The recent data breaches involving Optus and Telstra highlight the potential risks facing businesses and entities that collect and store personal information.
Where entities employ individuals, those entities are required by law to collect and keep various forms of personal information relating to their employees. Such information can include employees’ contact information, health information, banking details, and tax file numbers.
For NSW state public sector and local government entities, the obligations relating to the collection, retention, use and disclosure of personal information are set out in the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act). [...]
