As part of the undertaking, CBA now has 90 days to develop and submit to the OAIC a work plan and timetable of work to meet address its privacy obligations, including a review of its policies, procedures and data retention standards, while also providing staff training to ensure compliance.
“CBA must also assess its IT services and systems to make sure it takes appropriate steps to control access to customers’ personal information,” the OAIC said.
Australian Information Security Incident Reported: February 06 2019
Bunnings has confirmed it notified the Office of the Australian Information Commissioner of a data breach, after an individual staffer set up an employee performance monitoring database on his home computer and exposed it to the internet.
The database also contained log in credentials for staff and developers, some in plan text, he added.
Furthermore, contact details of 1194 customers were exposed, including email and physical addresses, and phone numbers.
Australian Information Security Incident Reported: January 22 2019
A former Sydney police officer is facing up to a year in jail after he took intimate images from an arrested woman’s phone and sent them to fellow officers on Facebook.
The woman was taken back to the station and to police cells.
At the time of her arrest, the woman’s phone was seized and it was examined using police investigative software.
Albee examined the photos at the police station then uploaded two to a Facebook group chat with four other serving police officers, which they used to chat while off-duty.
Australian Information Security Incident Reported: December 20 2018
A Big W worker accidentally leaked the personal information of 32 people earlier this year when repairing a printer for a customer, Office of the Australian Information Commissioner (OAIC) disclosures reveal.
The Woolworths-owned discount department store has admitted to an extraordinary instance of human error where an employee enclosed confidential information within a pile of test print-outs provided to a customer to show their printer was fixed.
The document contained the names, addresses and a form of ID for over two-dozen people.
Australian Information Security Incident Reported: December 19 2018
WA’s biggest health insurer has admitted to a privacy breach that led to the private addresses of psychologists being published on a TripAdvisor-style healthcare website.
HBF said this week that it had notified the Office of the Australian Information Commissioner and written to more than 7000 psychologists after realising it had provided some personal addresses to the online directory Whitecoat.
Australian Information Security Incident Reported: December 03 2018
The Commonwealth Bank is urgently investigating a potential data breach that may have given its staff access to customers’ sensitive medical information.
Medical information supplied by an unknown number of customers to CommInsure was made available to other arms of the bank, including to staff who decide whether to approve or decline loan applications.
