Australian Watchdog Accepts Data Protection Commitments from Oxfam After Data Breach
The Office of the Australian Information Commissioner accepted an enforceable commitment by non-profit Oxfam Australia arising out of a February 2021 data breach that resulted in the loss of up to 1.7 million Oxfam records, the OAIC announced. The acceptance of Oxfam's commitments isn't a finding that the organization breached the Privacy Act nor the Australian Privacy Principles, but "rather highlights the need for charities and not-for-profits to remain vigilant and follow responsible privacy practices," the office said.
Sign up for a free preview to unlock the rest of this article
Oxfam will take several actions, including not storing certain personal data for longer than seven years, implementing password security controls, and using privacy threshold assessments for projects that involve handling personal information for testing purposes, the OAIC said.