The Office of the Australian Information Commissioner (OAIC) is conducting a public consultation and is seeking comments on a draft Guide to information security: Reasonable steps to protect personal information.
The guide is aimed at government agencies and the private sector and will cover the reasonable steps that entities have to take under the Privacy Act 1988 (Cth) to protect the personal information that they hold from misuse, loss and from unauthorised access, modification or disclosure. It is also relevant to credit reporting agencies (CRAs), credit providers and tax file number (TFN) recipients.
The guide also includes steps and strategies that entities should consider taking in order to secure personal information including:
•IT security
•data breaches
•physical security
•personnel security
•the information life cycle
•workplace policies
•communications security
•standards
Although it will not be binding, the OAIC will refer to the guide when assessing an entities compliance with its information security obligations in the Privacy Act.