Updated privacy guide - Reasonable Steps

The Office of the Australian Information Commissioner (OAIC) has released an updated Guide to securing personal information: Reasonable steps to protect personal information.

They advise that the ‘Guide to securing personal information’ (Guide) provides guidance on the reasonable steps entities are required to take under the Privacy Act 1988 (Cth) (Privacy Act) to protect the personal information they hold from misuse, interference, loss, and from unauthorised access, modification or disclosure. It also includes guidance on the reasonable steps entities are required to take to destroy or de-identify personal information that they hold once it is no longer needed (unless an exception applies)."

Given that dental practices maintain health records, and these are considered 'sensitive' under the Privacy Act, special care is required to observe the Australian Privacy Principles.    

While the guide is not legally binding, the OAIC recommends it as a model for better personal information security practice. They also note that "the Office of the Australian Information Commissioner (OAIC) will refer to this guide when undertaking its Privacy Act functions,
including when investigating whether an entity has complied with its personal information security obligations (s 40) or when undertaking an assessment (s 33C)."