When it comes to data management and privacy, many businesses today are grappling with the ever-present danger of cybercrime. However, a recent data breach in NSW, illustrates that the proper maintenance and disposal of paper records should also not be overlooked.
The discovery of 1000 medical records relating to 400 patients of an Aged Care facility left discarded in an abandoned building is possibly one of the largest privacy breaches of its kind in Australian history. The records included highly sensitive information about former patients; medical conditions, accidents, treatments and even behaviours.
While NSW Health maintains that the building had been illegally accessed, sources from the ABC investigation which broke the story assert that the site was not secured and had been ‘accessed repeatedly by members of the public’. A spokesperson from NSW Health has stated that if it is found that any file notes have been inappropriately stored, individuals and their families will be contacted to apologise.
The breach is alarming for the public and holds the stuff of nightmares for businesses. It’s a stark reminder that personal data must be destructed promptly, securely and auditably.
Under the Privacy Act 1988 (the Act), you must take reasonable steps to protect personal information from unauthorised access, modification or disclosure and also against misuse, interference and loss. You must also take reasonable steps to destroy or de-identify personal information when it is no longer needed for any purpose permitted under the Act. This applies to data kept as paper copies, as well as data on any computer storage or media.
To avoid breaches like this one, make identifying data which is no longer required part of your normal business processes. Confidential Shredding Co can help your business dispose of it professionally and securely. We issue you a Certificate of Destruction upon completion, providing you with auditable evidence of compliance.
Call us on 1300 788 719 for a free no obligation quote or click here to order online.
For more information about your obligations, grab the Office of the Australian Information Commissioner’s Guide to Securing Personal Information here.