency.
Further information on handling personal information is available in our guides.
You can read about the details of the Ashley Madison investigation in the final report.
 ‘Sensitive information’ is a subset of personal information within the Australian Privacy Act 1988. Further details are available in the APP guidelines.
Was this page helpful?
If you would like to provide more feedback, please email us at email@example.com