Written by Alec Christie and Reyhaneh Saadati

The Office of the Australian Privacy Commissioner has released its new Guide to Information Security: Reasonable Steps to Protect Personal Information.

The Guide aims to assist Australian businesses and those carrying on business in Australia to “take reasonable steps” to protect the personal information they hold in light of the country’s increasingly strict privacy laws.

In terms of compliance, there is no doubt the Guide raises the bar. To be regarded as having “taken reasonable steps” to secure the personal information that they collect, companies will have to do more across a broad swathe of areas – governance, cybersecurity, physical security, data breaches and personnel training among them.

Notably, press releases accompanying the release of the Guide warned that “information security is now the major issue affecting consumer privacy,” and that 100 percent of the high-profile investigations completed by the Australian Privacy Commissioner in 2011-2012 involved data security issues. Our experience confirms the current general lack of awareness among Australian businesses of their information security obligations under the Privacy Act.

Learn more about the Guide and about Australia’s evolving privacy regime.