Australian Privacy Foundation home

The association that campaigns for privacy protections

Information Security

APF Policy Statement on Information Security

Organisations hold a great deal of personal data. All of it is at least to some degree sensitive, and some of it highly so. Inappropriate handling of personal data represents a threat variously to the safety, wellbeing and peace of mind of the people it relates to. Primary privacy concerns are in the areas of unauthorised use and disclosure of data, with other issues including loss of data and threats to data integrity. Personal data needs the same level of care as financial information.

The privacy interest shares a great deal of common ground with organisations' own needs for protection of data of financial and competitive value, with commercial confidentiality, and with government and national sovereignty desires for the protection of sensitive data.

Information and Information Technology Security are well-established fields of professional endeavour, supported by a substantial array of products and services and a busy industry.

Organisations have moral and legal obligations to apply the available knowledge and to thereby ensure privacy protection. This applies to:

The following, specific obligations exist, must be recognised by organisations throughout the public and private sectors, and must be enforced by regulatory agencies.

Security Governance

All organisations have obligations to:

Resources to guide and support these activities include:

Security Safeguards

All organisations have obligations to establish and maintain a sufficiently comprehensive set of information security safeguards in the following areas, commensurate with the sensitivity of the data:

Resources to guide and support the design and implementation of effective safeguards include:

Sanctions

All organisations, and individuals within organisations, must be subject to sanctions where they fail to fulfil their information security obligations.

Sanctions must exist, and must be applied, at all of the following levels:


APF thanks its site-sponsor:     Hosted by GoWeb image This web-site is periodically mirrored by
the Australian National Library's Pandora Archive
and by the Wayback Machine since March 2000

Created: 20 December 2012 - Last Amended: 4 January 2013 by Roger Clarke - Site Last Verified: 11 January 2009
© Australian Privacy Foundation Inc., 1998-2016  -   Mail to Webmaster
Site Map   -   This document is at http://www.privacy.org.au/Directory/Page.html  -   Privacy Policy