The Office of the Australian Information Commissioner has released for public consultation a revised version of the Guide to information security: ‘Reasonable steps’ to protect personal information.

The revised guide provides information on the reasonable steps entities are required to take under the amended Privacy Act 1988 and the Australian Privacy Principles (especially APP 11) to protect the personal information they hold from misuse, interference and loss, and from unauthorised access, modification or disclosure.

It also provides examples of strategies which may be reasonable for an entity to take to manage the following:
• Managing the information life-cycle
• governance
• ICT security
• access security
• data breaches
• physical security
• personnel security and training
• destruction and de-identification
• internal practices, procedures and systems
• standards.