New Practical Law Commercial resource: Legal update, Privacy Determination: Uber failed to take reasonable steps to protect privacy of 1.2 million Australians following cyberattack
Legal update: case report, Privacy Determination: Uber failed to take reasonable steps to protect privacy of 1.2 million Australians following cyberattack considers the determination in Commissioner Initiated Investigation into Uber Technologies, Inc. & Uber B.V. (Privacy) [2021] AICmr 34, where the Australian Information Commissioner and Privacy Commissioner determined that Uber Technologies, Inc. & Uber B.V. (Uber Companies) breached the Privacy Act 1988 (Cth) by failing to take reasonable steps to protect the personal information of over 1.2 million Australians after a 2016 cyberattack. It was also found, following the Commissioner's investigation under section 40(2) of the Privacy Act, that the Uber Companies had failed to take reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles. The determination is an important reminder for all APP entities of the importance of being able to demonstrate compliance with the Australian Privacy Principles through the implementation of appropriate policies and procedures such as data breach response plans, data security programmes and data retention policies.
Practical Law Australia’s expert legal writers have practical expertise gained from some of the country's leading law firms and corporate legal departments, including Ashurst, Baker & McKenzie, Gilbert + Tobin, Herbert Smith Freehills, the Australian Broadcasting Corporation (ABC) and more. They understand the pressure to deliver timely and cost effective legal advice, which is why Practical Law’s fully maintained practice notes, precedents, drafting notes and checklists offer clear and concise know-how with a practical perspective.
For more information on Practical Law Australia’s legal writing team, visit legal.thomsonreuters.com.au/practical-law-team