Privacy Law

Australian Privacy Principle 11 — Security of Personal Information

11.1 If an organisation holds personal information, it must take whatever reasonable steps it can to protect the information from:


  • misuse – use for a purpose not permitted by the Privacy Act (See APP’s 6, 7 & 9),

  • interference – hacking or suchlike leading to exposure of the information

  • loss –loss of information, either physically or electronically, through theft, damage, accident, etc.

  • unauthorised access – persons not authorised can include employees, contractors and any external party such as a hacker....