Whilst privacy is in a general sense, a “motherhood” principle, privacy breaches which involve financial, health or sensitive personal information of customers can result in reputational damage as well as being in breach of the Privacy Act.

Following reports on smh.com.au that the personal details of millions of Vodafone customers, including their names, home addresses, driver’s licence numbers and credit card details, have been publicly available on the internet, the Australian Privacy Commissioner, Mr Timothy Pilgrim, has announced he will investigate the allegations.

In response Vodafone has announced that while customer records are not publicly available or stored on the internet and credit card details held in its database are securely protected, the employment of a number of staff members has been terminated and Vodafone has contacted the NSW Police while its investigation continues.

It has also undertaken a review of IT systems security, processes and training and that while that review is ongoing, a number of recommendations have been implemented and others are planned for shortly.

The Australian Privacy Commissioner’s “Guide to Handling Personal Information Security Breaches“ is a voluntary guide for use by businesses, agencies and non-government organisations in preventing and, if necessary, responding to a data breach.