As the OPC noted, any organization that holds large amounts of PI must have safeguards appropriate to the sensitivity and amount of
information collected, supported by an
adequate information security
governance framework that is often reviewed and updated, to ensure practices appropriate to the risks are consistently understood and effectively implemented.
This article is a reminder to all organisations covered by the Privacy Act to have
adequate measures in place to protect
information security and to have a privacy
governance framework in place.