OAIC and OPC are committed to conducting a thorough and comprehensive investigation
The Office of the Australian Information Commissioner (OAIC) and the New Zealand Office of the Privacy Commissioner (OPC) have initiated a joint investigation into the personal information handling practices of the Latitude group of companies (Latitude). This collaborative effort comes in response to preliminary inquiries conducted by both offices and marks the first joint privacy investigation between Australia and New Zealand. The decision to investigate together reflects the impact of the data breach on individuals in both countries.
By joining forces, the OAIC and OPC aim to make efficient use of their resources and minimize the regulatory burden on Latitude. It is important to note that this joint investigation does not preclude the OAIC and OPC from reaching separate regulatory outcomes or making independent decisions regarding the most appropriate regulatory response to the breach.
The OAIC’s investigation will primarily focus on determining whether Latitude took reasonable measures to safeguard the personal information it held against misuse, interference, loss, unauthorized access, modification, or disclosure. Additionally, the investigation will examine whether Latitude took adequate steps to destroy or de-identify personal information that was no longer necessary.
Should the investigation uncover any breaches of the Australian Privacy Principles by Latitude, the Australian Information Commissioner and Privacy Commissioner may issue a determination. This determination could include requiring Latitude to implement measures to prevent the recurrence or continuation of the identified act or practice, as well as providing redress for any loss or damage caused. In the event of serious and/or repeated interferences with privacy in violation of Australian privacy law, the Commissioner holds the authority to pursue civil penalties through the Federal Court, which could amount to up to $US50 million for each contravention.
Both the OAIC and OPC are committed to conducting a thorough and comprehensive investigation to ensure the protection of individuals’ personal information and the enforcement of privacy standards. This joint effort underscores the collaborative approach of the Australian and New Zealand privacy regulators in addressing cross-border privacy breaches and upholding the rights and privacy of individuals.
