Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

We respect your Do Not Track preference.

Your responsibilities

Three brown filing boxes are sitting on a white table with a person's hands rifling through them. In the foreground there is a cube of beige post it notes and a cup of coffee.Case notes are a great way to learn about privacy by understanding how others have responded to a breach. We anonymise them and explain what happened and what outcomes there were.

Disposing of personal information

Organisations must not keep personal information for longer than they need it. If your organisation is finished with personal information, you must dispose of it securely to avoid a privacy breach.

Loss and theft of personal information

Physical security is an important part of protecting personal information, whether it’s in a paper file or a on device such as a laptop or smartphone. Sometimes it’s necessary to take personal information out of the workplace, but it does increase the risk of it being lost or stolen.

Sending personal information to the wrong recipient

This is the type of breach that agencies most commonly report to us. Always double-check that the address is correct before you send information and have other systems in place that will help prevent or mitigate a breach.

Disclosing personal information inappropriately

Under the Privacy Act, organisations cannot disclose personal information unless a specific exception applies. Disclosing information when an exception doesn’t apply can lead to a privacy breach, even if it was unintentional.

Storage and security

Organisations have an obligation to store personal information securely. System errors, scams and employee browsing can all lead to a security failure.