8 Apr 2021

Australian Red Cross Blood Service General Enterprise Agreement Victoria 2017

Author: admin | Filed under: Uncategorized, the ARCBS website was managed by an independent IT contractor, Precedent Communications Pty Ltd (Precedent). On August 7, 2017, the Australian Information and Privacy Commissioner (Commissioner) published its findings on a data outage by the Australian Red Blood Service (ARCBS). As a result, the Commissioner found that while ARCBS` personal data protection has been strong, it does not take appropriate measures to protect personal data stored on in violation of APA 11.1. On September 5, 2016, an employee of a previous employee accidentally placed a database file containing sensitive private information on approximately 550,000 potential blood donors on a publicly accessible web server. ARCBS has not taken appropriate steps to no longer be used or permanently de-intend the necessary personal data, in violation of the APP11.2 application. Victoria Workers` Compensation Act does not limit personal injury such as Collins v Smith (Human Rights) [2015] VCAT 1992 Introduction The Victorian Civil and Administrative Court (the… Although ARCBS did not physically retain the personal data in the data file, it retained ownership of the data in accordance with the terms of its contract with Precedent. The Commissioner therefore found that the precedent and ARCBS contained data and that both organizations had information protection obligations in accordance with APA 11.1. On October 27, 2016, the Commissioner opened an investigation into the incident under the Data Protection Act. Despite the findings of the offence, ARCBS was not sanctioned. The Commissioner was satisfied that the measures taken to remedy the data breach were likely to remedy the data breach and accepted an enforceable obligation to review certain measures within a specified time frame. Australian Information and Data Protection Commissioner – Companies need to ensure they take appropriate precautions when it comes to data management, even when using information from a third party of IT providers.

Similarly, No sanctions were imposed on Precedent, as it also proposed appropriate measures to improve its protection of personal data and provided an enforceable obligation to implement these measures. The Commissioner found that ARCBS did not violate APA 6 because it did not disclose the data; what was done by a previous staff member and occurred without the permission or direct involvement of ARCBS. APP 11.1 specifies that a company must take appropriate measures to protect the personal data it holds from abuse, interference and loss, as well as from unauthorized access, modification or disclosure. Serious or repeated data breaches can result in fines of up to $1.7 million for businesses and fines of up to $340,000 for individuals. Although the publication was fortuitous, Precedent was found to be a violation of APP 6.1. The Commissioner noted the absence of The measures taken by Precedent to protect personal and informal individuals, given that the online data was used for testing in the user Acceptance Testing (UAT) environment, partly available to the public, if the model data was sufficient. Entities regulated by the Data Protection Act and relocating their information technologies must carefully consider the adequacy of the IT provider`s security measures and practices and ensure that contractual terms with the company made available clearly clarify the security of companies` information and provide for control measures to mitigate risks.

Comments are closed.