Statement regarding reported health data breach in Western Australia
The Office of the Australian Information Commissioner (OAIC) is making urgent preliminary inquiries about the facts and circumstances of the reported data breach of patient information in Western Australia.
The Federal Privacy Act covers private health providers, organisations with an annual turnover of more than $3 million and most Australian Government agencies. It does not generally cover Western Australian State Government Departments.
An entity regulated by the Privacy Act must take reasonable steps to protect personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
The OAIC publishes information for entities covered by the Privacy Act about data breach preparation and response. It also has published a submission to the Western Australian Government regarding privacy and responsible information sharing for the Western Australian public sector.