OAIC to update privacy guidance for NFPs
The OAIC is updating its guidance for charities and other not-for-profits on protecting privacy. The updated guidance will include discussion of the sector’s obligations under the Privacy Act when engaging third-party providers, which is particularly relevant in the wake of the Pareto data breach. Areas covered include:
- being informed about how information will be collected, handled and stored
- conducting periodic reviews of arrangements
- ensuring the third party deletes any personal information at the end of the contract term.
The updated guidance, which will be available soon, underlines that organisations need to ensure they are satisfied that vendors have appropriate processes in place to protect personal information and comply with any obligations they have under the Privacy Act.
Taken from the Office of the Australian Information Commissioner Information Matters Newsletter on August 28, 2024.