Australian Privacy Principle 11 — Security of Personal Information
11.1 If an organisation holds personal information, it must take whatever reasonable steps it can to protect the information from:
misuse – use for a purpose not permitted by the Privacy Act (See APP’s 6, 7 & 9),
interference – hacking or suchlike leading to exposure of the information
loss –loss of information, either physically or electronically, through theft, damage, accident, etc.
unauthorised access – persons not authorised can include employees, contractors and any external party such as a hacker....
ORDER FOR FULL TEXT.